STATUS: OPERATIONAL

Autonomous Pentesting for everybody.

VORNAC performs penetration tests end-to-end without any human intervention – from target definition to audit-proof reporting.

Start a demo How it works

Built for compliance

NIS2 DORA VAIT BAIT KRITIS

Autonomous test

critical-webapp.company.com

running

Scope

Web API Infra

Current attack phase

Enumeration78%

Findings

7

Critical

2

ETA

18m

Next step

Exploit chain validation & reporting

Pentesting is too slow, expensive and impossible to scale.

Manual engagements are constrained by human availability, cost and variance in execution quality.

  • >90% of companies struggle to find qualified pentesters.
  • Typical engagements cost €10k–€25k per test.
  • Lead times often range from 6–12 weeks.
  • Results differ between testers and providers.
  • Reports are rarely structured for audits and regulators.

Market signal

New regulated companies by 2026

45.000+

Annual cybercrime damage

€203bn

Regulations like NIS2, DORA, VAIT, BAIT and KRITIS enforce regular, provable penetration testing. Manual models cannot keep up.

VORNAC is the world’s first fully autonomous Pentesting Agent.

An inference-driven system that plans, executes and documents penetration tests end-to-end – aligned with EU regulatory frameworks.

Truly Autonomous

VORNAC orchestrates enumeration, exploit attempts and attack path chaining without human intervention.

Compliance-ready reporting

Output is structured for NIS2, DORA, VAIT, BAIT and KRITIS audits, including CVSS, PoC and reproducible steps.

Scalable attack surface coverage

On-demand tests across web, API and infrastructure scopes, delivered as SaaS or on-prem inference.

How VORNAC works

From defining scope to downloading the final report – in three steps.

01

Define target & scope

Specify domains, IP ranges, endpoints and explicit scope boundaries. Attach regulatory context and test objectives.

02

Autonomous execution

VORNAC runs enumeration, composes exploitation strategies and continuously logs an audit trail.

03

Report & audit trail

Retrieve PDF and machine-readable JSON via the web interface, including CVSS, PoC details and segregated audit trail.

Your Pen-Test Command Center.

A web interface to plan tests, monitor status and download reports – while the heavy lifting runs in the background.

  • On-demand test scheduling per target.
  • Status overview: running, completed, failed, queued.
  • Report archive with versioned, signed and tamper-proof exports.
  • Audit trail viewer per test execution.

Scheduled tests

Execution overview

STATUS: running

critical-webapp.company.com

Scope: Web + API

CI pipeline

running

ETA 16m

vpn-gateway.bank.net

Scope: Infra

Quarterly

completed

Report v3

patient-api.healthcare.io

Scope: API only

PoC

failed

Scope error

All executions are fully logged and replayable.

Simple pricing for autonomous pentests.

VORNAC turns pentesting into a predictable, compliance-ready process.

Enterprise

Yearly fee. UNLIMITED USAGE

For organizations that require unlimited testing and maximum flexibility in regulated environments.

  • Unlimited autonomous tests
  • API access & integration support
  • Optional: custom report templates
  • Optional: on-premise hosting
For large enterprises

Built around regulatory frameworks.

VORNAC is designed for environments governed by NIS2, DORA, VAIT, BAIT and KRITIS – with reports structured to satisfy audits.

EU

NIS2

Continuous and provable security posture via regular, documented pentests.

EU

DORA

Cyber resilience testing for financial services, aligned with operational resilience demands.

DE

VAIT / BAIT / KRITIS

Structured output for German financial and critical infrastructure regulations.

About VORNAC.

We are re-engineering cybersecurity for the autonomous age. Headquartered in Heidelberg, Germany, VORNAC was founded to solve the industry’s biggest dilemma: the widening gap between strict regulatory compliance and the critical shortage of skilled security experts.

We do not just offer another tool – we provide a paradigm shift. Our AI technology replaces the “human middleware” in penetration testing, allowing companies to test their infrastructure continuously, 24/7 and without manual intervention. We turn cybersecurity from a yearly bottleneck into an always-on advantage.

Ready to see a truly autonomous pentest in action?

Schedule a live session with the founding team and walk through a real execution and report.

Or reach out directly: hello@vornac.com