fallible.co

What It Is

Fallible is a cybersecurity services brand under CHECKSUM LABS, INC. The website positions it as an enterprise-grade security provider for organizations worldwide. Public materials highlight more than 10 years of experience, 50+ enterprise customers, and services delivered to financial institutions, venture capital firms, and large enterprises. Its offerings include both SaaS subscriptions and human-led security testing, managed security operations, and consulting services.

Core Capabilities and Deployment

In terms of protection coverage, Fallible has a fairly broad scope. Its Managed Security Services provide 24/7 security monitoring, incident response, and threat hunting. Mobile application security covers both Android and iOS, including secret leakage detection, API security analysis, and compliance validation. Cloud security supports assessments, configuration reviews, and continuous monitoring for AWS, Azure, and Google Cloud. It also offers penetration testing, security consulting, and security assessments for AI/machine learning applications. According to the FAQ, Fallible typically does not require access to the codebase; instead, it identifies vulnerabilities by monitoring application API calls, which is friendly to customers that do not want to share source code. For deployment, the Standard plan is more SaaS-subscription oriented, while Enterprise explicitly offers on-premises deployment options and custom integrations.

Pricing and Support

Public pricing lists the Standard plan at USD 2100/month, with 20% savings for annual billing. It includes weekly reports, manual vulnerability testing, mobile application analysis, API and SDK testing, email support, and HAR and Swagger imports. Enterprise is custom-priced and adds on-demand reporting, advanced manual testing, the full mobile security suite, priority phone and chat support, on-premises deployment, and custom integrations. As for refunds, when an annual subscription is cancelled, the remaining months after the current month may be refunded. Credit cards and third-party payment processors are mentioned in the terms, but the full set of payment methods is not disclosed.

Pros and Cons

The main advantage is a comprehensive security service chain, making it especially suitable for organizations that need external SOC capabilities, mobile/API security, and cloud security assessments. The fact that it does not require codebase access lowers implementation friction. Enterprise on-premises deployment and custom integrations also improve fit for enterprise environments. The downsides are that public materials do not list compliance certifications such as ISO 27001 or SOC 2, service availability is only provided on a “commercially reasonable efforts” basis with no guarantee of uninterrupted availability, and the Standard plan has a relatively high starting price, making it less lightweight for early-stage teams.

Best Fit and Access from China

Fallible is better suited to well-funded growing companies, large organizations, financial institutions, and mobile app/API-heavy teams that need a combination of continuous security monitoring and manual testing. Information on access from mainland China, Chinese-language support, RMB payments, and local invoicing has not been disclosed, so these remain unknown for now. If local compliance, Chinese-language delivery, or mainland network reachability is required, domestic alternatives such as 奇安信, 绿盟科技, 安恒信息, and 长亭科技 may also be worth evaluating.