Frequently Asked Questions
Common questions about Eresus Security services, scope, delivery, reporting, pricing, and AI security work.
Services and Scope
What does Eresus Security do?+
Eresus Security provides penetration testing, API security testing, AI security assessments, cloud review, red team operations, and external attack surface validation.
Can we start with a narrow scope?+
Yes. Most engagements start with one high-risk app, API, AI workflow, cloud path, or exposed asset group before expanding into a recurring program.
Do you test AI and agent systems?+
Yes. We test prompt injection, tool abuse, RAG leakage, MCP integrations, agent permissions, memory, and model supply chain risk.
How is this different from an automated scan?+
Automated scanners create signals. Eresus validates whether those signals become exploitable attack paths across identity, data, API, cloud, or AI workflows.
Delivery
How long does a penetration test take?+
A focused web or API test usually takes 5-10 business days. Larger cloud, red team, or AI scopes are planned after a short scoping call.
What is included in the report?+
Reports include impact, reproduction steps, evidence, affected assets, remediation direction, severity, and retest notes.
Do you support retesting?+
Yes. Retesting can be included as part of a fixed engagement or a recurring program.
What do we receive after the engagement?+
You receive reproducible evidence, affected assets, business impact, remediation direction, severity, and closure criteria for each important finding.
Commercial
How is pricing determined?+
Pricing depends on scope, surface count, test depth, environment access, reporting needs, and retest expectations.
Do you work with startups and enterprises?+
Yes. We support focused startup assessments as well as regulated, multi-team enterprise programs.
Can we request the AI Security training PDF?+
Yes. The free starter checklist covers prompt injection, RAG leakage, MCP risk, and model-file security. You can request it from the sector pages.