Automated Penetration Testing. No Consultant Fees.

Both plans include every platform capability: external attack surface penetration testing, internal network penetration testing, web application vulnerability scanning, security posture assessments, NIST CSF mapping, and professional analyst-reviewed PDF reports. The only difference is volume. Standard gives you 10 runs per test type per month. Unlimited removes all run caps.

Annual plans bill as a single upfront payment and save you 20% compared to the monthly rate. Standard Annual: $159/month equivalent ($1,908/year, saving $480 vs. monthly). Unlimited Annual: $239/month equivalent ($2,868/year, saving $720 vs. monthly). Annual subscriptions are non-refundable after the cancellation window closes.

Four distinct test types are included in both plans: (1) External attack surface penetration testing — public-facing IPs, domains, ports, and services; (2) Internal network penetration testing via a lightweight agent deployed on your network; (3) Web application vulnerability scanning with OWASP Top 10 coverage; (4) Security posture assessments — structured governance and controls evaluation with NIST CSF mapping.

You deploy a lightweight agent on your internal network. It connects outbound over HTTPS — no inbound firewall changes required. From there it performs network discovery, host enumeration, Active Directory analysis, lateral movement simulation, and endpoint audits across Windows, Linux, and macOS systems. Results feed directly into your assessment report.

Reports are delivered at run completion — typically within 72 hours. There is no manual writeup queue. Every test run produces a structured PDF with confirmed findings, severity ratings, CVSS scores, remediation guidance, and an AI-generated executive summary reviewed by a certified analyst.

Yes. Risk72 reports generate the structured, evidence-backed documentation that cyber insurance underwriters require. The posture assessment report demonstrates your security controls across governance, access management, endpoint security, and incident response — the exact categories insurers evaluate. Many clients subscribe specifically to generate this documentation for applications and annual renewals.

Monthly plans can be cancelled at any time from your dashboard. Access continues through the end of the current billing period. Annual plans are billed upfront for the full year and are non-refundable after the cancellation window.

Risk72 performs continuous automated security testing with structured, human-reviewed outputs. For most small and mid-size organizations, it delivers significantly more coverage than a once-a-year manual pentest at a fraction of the cost. It is not designed for advanced adversarial red-team programs or custom bespoke enterprise engagements, but for the vast majority of businesses that have never been tested at all — it’s the right starting point.

No. Both plans are flat-rate subscriptions. No per-seat charges, no per-run fees, no add-on modules. The price you see is the price you pay. Every capability — all four test types, reporting, intelligence, NIST mapping — is included.