Fast vulnerability scanning built
for SOC2, PCI DSS, HIPAA, and ISO 27001
Slate scans your apps and APIs for security vulnerabilities, explains them in plain English, and gives you AI-ready fixes so you can be audit-ready.
Trusted by teams at
How it works
Built for simplicity and speed
Enter your domain
Paste your URL and run your first scan. No agent to install, no sales call to book. Results in under 10 minutes.
Find vulnerabilities
Every finding ranked by severity, with a breakdown of vulnerability types so you know exactly what's exposed.
Fix it with AI
Every finding includes a plain-English explanation of the risk and an AI-agent prompt for the fix.
New scan
Target URL
Scan queued
Scan progress
~8 min remaining
Frictionless setup
Scan where you work.
Web, CLI, or your AI agent.
Minimal setup. Maximum speed. Scan from the dashboard, your terminal, or Cursor — full vulnerability reports in under 10 minutes.
Web UI
No setup required. Enter your domain in the dashboard, hit scan, and watch findings appear in real time. Share reports with a link.
CLI
Run scans from your terminal, integrate into CI/CD pipelines, or script automated checks. Everything the web UI does, from the command line.
MCP + Agents
Ask Cursor or Claude to scan your app in plain English. Findings and fix prompts show up right in chat — same depth as the dashboard, zero local setup.
What we find
Vulnerabilities explained in plain-English.
AI-ready fixes.
Every finding comes with a plain-English explanation, step-by-step remediation guidance, and a ready-to-use AI agent prompt you can paste straight into Cursor to fix it.
GET /api/users?id=
GET /search?q=
GET /api/invoices/:id
GET /api/config
GET /auth/callback?next=
Tap to explore.Hover to explore.
Built for developers
Why engineering teams pick Slate
Readable findings, agent-ready remediation, and CI gates — so you can understand risk, fix it fast, and block bad deploys without a dedicated AppSec team.
Actionable findings
Plain-language explanations for what's wrong, what was detected, and how to fix it — with scanner evidence built in.
Agent-ready remediation
Agent-ready fixes for every finding — repo-scoped briefs with scope, task, and acceptance criteria you can paste into Cursor or any coding agent.
CI gates
Run scans in GitHub Actions or any pipeline. Fail builds on critical findings with JSON output and predictable exit codes.
Audit readiness
Find issues early.
Show up audit-ready.
Controls and audits under SOC 2, HIPAA, PCI DSS, or ISO 27001 all touch application security — with different rules and cadences. Slate scans your web apps and APIs, surfaces exploitable issues, and gives you fixes you can ship before review day.
Pricing
Pay per target. Scan when you need to.
Each plan includes a monthly scan allowance for cloud security checks. One scan is one full run against a target. Manual and scheduled scans both count.
Startup and Scale include a 14-day free trial. Pay annually upfront and save 20%. Need more capacity? Add targets or extra scans on Startup and Scale.
Startup
1 target · 20 scans/mo included
One production app or API with enough scans to check in weekly before you ship.
- 1 target included
- 20 scans per month included
- Severity-ranked findings reports
- Plain English remediation steps
- AI-prompt fixes
- 48-hour email support
- Add-on targets $15/month each
- Extra scans $1.25 each
Scale
3 targets · 100 scans/mo included
Three targets and a pooled scan allowance for staging, prod, and buyer-ready reports.
- Everything in Startup
- 3 targets included
- 100 scans per month included (pooled)
- White label reports
- 24-hour email support
- Add-on targets $12/month each
- Extra scans $0.85 each
Enterprise
Volume pricing · Flexible terms · On-prem
SSO and dedicated support for regulated teams at scale.
- Everything in Scale
- Custom targets & monthly scans
- Volume pricing on extra scans
- Single sign-on (SSO)
- SCIM provisioning
- On-prem deployments
- Dedicated support
Find the gaps before
audit day.
Run a free scan on your app or API—results in under 10 minutes, with severity-ranked findings and AI-ready fixes. No setup call required.


