Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Brutecat Security provides cybersecurity services centered on vulnerability research, with its in-house AI harness “siege” as the main differentiator. The website says siege has achieved notable results in the Google Vulnerability Reward Program, including two RCEs in Google Cloud’s production Borg environment, and has found high- and critical-severity vulnerabilities in multiple open-source projects. It is more like a high-end, research-driven penetration testing and code audit service than a standardized SaaS protection product.
Its protection model falls under offensive security assessment: Blackbox targets the external attack surface of production environments, Whitebox provides end-to-end source code auditing, and Consulting covers threat modeling, design reviews, and privacy assessments. The process has three steps: first, scanning and capturing request/response traffic or reading source code; second, automatically validating leads in dockerized/sandboxed service replicas, eliminating AI hallucinations, correcting severity, and attaching PoCs; finally, human researchers reproduce the impact and deliver a report. The workflow emphasizes a combination of “AI-powered discovery at scale + human confirmation.”
The website does not list package pricing. It only states that after users submit the target and scope, they will receive a fixed quote within one business day. Before procurement, buyers therefore need to clarify scope, assets, source code access methods, and delivery expectations. In terms of management and alerting, the page does not show a continuous monitoring platform, dashboard, or alert integrations, so it appears to be more project-based in delivery.
The strengths are its strong public track record, with cases involving Google, Gitea, Forgejo, MinIO, Rocket.Chat, CKAN, and others. Each engagement is driven by a senior researcher, and the reports emphasize clarity, reproducibility, and real impact. The drawbacks are that team size, SLA, compliance certifications, payment methods, and integration capabilities are not disclosed. If an organization needs continuous vulnerability management, SIEM/ticketing integrations, or compliance-oriented vendor qualifications, further due diligence is still required.
It is suitable for teams with high-value assets, complex business logic, or critical open-source supply chain risks, especially companies hoping to uncover vulnerabilities that ordinary scanners may miss. It is less suitable for scenarios that only require low-cost automated scanning or standard MLPS-style compliance assessments. Access from China, payment, and contract support are unknown. For localized alternatives, buyers can compare domestic penetration testing and code audit services from Qi An Xin, NSFOCUS, DBAPPSecurity, Chaitin, and others.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on brutecat.com official site.
brutecat.com is an Unknown Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach brutecat.com directly.