Pricing that matches how you scan.
Start free, scale as you grow. AI Pentest is usage-based — billed on proof, not noise.
Free
For individual developers getting started with security
$0
- 3 repositories
- 10 scans per month
- 1 user
- Email notifications
Most Popular
Team
For growing teams that need more power
$29 / user / mo
- 10 repositories
- 100 scans per month
- Per-seat — add your whole team
- Slack notifications
- API access
- SBOM export
- AI security intelligence
- AI Pentest add-on — 2 runs/mo (billed per confirmed finding; discovery beta, sharpest on APIs/server-rendered)
Business
For organizations with advanced security needs
$79 / user / mo
- 50 repositories
- 500 scans per month
- Per-seat — add your whole team
- Scanner profiles
- Custom scan policies
- Auto-triage rules
- Auto-fix PRs
- AI Pentest add-on — 10 runs/mo (billed per confirmed finding; discovery beta, sharpest on APIs/server-rendered)
- Priority support
Enterprise
For enterprises with custom requirements
Let’s talk
- Unlimited repositories
- Unlimited scans
- Unlimited team members
- Self-hosted deployment
- SSO/SAML
- Custom integrations
- Dedicated support
add-on
AI Pentest: pay per confirmed finding.
Available on Team and Business plans. Metered per confirmed finding — never per scan, never per hour. If the validator's confirmation is later overturned as a false positive, the charge reverses and credits automatically. The agent is in beta and is sharpest on APIs and server-rendered apps.
Billed on proof, not noise
Only replay-validated findings meter. Unconfirmed candidates never surface, never bill.
False positives credited
Overturn a finding and the meter event reverses — automatically, no support ticket.
Kill switch always free
Halt a run at any moment. Safety controls are never metered.
usage — June 2026
confirmedIDOR /api/v1/orders
+1
confirmedSQLi /search
+1
reversedXSS /profile · FP
−1 credited
billable findings 2
Per-finding rates shown in-app during early access. Discovery is in beta — sharpest on APIs and server-rendered apps.
Feature Comparison
Repositories 3
Scans per month 10
Team members 1
SAST scanning Included
SCA scanning Included
Secrets detection Included
IaC scanning Included
Container scanning Included
DAST scanning Included
CSPM (cloud accounts) Included
Priority scoring & EPSS Included
GitHub integration Included
GitLab integration Included
Bitbucket integration Included
Email notifications Included
Slack notifications Not included
API access & CLI Not included
MCP server Not included
SBOM export Not included
AI Pentest (usage-based, discovery beta) Not included
Scanner profiles Not included
Auto-triage rules Not included
Custom scan policies Not included
Auto-fix PRs Not included
Self-hosted option Not included
Kubernetes operator Not included
SSO/SAML Not included
Custom integrations Not included
Frequently Asked Questions
How is AI Pentest billed?
Usage-based, on Team and Business plans (not available on Free): you pay per confirmed finding. If a confirmed finding is later overturned as a false positive, the charge is automatically reversed and credited. The kill switch is always free. The agent is in beta and is sharpest on APIs and server-rendered apps — discovery quality on SPA and auth-gated targets is still improving.
What is a “confirmed” finding?
Before any pentest finding is reported, a validator replays the exploit against your target. Only findings that reproduce are confirmed — and only confirmed findings are billed.
Is the pentest agent safe to run against my environments?
The agent runs inside a scope guard: hostname allowlist, destructive-verb gating, rate limits, DNS pinning, and a continuously-checked kill switch. We recommend starting with staging. See the AI Pentest page for the full containment model.
Can I switch plans at any time?
Yes! You can upgrade or downgrade at any time. Changes take effect immediately, and we'll prorate the difference.
What payment methods do you accept?
We accept all major credit cards through Stripe. Enterprise customers can pay via invoice with NET-30 terms.
Is there a free trial?
The Free plan is available indefinitely with no credit card required — use it to evaluate the platform on real repos before upgrading.
What happens if I exceed my limits?
You'll receive a notification as you approach your limits, with a grace period before anything is blocked. You can upgrade anytime.
Can I self-host Fimil?
Yes! The Enterprise plan includes our Kubernetes operator for on-premises deployment. We also support air-gapped installations.
Do you offer discounts for startups or open source?
Yes! We offer special pricing for startups, non-profits, and open-source projects. Contact sales@fimil.dev for details.
Where does my source code go?
Scanners run in isolated, ephemeral environments: your source is cloned for the scan and deleted when it completes. Fimil stores findings and metadata — not your code.
Can I run Fimil in an air-gapped environment?
Yes, the Enterprise plan supports fully air-gapped deployments with offline scanner images and no external connectivity required.
What compliance frameworks do you support?
Platform compliance reports map findings to CIS Benchmarks, SOC 2, PCI DSS, HIPAA, and ISO 27001 controls. AI Pentest findings additionally carry per-vector SOC 2 and PCI DSS control mappings.
Need Self-Hosted Deployment?
Fimil Enterprise gives you full control with on-premises or air-gapped installations.