Your site is being scanned right now — by someone

Is your business actually safe online?

Most business owners have no idea what their website looks like to an attacker. We show you — in 60 seconds, in plain English, with a clear grade and a plan to fix what matters.

No technical knowledge needed. No software to install. Just answers.

Start free auditSee how it works
60s
Surface scan
3
Attack surfaces
A–F
Clear grading
arcane.group
Protected
A
0/100
Security Score
0
Web
0
Code
0
Host
HTTPS enforced
HSTS enabled
CSP policy permissive
No exposed secrets
Powered by SenAI.SAM · 360° scan
Maps to NCSC Cyber Essentials GDPR Article 32 ISO 27001 PCI-DSS DfE Standards
Three surfaces. One report.

Other tools check your front door.
We check the whole building.

Most security scanners look at one thing — maybe your SSL certificate, maybe your headers. They miss the code running on your pages, the servers behind your domain, and the data leaking through cracks nobody thought to check. SenAI.SAM scans all three surfaces in one pass.

Web Surface
Security headers
TLS/SSL
DNS config
Email auth
SEO signals
Tech stack
Code Surface
Client-side scripts
Source maps
Leaked credentials
Secret detection
Dependency risks
Host Surface
CVE matching
Open ports
VirusTotal
AbuseIPDB
MITRE ATT&CK
Network intel
Trusted by growing businesses

Don't just take our word for it.

Meridian Digital
Brightpath Consulting
Stackline Labs
Northvale Tech
Clearwater Systems
500+ scans completed

We ran our first scan and found three critical issues we had no idea about. Fixed them the same afternoon.

SC
Sarah Chen
CTO, Meridian Digital

Finally a security tool that doesn't require a PhD to understand. The plain-English reports are a game changer.

JO
James Okafor
Managing Director, Brightpath Consulting

We use SenAI.SAM before every client pitch to prove our site is secure. Worth every penny.

PS
Priya Sharma
Head of Engineering, Stackline Labs

This is what you get

Three levels of depth. Start with the summary for free — upgrade when you need the full picture.

Free SummaryIncluded
C
example-company.co.uk
Score: 62/100
AI Summary

Your website is live and serving visitors, but three security gaps leave your business exposed. The most urgent: anyone can inject scripts into your pages because there's no Content Security Policy...

criticalNo Content Security Policy
highSSL expires in 12 days
+ estimated fix costs and next steps
Full ReportPaid
62
Overall
78
Web
45
Code
63
Host
criticalNo Content Security Policy
Fix: Add CSP header with script-src directive
highSSL certificate expires in 12 days
Fix: Renew via your hosting provider or Let's Encrypt
highMissing HSTS header
Fix: Add Strict-Transport-Security with max-age
mediumServer version exposed
Fix: Remove Server header from nginx config
All findings with step-by-step remediation
TechnicalPaid
DNS & SSL
A Records104.21.32.1, 172.67.154.8
MX✓ Configured
TLS Version1.3
Cert IssuerLet's Encrypt
DMARC✗ Missing
Threat Intelligence
CVE-2024-32760 — nginx HTTP/3 vulnerability
Shodan: 3 open ports (80, 443, 8080)
No entries in CISA KEV database
T1190T1071T1595MITRE ATT&CK tags
Sign up free to see your reportView sample report

Up and running in 60 seconds

No agent to install. No code changes. No waiting.

Step 01
Verify your domain
Sign up with your work email. We confirm ownership automatically.
Step 02
Run a scan
Enter your URL. Surface results in seconds, full report in minutes.
Step 03
Fix what matters
AI-prioritised findings with plain-English remediation steps.

Traditional pen testing was built for a different era.

Weeks of meetings, reports only your IT team can read, and results that are outdated before the ink dries.

The old way
SenAI.SAM
How it starts
Weeks of sales calls and scoping
Enter your URL and click scan
Time to results
2–6 weeks (if nothing goes wrong)
60 seconds for surface, 3 min for full
What gets checked
Usually just the web app
Web + code + host infrastructure
Who reads the report
Only your technical team
Anyone — written in plain English
How often
Once a year (if you remember)
Whenever you want, on demand
Compliance mapping
Manual, extra cost
Automatic — CE, GDPR, ISO 27001
Coming soon

Know who you're doing business with.

We're building direct integration with the UK Companies House database to give you instant intelligence on any registered business — directors, filing history, red flags, and an AI-powered integrity score. All from one search.

Instant company lookup

Search any UK company by name or number. See directors, registered address, SIC codes, and incorporation date in seconds.

AI integrity scoring

Our AI analyses filing patterns, officer history, and company structure to produce an integrity score — flagging dormant shells, late filers, and unusual patterns.

Business intelligence reports

Full BI reports with risk indicators, officer timelines, filing analysis, and AI-generated narratives explaining what the data actually means for your due diligence.

Companies House + Security in one platform
Verify the business. Scan the website. Know the full picture.

Imagine running a security scan on a supplier's website and instantly seeing their Companies House filing history, director changes, and integrity score — all in the same report. That's what we're building.

Simple pricing. No surprises.

Start free with 2 surface scans. Upgrade when you need the full picture.

Free
£0
2 surface scans on signup
  • 2 free surface scans
  • AI security summary
  • Letter grade + top risks
  • Plain-English explanation
Get started
Everything included
Full Report + Technical
£29
5 full scans · One-time payment
  • Everything in Free
  • 5 full scans included
  • All findings + remediation steps
  • CVE database + MITRE ATT&CK
  • Threat intel — Shodan, URLScan, CISA KEV
  • Advanced security — CSP, TLS, email auth, secrets
  • Host.Guard infrastructure scan
Platform security

A security product that practises what it preaches.

We hold ourselves to the same standards we check for. Here's how we protect your data and our platform.

Encryption in transit

All data is encrypted via TLS 1.3. HSTS enforced with a 1-year max-age across all endpoints.

Content Security Policy

Nonce-based CSP with strict-dynamic prevents XSS. No unsafe-inline or unsafe-eval.

Rate limiting

Distributed rate limiting via Upstash Redis protects every API endpoint against abuse.

Row-Level Security

Supabase RLS policies ensure users can only access their own data. No shared tenancy leaks.

Authentication

Supabase Auth with secure cookie-based sessions. CSRF protection on all state-changing endpoints.

Vulnerability disclosure

We maintain a public vulnerability disclosure policy with defined scope, safe harbour terms, and response timelines.

View disclosure policy
Compliance transparency
Data hostingSupabase (AWS eu-west-2) + Vercel (iad1)
EncryptionTLS 1.3 in transit, AES-256 at rest (Supabase managed)
AuthenticationSupabase Auth — email/password with secure httpOnly cookies
Data retentionScan reports retained while account is active. Deleted 30 days after account closure.
On our roadmap

SOC 2 Type II certification and an independent third-party penetration test are planned. We'll publish results here once complete. We believe in transparency — not premature compliance claims.

🛡️

The cost of not knowing is always higher.

Every day you don't check is a day you're trusting luck over evidence. Two free scans, no credit card, results in seconds.

Start your free audit