StrayLabs

>

Straylabs logo

Battle-test your assets before attackers do

We're building the tech behind agentic pentest tooling. For faster, cheaper and more efficient pentests.

Whitepaper & benchmarksGitHubDiscord

Use the tool

Run Deadend yourself

Install the CLI, run agentic pentests in your environment. Benchmarks, self-hosted options, and integration with your existing tooling. 

██████╗ ███████╗ █████╗ ██████╗ ███████╗███╗   ██╗██████╗
██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔════╝████╗  ██║██╔══██╗
██║  ██║█████╗  ███████║██║  ██║█████╗  ██╔██╗ ██║██║  ██║
██║  ██║██╔══╝  ██╔══██║██║  ██║██╔══╝  ██║╚██╗██║██║  ██║
██████╔╝███████╗██║  ██║██████╔╝███████╗██║ ╚████║██████╔╝
╚═════╝ ╚══════╝╚═╝  ╚═╝╚═════╝ ╚══════╝╚═╝  ╚═══╝╚═════╝
deadend CLI v0.1.0 • Type /help for commands
[hacker] http://127.0.0.1:3000
────────────────────────────────────────────────────────────
 
  
78% on XBOW's benchmarks
Deadend is our first attempt to build new offensive security tools for the future.
We evaluate, benchmark and battle-test the agents on provable grounds (same benchmarks as our competitors and more). Our goal is to improve our agents continuously to deliver to best security. See our results here.
Built for security experts in mind
The CLI integrates well with other security testing tooling such as Burp/ZAP...
We are building new offensive security tooling made for Security Engineers. Keeping the same tooling that is already used is important. As we also use the same. And we are thinking ahead. For future versions, we are going to add MCP servers and terminal autocompletion.
Self-hosted and sandboxed AI agent capabilities
We believe in confidential AI and secure software. Deadend's tools are sandboxed and the agent fully runs on your devices.
From the Agent to the LLM, everything can run locally or on premise. Every tool is carefully sandboxed and isolated to protect the device we're working on. Even though it adds more work for us, this is really important for us as hackers (at least this is what we believe in).
 
 
Want a walkthrough or early access?
  
 
 
  
  
 
Web application pentest
From scoped web apps to verified fixes
We focus on your web applications: we scope targets, run an agentic pentest, and deliver replayable findings with remediation and re‑verification.
1Step 1
Scope your web applications
We can plug into your existing development workflow so you can define exactly which web apps are in scope.
  • Connect your GitHub organization and select frontends, backends, and APIs
  • Target production‑like environments or dedicated staging
  • Keep all targets and exclusions clearly documented in one place
2Step 2
Run an agentic webapp pentest
Our agents runs an detailed offensive campaign focused on how your web applications actually behave in practice.
  • Autonomous exploration of web flows, sessions, and business logic
  • Specify your security assessments by following your goals, either you are preparing for a certification (SOC2, ISO27001...) or just reviewing the security of your assets
  • The findings back to specific routes, parameters and specific features
3Step 3
Report, replay and remediate
Reports are generate on the fly. Includes remediation and verification loop, not just a static document.
  • Executive and technical pentest reports. We save checkpoints at each findings
  • Remediation hints with code‑level guidance for your engineers
  • Replay focused verification on fixed endpoints to confirm issues are closed
Contact us for a security audit
Short call to align on scope, targets, and timing. Audits are run by certified offensive security engineers (OSCP holders and several years in cybersecurity and pentesting).
 
  
  
 
Book an intro & demo
Find a time that works for you
Schedule a quick call to see Deadend in action, ask questions, or scope a security audit.
 
  
  
 
About us
Building agentic security from first principles
Straylabs is a small team of security engineers and builders focusing on one problem: how to run meaningful, repeatable offensive security using AI agents instead of one-off playbooks.
The problem we are trying to solve is to make repetable, time-consuming security assessments
If you want to try the tooling, integrate it into your pipeline, or work with us on a bespoke engagement, we would love to talk.