AIdamant

Automated white-box security assessments, powered by AI.

Point it at a codebase. Provide your architecture context. Get assessment-grade reports in hours, not weeks.

Get Your First Assessment Free See How It Works
$ aidamant init → recon → analyze → report
2–4 weeks

per engagement with a senior pentester full-time

€15–30K

per assessment, and quality varies analyst to analyst

0 context

most tools ignore architecture, WAFs, and risk acceptance

Organizations face a difficult trade-off: thoroughness vs. speed. Most choose speed, leaving gaps.

What exists today

  • SAST tools find code-level bugs
  • AI pentesters run exploits on live apps
  • Neither assesses security posture against a methodology

What's actually needed

  • Methodology-driven assessment
  • Architecture and business context as first-class inputs
  • Assessment-grade reports designed for client delivery

How It Works

Four commands. One comprehensive assessment.

1
aidamant init

Configure project, methodology, architecture & business context

2
aidamant recon

AI maps the codebase: stack, dependencies, attack surface

3
aidamant analyze

Assess every control, one by one, with full source-level analysis

4
aidamant report

Generate professional reports in HTML, Markdown, SARIF

The Feedback Loop

RECON.md

Reconnaissance output from the codebase scan, reviewable and refinable

ARCHITECTURE.md

Infrastructure diagrams, deployment topology, compensating controls

BUSINESS_CONTEXT.md

Risk acceptance decisions, business constraints, regulatory environment

"The first run produces results. Refine the context documents based on what you learn. The second run is dramatically better."

What You Get

Per-Control Assessment Breakdown

Executive Summary

Compliance verdict with high-level findings overview

Technical Findings

Detailed analysis with code references and evidence

Risk Assessment

Impact × Probability → Risk rating for each finding

Context-Aware Analysis

Compensating controls factored into verdicts

Remediation Guidance

Actionable steps to address identified issues

Standards References

Linked to OWASP ASVS, NIST, and relevant frameworks

Output Formats

📄

HTML

For stakeholders and client delivery

📝

Markdown

For documentation and version control

🔧

SARIF

For CI/CD integration (GitHub, GitLab)

"Standardized Impact × Probability matrix removes subjectivity. Results are comparable across projects, teams, and time."

Methodology

Choose your framework or define your own

TIER 1

Out of the Box

OWASP ASVS 5.0, NIST, CIS. Validated, excellent quality.

TIER 2

Custom Frameworks

Define in JSON. Encode institutional knowledge, pentest report patterns, security backlog priorities.

Coming Soon
TIER 3

CVE/CWE Extension

Auto-generate methodology from vulnerability databases. Freeform attack scenario builder for pentesters.

"AIdamant is only as good as what you ask it to assess. That's by design — it's a tool for security professionals who know what to look for."

Your code never leaves your network.

Trusted Customer

Receive the Docker image. Run it on-prem, VPC, airgapped, bare metal. Full control.

AWS Self-Service

ECR distribution, Lambda-scoped access. Deploy scripts, VPC config, Bedrock setup included. You control the data perimeter. IP protection works offline.

Model-agnostic: works with any OpenAI-compatible endpoint — Bedrock, Azure OpenAI, self-hosted models. You bring the model.

About

Security Architect

Co-Founder

15 years in security, 20 in software engineering. Dozens of assessments delivered. Recently completed a sovereign AI cloud project.

Security Engineer

Co-Founder

15 years in security engineering and pentesting. Participant in EU cybersecurity projects (ECHO, ACTING).

"We've done these assessments manually, for years. We built the tool we wished we had."

Get your first assessment free.

Let's discuss your security assessment needs.

Or email us directly at hello@aidamant.io