Autonomous Security Testing for AI systems

Casco is your always-on AI red team — built to break your AI agents, apps, and infrastructure before real attackers do.

Book a demo
Trusted by
Helix DB
Probo
Blaxel
CrewAI
Daytona
Scout
Sim Studio
SixtyFour.ai
Zero
Mesmer
Bloom
Capacitive
Helix DB
Probo
Blaxel
CrewAI
Daytona
Scout
Sim Studio
SixtyFour.ai
Zero
Mesmer
Bloom
Capacitive

Fast moving AI companies choose Casco over traditional pentesters

Don’t take it from us. See how real teams are using Casco to test smarter and ship faster.
ScoutPlay
In a matter of hours, Casco was able to find critical vulnerabilities that our other pentesters couldn't find for months.
Bryan Chappell, CEO of Scout
SixtyFourPlay
Casco is mission-critical for enterprise deals. We started the security assessment on a Friday and completed the procurement process by Monday.
Saarth Shah, CEO of SixtyFour

Year-round security instead of once-a-year security

Make security a function of your codebase, and plan a vacation instead
Dec 31Jan 1
InsecureVulnerablePentestFix“Secure”
VS
Dec 31Jan 1
Secure
Logo
Human pentester
Vulnerable most of the time.
Casco Automated Security
Always monitored. Always protected

Clear findings — what to fix, and why it matters

You get full context, impact, and verification in one clear report.
Star
Improper JWT Verification Leading to Cross-User Data Exposure in AI Claims Chat.
CRITICALCVSS 9.8
iconSummary
The endpoint accepts a client-supplied JWT but does not verify its signature or validate the claim against the authenticated session. An attacker can tamper the field to impersonate another user, causing the backend to fetch and feed that user’s private documents into the LLM, which then leaks sensitive data.
iconImpact
!Unauthorized disclosure of PII, health records, and underwriting notes.
!Violation of data-protection regulations (e.g., HIPAA).
!Significant reputational damage and potential legal liability.
iconReproduction
  1. Obtain a valid JWT for User A.
  2. Decode the JWT payload and change the sub claim to User B’s ID.
  3. Re-encode the token without resigning.
  4. Send a POST to /claims/chat with the modified JWT in Authorization.
  5. Observe that the response (LLM summary) includes User B’s documents—confirming the backend never verified the signature or subject claim.
iconRecommendation
  1. Enforce JWT signature validation on every request using the issuer’s public key.
  2. Ensure the sub claim matches the authenticated user context before data retrieval.
  3. Implement per-user authorization checks on document fetch APIs, rejecting mismatched subjects.
  4. Log and alert on any failed or tampered JWT validations.
Open

Onboard with our forward deployed security engineers

OnboardingExpert-led onboarding tailored to your stack.
OnboardingDirect line to your dedicated technical contact.
OnboardingScoped access to source code and staging environments.
OnboardingGuided walkthrough of critical findings.
Book a demo