ARGUS waitlist open · first proof free
Autonomous access-control testing

First access-control finding is free.

Find your first access-control vulnerability. The proof is free.

ARGUS logs in as every role, maps reachable endpoints and objects, and returns reproducible proof packets your team can fix. If the tested boundaries hold, you still get an evidence report showing exactly what stayed locked.

access-map · roles × endpoints— nodes
role allowed restricted violation
3roles 8endpoints 3violations
01

Role-by-role coverage

Every tested user is mapped against routes, objects, and privileged functions so the report shows the boundary, not just the endpoint.

02

Allowed, restricted, violated

The artifact separates expected access from held restrictions and real bypasses, which keeps false positives out of engineering queues.

03

Replay-ready proof

Each validated issue carries the session, request, response, expected authorization, and exact steps needed to reproduce the break.

ARGUS waitlist

Every app has access-control logic. Most tools test around it.

A broken boundary rarely looks like an exploit string. It looks like the wrong user getting the right-looking 200 OK. That is why A01 keeps showing up.

test surface
static scanner
manual test
ARGUS
Who may use this route?
pattern inferred
sampled by tester
role-by-role replay
Which object belongs to whom?
usually invisible
spot checked
object ownership diff
Can the team reproduce it?
alert, no proof
notes and screenshots
proof packet: roles x endpoints x objects

Watch the launch film.

Fifty-six seconds on why access control breaks — and what the proof looks like when ARGUS finds it.

argus · launch-film.mp400:56 · sound on

Three exhibits your team can replay.

If ARGUS finds broken access control, the first proof packet is free. Each packet shows the actor, boundary, request evidence, expected result, actual result, and exact steps to reproduce.

EXHIBIT A · F-001 HIGH IDOR — cross-user content access CONFIDENCE 0.95

User jim retrieved invoice inv_1042, which belongs to another account, and received a 200 OK with names, line items, and billing metadata.

PROOF PACKET · CAPTURED REQUEST
GET /api/invoices/inv_1042  HTTP/1.1
Authorization: Bearer <jim>
→ 200 OK   { "owner": "mira", "total": 847.20, "items": [ … ] }
LISTING 1 · CONTRASTIVE AUTHORIZATION CHECK
mira · invoice ownerGET /api/invoices/inv_1042 → 200 OK
jim · different userGET /api/invoices/inv_1042 → 200 OK  ✗ expected 403
argus · campaign.log
  1. Authenticate as jim and collect reachable invoice ids.
  2. Replay /api/invoices/inv_1042, an invoice owned by mira.
  3. Confirm the response returns another user's content instead of denying access.
ARGUS campaign loop surface capture
ARGUS Eyes Brain Hands proof animation A GSAP animated SVG showing Argus collecting surface observations, reasoning through an access matrix, replaying a browser request, and producing a proof packet. DOM forms network log session state route index AccessMap projection roles x endpoints x observed outcomes admin user guest /admin /config /basket/1 /profile /orders RBACAgent IDORAgent routed https://target.example/admin Replay role: guest method: GET target: /admin response: 200 OK source baseline: admin 200 target replay: guest 200 Contrastive evidence admin fingerprint: 9f42a1 guest fingerprint: 9f42a1 body match: protected panel expected deny failed ARGUS proof packet contrastive proof Broken role boundary: /admin source role: admin -> 200 OK target role: guest -> 200 OK expected: deny guest evidence grade: confirmed confidence 0.91 redacted steps
01 - Eyes
ARGUS watches the app surface until routes, objects, and sessions become testable material.
surface + sessions

Twenty-five specialist agents, organized by flaw family.

The Brain does not guess alone. It dispatches focused probes for object access, role boundaries, token abuse, and state-changing paths, then turns the evidence into a report.

Object access
Function & role access
Token & session
Static, state-change & adjacent

Every specialist action is recorded to a redacted evidence ledger — the source of truth for replay steps, suppression decisions, and the final report.

Safe by default. Authorized use only.

ARGUS is built to be pointed at systems you own or are cleared to test. Risk rises only as you opt into it.

default Read-only & passive Observes and replays safe reads. No writes, no side effects. The mode you start in. mode ledger
--lab Reversible canary writes Controlled, marked writes to a system you've cleared — every mutation tracked for rollback. rollback ledger
--unsafe-lab Destructive & callback probes SSRF callbacks and state-changing probes, only on explicit allowlists. Metadata hosts always blocked. suppression gate

Findings are evidence-graded and suppressed when the authorization context is contaminated or the evidence is weak. ARGUS deliberately under-claims — a CWE is reported as a candidate tag, never as guaranteed root cause.

real chromium via playwright·python 3.12·openai + anthropic (openrouter)·owasp a01:2025·~45 cwes mapped·benchmarked on owasp juice-shop·deterministic replay

Find your first access-control vulnerability. Get the proof packet free.

Join the waitlist for the next authorized scan group. Get the first proof packet if ARGUS finds a real issue, or a clean evidence report if the tested boundaries hold.

View sample report
authorized targets only · clean report if nothing breaks