Pricing — ThreatForged AI

Q: Is it safe to run in a live environment?

There are approval gates before any potentially disruptive actions. Nothing is executed without your explicit sign-off. We've run assessments in live credit union environments during business hours without impacting operations.

// ROI Calculator

See what you're actually saving.

Adjust the sliders to match your environment and see how ThreatForged AI compares to a traditional consulting engagement.

Number of IPs in scope

75 IPs

Assessments per year

2x / year

Typical consulting firm quote

$20,000

Annual savings vs. consulting

$36,250

Consulting firm cost (annual)

$40,000

Based on your inputs above

ThreatForged AI — recurring annual

$3,750

Assessments + additional IPs (no setup)

ThreatForged AI — year 1 total

$4,250

Includes $500 one-time setup fee

Cost per IP — consulting

$267

Per IP per engagement

Cost per IP — ThreatForged AI

$25

Per IP per engagement

// Plans

Simple, transparent pricing.

One-time setup, then pay per assessment. No retainers, no seat licenses, no annual commitments.

Setup

$500 one-time

Required for your first engagement. Covers scoping, environment intake, and secure agent deployment.

Scoping call with Ryan
Environment intake & documentation
Secure agent deployment
Baseline environment snapshot
Waived on repeat engagements

Most Common

Base Assessment

$1,500 / assessment

Full internal AD assessment covering all four attack phases. Up to 50 IPs. Report delivered within 5 business days.

AD enumeration & BloodHound analysis
NTLM relay & coercion testing
ADCS abuse (ESC1, ESC8, ESC15)
Privilege escalation & DCSync
Compliance-ready report
Step-by-step remediation guidance
30-day remediation Q&A support

Additional Scope

$15 / IP

Extend coverage beyond the base 50 IPs. Billed per additional IP assessed in the same engagement.

Same full methodology
Included in the same report
No minimum additional IPs
Capped pricing available for large environments — ask about enterprise rates

* MSP and vCISO partners — volume licensing and white-label reporting available. Contact us for partner pricing.

// How We Compare

ThreatForged AI vs. the alternatives.

The same attack chain a consulting firm would run. Delivered in 5 business days. At a price SMBs can actually justify.

Feature	ThreatForged AI	Consulting Firms	Enterprise Platforms	Vuln Scanners
Cost per assessment	$1,500 to $2,500	$15,000 to $30,000	$50,000+/yr	$500 to $3,000/yr
Active AD exploitation	✓ Full chain	✓ Manual	✓ Automated	✗ No
ADCS abuse testing	✓ ESC1, ESC8, ESC15	✓ Varies by firm	✓ Some platforms	✗ No
Compliance-ready report	✓ Included	✓ Included	✓ Included	✗ CVE list only
Time to results	5 business days	2 to 6 weeks	Days	Hours
Security team required	✓ No	✗ Yes	✗ Yes	✓ No
Remediation guidance	✓ Step-by-step	✓ Included	Varies	✗ Minimal
Annual contract required	✓ No	✓ No	✗ Yes	✗ Usually

→ Read the full story behind ThreatForged

// FAQ

Common questions.

What does "up to 50 IPs" actually mean? +

The base assessment covers up to 50 IP addresses in your internal AD environment — typically domain controllers, file servers, workstations, and key infrastructure. We scope this with you during the intake call so you know exactly what's included before we start. Additional IPs are $15 each.

Do I need a security team to manage this? +

No. ThreatForged AI is specifically built for IT Directors and small IT teams who don't have a dedicated security hire. The assessment runs autonomously after setup. The report is written in plain English with prioritized, step-by-step remediation guidance you can act on immediately — no security expert required to interpret it.

How does the $500 setup fee work? +

The setup fee covers the initial scoping call, environment documentation, and secure deployment of the assessment agent in your environment. It's a one-time charge — waived on all repeat engagements. If you run two assessments per year, your second year is just $3,000 total (2 × $1,500).

Will this disrupt our network or cause downtime? +

No. The assessment is scoped and controlled — we use the same techniques as a real attacker, but with human approval gates before any potentially disruptive actions. Nothing is executed without your explicit sign-off. We've run assessments in live credit union environments during business hours without impacting operations.

What does the report look like? +

The report includes an executive summary written for non-technical leadership, a prioritized findings list with severity ratings, the full attack chain we executed (with screenshots), and step-by-step remediation instructions for every finding. It's structured to satisfy NCUA examiners, SOC 2 auditors, and cyber insurance requirements out of the box.

Is there a contract or minimum commitment? +

No annual contracts, no retainers, no minimum commitments. You pay the setup fee once and then per assessment when you need one. We think you should keep coming back because the value is clear, not because you're obligated to.

Do you offer MSP or vCISO partner pricing? +

Yes. If you're an MSP or vCISO platform looking to offer pentesting as a service to your client base, we have volume licensing and white-label reporting options. Reach out directly at ryan@threatforged.ai to discuss partner arrangements.

No contracts.
No surprises.

See what you're actually saving.

Simple, transparent pricing.

ThreatForged AI vs. the alternatives.

Common questions.

Ready to see what's actually exploitable?

No contracts.No surprises.

See what you're actually saving.

Simple, transparent pricing.

ThreatForged AI vs. the alternatives.

Common questions.

Ready to see what's actually exploitable?

No contracts.
No surprises.