Smoo AI Security

Catch the security drift before your auditor does.

Continuous scanning across your headers, TLS, identities, and dependencies. Findings mapped to OWASP ASVS and SOC 2 — with diff context so you know what changed and who to ask.

See Pricing Talk to Us

Five surfaces. One scanner. Zero shelf-ware.

Every check is automated, attributable, and tied to a remediation owner. No PDF dumps, no opaque scores.

Header & TLS Scanner

Validates security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy), TLS configuration, certificate health, and redirect chains across every public surface.

Identity Drift Detection

Surfaces stale OAuth tokens, orphaned service accounts, lingering API keys, and credentials that survived a deboard event. Tied directly to your Workforce graph.

Dependency Vulnerabilities

Continuously audits your package manifests against advisories. Triaged by exploitability, exposure, and presence in production paths — not raw CVE counts.

Compliance Reports

Export auditor-ready reports mapped to OWASP ASVS L1, SOC 2 controls, and your internal policies. Findings are timestamped, attributable, and signed.

Continuous Monitoring

Scans run on schedule, on deploy, and on demand. Drift alerts route through Slack, email, or your incident channel — with diff context so you know what changed.

OWASP ASVS L1 Coverage

Every control, traceable.

We map each finding to an ASVS control so your auditor can verify scope without reverse-engineering tooling output.

Section	Control Area	Smoo Coverage
V1	Architecture & Threat Modeling	Guided
V2	Authentication	Partial
V3	Session Management	Automated
V4	Access Control	Partial
V5	Validation, Sanitization & Encoding	Partial
V7	Error Handling & Logging	Automated
V8	Data Protection	Automated
V9	Communication Security	Automated
V10	Malicious Code	Partial
V11	Business Logic	Guided
V12	Files & Resources	Partial
V13	API & Web Service	Automated
V14	Configuration	Automated

Automated = continuously scanned. Partial = scanned with caveats documented in report. Guided = workflow + checklist; review is manual by design.

We scan ourselves

smoo.ai runs on Smoo AI Security.

Our own production surfaces are continuously monitored by the same scanner we sell. The most recent findings against smoo.ai live on our public status page.

Latest scan

smoo.ai

All checks passing

Critical

High

Informational

Static snapshot. Live wire-up coming next phase.

Findings dashboard

Desktop screenshot coming soon

Mobile

Coming soon

Pricing

Pick the tier that matches your surface area. Upgrade anytime.

Starter

For small teams getting compliance traction

$99/mo

Start free trial

3 monitored targets (domains/apps)
Header, TLS, redirect, cookie scanning
Weekly scheduled scans
Dependency vulnerability tracking
Email findings digest
OWASP ASVS L1 coverage report

Pro

For growing teams shipping daily

$299/mo

Start free trial

15 monitored targets
All Starter checks plus identity drift
Daily scheduled + on-deploy scans
Slack, email, and webhook alerts
Workforce integration for credential drift
SOC 2 mapping and exportable reports
Priority support

Enterprise

For regulated industries and large surfaces

$999/mo

Talk to us

100+ monitored targets
All Pro checks plus custom rules
Continuous scanning, sub-hour cadence
Auditor handoff and signed reports
Dedicated security success engineer
SLA and custom retention
Private VPC scanners available

Ship faster with fewer surprises.

Wire your domains in five minutes. First scan completes before your next standup — with remediation owners assigned, not just CVE counts dumped.

Start Free Trial

Talk to a security engineer

Tell us about your surface and we'll scope a starter scan with a real engineer on the call.

Full Name *

Email Address *

Phone Number (Optional)

Company Name *

What are you interested in? (Optional)

What can we help you with? (Optional)

Opt-in to receive email updates, insights, and marketing communications

By submitting this form, you agree to our Privacy Policy and Terms of Service.