service definition

What we do.
In plain English.

Syber runs autonomous security agents against your production web surface. The same URLs your customers hit. We find what breaks, write up what we found, and (with your permission) help you fix it.

Last updated · 2026-05-01

Operator

Syber is a Delaware C-Corporation. All engagements, contracts, and invoices are with Syber. References to "syber," "we," or "us" on this site mean Syber.

Scope

Our agents test for the kinds of vulnerabilities that show up on real production sites: broken access control, injection, authentication weaknesses, server-side request forgery, business-logic flaws, leaked secrets, and the rest of the OWASP top-of-the-list. Coverage grows with every engagement; the operator is included.

  • Baseline scan: a one-time, ~90-minute run against a target you own. Free, no commitment.
  • Continuous engagement: agents wake on every deploy, file findings, and (when scoped) attempt safe remediation PRs.
  • Targeted assessment: a deeper, scoped engagement against a specific feature, surface, or release candidate.

Authorization

We only test surfaces you control. The booking flow requires that the email used to request a scan shares the registrable domain with the site being tested. A cheap-but-meaningful proof of authorization. For continuous and targeted work, a signed scope document supersedes that check.

We don't scan, probe, or poke at anything outside the scope you gave us. We don't pivot through your infra to reach third parties. We don't exfiltrate user data. When our agents need to confirm an issue, they grab the smallest possible proof and stop.

What we don't do

  • No denial-of-service testing without explicit, written, change-controlled approval.
  • No social engineering of your team unless contracted under a separate red-team agreement.
  • No physical or wireless testing.
  • No persistent backdoors, no implants, no "just in case" access.

Findings & disclosure

Every finding is yours. You get the report, the proof-of-concept, the remediation guidance, and the raw evidence trail, whether or not you continue with us. We don't sit on bugs, we don't sell findings to anyone, and we don't publish or namedrop without written consent.

Data we touch during testing

In the course of testing we may incidentally encounter your data (URLs, response bodies, error pages, etc.). We treat all of it as confidential, store only what's required to reproduce findings, and purge that on engagement close. See the privacy policy for the gory details.

Payment & cancellation

Baseline scans are free. Paid engagements are scoped and quoted per surface; you can cancel any continuous engagement with 30 days' notice. Findings already delivered are yours to keep.

Get in touch

Request a scan · Book a meeting · team@syber.sh