First access-control finding is free.
Find your first access-control vulnerability. The proof is free.
ARGUS logs in as every role, maps reachable endpoints and objects, and returns reproducible proof packets your team can fix. If the tested boundaries hold, you still get an evidence report showing exactly what stayed locked.
Role-by-role coverage
Every tested user is mapped against routes, objects, and privileged functions so the report shows the boundary, not just the endpoint.
Allowed, restricted, violated
The artifact separates expected access from held restrictions and real bypasses, which keeps false positives out of engineering queues.
Replay-ready proof
Each validated issue carries the session, request, response, expected authorization, and exact steps needed to reproduce the break.
ARGUS early access
Join the ARGUS waitlist.
Tell us where to reach you. We will email you a confirmation and follow up when the next authorized scan group opens.
Every app has access-control logic. Most tools test around it.
A broken boundary rarely looks like an exploit string. It looks like the wrong user getting the right-looking 200 OK. That is why A01 keeps showing up.
Watch the launch film.
Fifty-six seconds on why access control breaks — and what the proof looks like when ARGUS finds it.
Three exhibits your team can replay.
If ARGUS finds broken access control, the first proof packet is free. Each packet shows the actor, boundary, request evidence, expected result, actual result, and exact steps to reproduce.
User jim retrieved invoice inv_1042, which belongs to another account, and received a 200 OK with names, line items, and billing metadata.
GET /api/invoices/inv_1042 HTTP/1.1
Authorization: Bearer <jim>
→ 200 OK { "owner": "mira", "total": 847.20, "items": [ … ] }
| mira · invoice owner | GET /api/invoices/inv_1042 → 200 OK |
| jim · different user | GET /api/invoices/inv_1042 → 200 OK ✗ expected 403 |
- Authenticate as
jimand collect reachable invoice ids. - Replay
/api/invoices/inv_1042, an invoice owned bymira. - Confirm the response returns another user's content instead of denying access.
Twenty-five specialist agents, organized by flaw family.
The Brain does not guess alone. It dispatches focused probes for object access, role boundaries, token abuse, and state-changing paths, then turns the evidence into a report.
Every specialist action is recorded to a redacted evidence ledger — the source of truth for replay steps, suppression decisions, and the final report.
Safe by default. Authorized use only.
ARGUS is built to be pointed at systems you own or are cleared to test. Risk rises only as you opt into it.
Findings are evidence-graded and suppressed when the authorization context is contaminated or the evidence is weak. ARGUS deliberately under-claims — a CWE is reported as a candidate tag, never as guaranteed root cause.
real chromium via playwright·python 3.12·openai + anthropic (openrouter)·owasp a01:2025·~45 cwes mapped·benchmarked on owasp juice-shop·deterministic replay
Find your first access-control vulnerability. Get the proof packet free.
Join the waitlist for the next authorized scan group. Get the first proof packet if ARGUS finds a real issue, or a clean evidence report if the tested boundaries hold.