Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Unpatched.ai is an AI-powered automated vulnerability discovery platform. Its current core capability is security analysis for white-box source code: users submit a GitHub URL or connect a repository via the GitHub App, and the platform clones and analyzes the code inside a temporary, sandboxed virtual machine, then generates a structured vulnerability report. Its positioning is closer to an “AI security researcher” assisting with code audits than to a traditional WAF, EDR, or runtime protection product.
In terms of protection type, it focuses on vulnerability discovery rather than real-time blocking. Its white-box capabilities are already available, with an emphasis on reading files, tracing data flows, and understanding business logic, typically returning results within one hour. The Team plan supports private GitHub repositories, while the Individual plan is limited to public repositories. Deployment is SaaS-based. The GitHub App uses read-only access and short-lived tokens, and the terms state that source code is not retained after the assessment is completed and that the sandbox is destroyed. Black-box capabilities are still marked for release in 2026, with planned coverage for applications, containers, and disk images, so they should not be treated as existing features at this stage.
Pricing uses a subscription plus monthly credits model. Assessments consume credits, and additional credits can be purchased on demand. The Individual plan costs $150/month when billed annually, or $200/month when billed monthly. The Team plan costs $100/seat/month when billed annually, with a minimum of 5 seats, or $125/seat/month when billed monthly. It is suitable for independent security researchers, bug bounty participants, and engineering or security teams that need to perform authorized security assessments on GitHub codebases.
The advantages are a clear onboarding path, assessments built directly around GitHub repositories, and features such as real-time progress, severity ratings, and structured findings. The use of temporary sandboxes and the statement that source code is not retained also help reduce data-handling concerns. The limitations are also clear: the currently hosted platform is mainly limited to GitHub; the service only supports certain regions and may require identity verification; the terms explicitly state that AI analysis results may contain false positives or false negatives, so professional review is still required; and there is no disclosed compliance certification, SLA, ticketing/SIEM/CI integration, or formal support framework.
Access from mainland China, payment methods, and whether China is included in the supported regions are not clearly stated in the main materials, so China accessibility is unknown. Pricing is listed in USD, and no specific payment channels are provided. If an enterprise needs local deployment, compliance evidence, or more mature DevSecOps integrations, it may be worth comparing alternatives such as Semgrep, Snyk Code, GitHub CodeQL, SonarQube, Checkmarx, and Fortify.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on unpatched.ai official site.
unpatched.ai is an Unknown Security provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach unpatched.ai directly.