Console V2: End-to-end continuous offensive security

One workspace now unifies your context, repositories, domains, applications, and infrastructure under a single evolving view of your attack surface, continuously monitored by our frontier offensive agents.

Anytime a new endpoint or resource is detected, Pensar updates the living threat model of your systems and refreshes your attack surface to match.

Autonomous offensive agents can be dispatched to continuously and adversarially test every API, application, service, AI agent, or cloud resource to identify exploits and attack paths, including business logic flaws. Each finding is rigorously verified and reported with a working PoC, and the agent then auto-remediates it, opening a fix for review instead of handing you a ticket. Agents also support custom scopes, threat models, and payloads, so you can test for the threats that actually matter to your business.

That is the real end-to-end loop: Pensar discovers your attack surface, proves what's exploitable, and fixes it on its own, continuously, across your entire organization. Here's what V2 changes.

The new model

The change isn't cosmetic. V1 organized everything around projects, one per repository. V2 organizes around the workspace, and the unit of security is no longer the repository but the application: the actual running service an attacker would target.

That distinction is the whole point. A repository is just source; an application is what's exposed. One repo can ship several applications, and one application can span both the repo and the domain it deploys to. The security signal lives a level down, on each application's endpoints: the routes and APIs an attacker actually hits.

The workspace ties it together, so Console can finally reason about your posture the way an adversary does: across the whole surface, correlating a finding in one service against the auth layer it shares with another, not one repo at a time.

Multi-repo, one workspace

Connect as many repositories as you need. GitHub, GitLab, Bitbucket, and Azure DevOps are all first-class sources, all scoped to a single workspace, with no project boundaries to juggle and no context-switching to see what's happening across your org. Connecting a repository starts mapping it right away, so its applications and endpoints begin populating your inventory as soon as it's attached.

Continuous reconnaissance

Recon in V2 is continuous and automatic, not a button you remember to press.

Console keeps watch on your connected repositories and re-runs reconnaissance as code changes, so the picture stays current without re-mapping everything from scratch every time. Connected domains are mapped from the outside in and linked back to the applications they belong to, so an external host and the repo that produces it converge on the same application. As your surface grows, Console grows its map with it, and you can dial the cadence up or down per workspace.

The result is an inventory that stays honest. A new service, a new route, a new subdomain shows up in your Attack Surface without anyone filing a ticket to go find it.

Living threat models

In V1, a threat model was a point-in-time document. In V2 it's a property of your attack surface that Console keeps current.

Threat models live at the endpoint level, generated alongside the business logic, the attacker objectives, and a risk score for each route. As your code and infrastructure change, those models update in place: re-discovering a route refreshes its model rather than piling up duplicates, and a change behind an endpoint refreshes the analysis for that endpoint.

So the threat model you read on a Tuesday reflects the code that shipped Monday night. No stale PDF, no quarterly re-do, no manual review cycle to keep it accurate.

Per-application access control

Access is modeled per application, not per workspace.

Workspace membership has three tiers: owners and admins see everything; members are scoped to specific applications and only see the applications, endpoints, and findings they've been granted, so they can't stumble into another team's findings. A workspace can define a default set of applications that new members receive on join, so onboarding a developer to the one service they own is a single step.

It's least-privilege for your security data, modeled the same way you already model access to the systems themselves: security engineers get the whole picture, developers get exactly their slice.

Targeted pentesting

Because applications and endpoints are now first-class, pentests can be scoped to them instead of pointed at a whole repository.

When you launch a pentest you pick the applications in scope and, if you want to go finer, the specific endpoints within them. The agent focuses on exactly that surface rather than crawling everything attached to a repo, so after a fix lands you can retest a single endpoint straight from the Attack Surface.

Whatever the scope, the agent doesn't just flag, it proves. Every finding comes with a working proof-of-concept and the full agent trace that produced it, so you're triaging confirmed exploits, not maybes.

Narrower scope means sharper signal: findings that map to a real service you can act on, rather than noise spread across a monorepo.

Continuous pentesting

Targeted pentests answer a question about right now: is this exploitable today? Continuous pentesting answers a harder one: is it still safe after everything that shipped this week?

The same scoping that powers a one-off pentest powers continuous coverage. Schedule a defined set of applications and endpoints to run on a cadence, or wire pentests into your CI/CD pipeline so a pull request is adversarially tested before it ever reaches production. As continuous reconnaissance and your living threat models surface new and changed routes, scheduled runs pick them up automatically, so coverage tracks your attack surface instead of lagging behind it.

The result is offensive testing that behaves like the rest of your pipeline: always on, triggered by change, and catching regressions the moment they appear rather than at the next quarterly engagement.

Agent red teaming

The AI you ship is an attack surface too, and it's one most tools can't touch. Agent red teaming is a capability built directly into Apex, our offensive agent, that adversarially tests the AI you ship and the MCP servers it depends on, the same way it tests any other application.

Apex attacks agents the way a real adversary would, across the attack classes we exploit in the wild:

• Jailbreak and obfuscate: treating every refusal as a gradient to optimize against, mutating and retrying a payload until a malicious action fires.
• Indirect prompt injection: smuggling instructions in through the content an agent retrieves, whether a document, a ticket, an email, or a monitoring alert.
• Tool abuse and excessive agency: driving the high-impact tools an agent can call (transfers, writes, deletes, external requests) through injected content rather than direct prompts.
• Data exfiltration: chaining private data, untrusted content, and an outbound channel into a working leak, including memory poisoning that fires in a later session.
• Dev-toolchain RCE: exploiting agentic CI and auto-executed MCP servers, where attacker-controlled data runs with a developer's or CI runner's privileges.

Every agent finding lands like the rest: a working PoC and the full exploit chain that produced it, a remediation plan an agent or a human can execute, and the same CI/CD hooks, so you catch agent exploits before they reach production rather than after.

Built for concurrency

Running frontier offensive agents continuously, across every customer's attack surface at once, is an infrastructure problem before it's a security one. We rebuilt the sandboxing infrastructure that isolates and runs our agents, so Console now sustains dramatically higher concurrency. As our customer base grows, more agents run more pentests in parallel without waiting in line, which is what makes continuous, organization-wide offensive testing practical rather than aspirational.

Migration: nothing was lost

If you were on V1, your data already moved automatically, with no re-import on your part. Your repositories, pentests, issues, findings, and recon history all carried over onto your workspace, and the access each teammate had was preserved as per-application grants. Your existing pentests, issues, and findings came through intact.

Simpler navigation

With projects gone, the drilling-down goes with them. Issues, pentests, and your attack surface all live at the workspace level. There's no project switcher to fight with and no project boundary between you and a pentest. Everything is one level from the workspace root.

What this adds up to

Step back and look at what the workspace ties together: continuous reconnaissance that discovers your attack surface on its own, living threat models that stay current as your code and infrastructure move, and pentests scoped to the exact applications and endpoints that matter, run on demand or continuously in your pipeline. Every finding is proven exploitable, with the full agent trace behind it. The AI you ship is red-teamed alongside everything else, and the whole loop runs on infrastructure built to do it across your entire organization at once. No other security platform does all of this in one place. Scanners catch known patterns in source. Traditional pentesting is a point-in-time engagement that ships a PDF. ASM tools map an attack surface but can't attack it. Console is the first to put discovery, threat modeling, and live exploitation into a single continuous loop.

That loop is what autonomous offensive security actually looks like, and it's running in your workspace today. Console maps your attack surface as it changes, reasons about where an attacker would go next, dispatches agents to prove what's actually exploitable, and routes verified findings into remediation, continuously, across your entire organization, without a human kicking off each step.

It's your autonomous offensive security team, live in your workspace today. Log in to see the new workspace experience, and if you have questions or feedback, reach out. We're listening.