Pentesting hasn't kept pace with how fast software now ships. Manual engagements take weeks; commodity scanners drown teams in false positives. We're building the third option. Fast, autonomous, and honest.
A registered Singapore private company building offensive security software. We operate out of Republic Plaza in the heart of the Raffles Place financial district, and we ship from there to engineering teams worldwide.
We were founded by offensive security and applied ML engineers with a simple thesis. Software ships every day, but pentests still take six weeks. That mismatch is how breaches happen. Zeroday IQ closes the gap with an autonomous AI red team that runs continuously, validates every finding with a real PoC, and never invents a vulnerability the scan didn't actually produce.
All commercial engagements, contracts, and data processing agreements are entered into under Zeroday IQ Cyber Pte. Ltd., governed by Singapore law.
Zeroday IQ Cyber Pte. Ltd.
● Live Company, ACRA Singapore
9 Raffles Place, #29‑05
Republic Plaza
Singapore 048619
Every line of code in Zeroday IQ (every scanner module, every prompt, every UI choice) is shaped by these.
If we can't show a real PoC, it doesn't make the report. Active scanners run baseline + control diffs instead of bare fingerprints. The Validator agent is the last gate; it drops anything that doesn't have raw evidence behind it. False positives are how scanners lose trust. We don't ship them.
Models are tools, not oracles. Every analysis call runs against a locked system prompt that forbids invented findings and demands a proof field on every issue. Chat answers are bound exclusively to your stored scan. The LLM literally cannot invent a finding the scan didn't produce.
You shouldn't need to learn a tool to run a pentest. Type a URL, ask follow‑ups in plain English, get answers backed by real evidence. The whole product is a conversation. No CLI, no Burp config, no scoping calls before you can see your first finding.
Zeroday IQ is 41+ independent scanner modules orchestrated by a thread‑pool, plus thirteen specialised AI agents. Seven for external scans (Recon, Enumeration, WAF Detection, Vulnerability, Exploit, Validator, Report) and six more for internal‑network engagements (Network Discovery, Active Directory, Credential, Lateral Movement, PrivEsc, Attack‑Path / Blast‑Radius / MITRE).
Every finding is tagged with CWE, CVSS 3.1, OWASP Top 10, MITRE ATT&CK, and seven compliance frameworks: SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, NIST CSF, OWASP. The PDF ships the moment the scan completes.
Scanner modules. DNS to SSTI, every layer of the stack.
AI agents, each with its own toolset and reasoning trace.
Recall on the OWASP Juice Shop benchmark.
False positives. By design, not by aspiration.
Our public benchmark scorecard tracks exactly what we recall and what we miss. Currently CSRF detection in some flows, file‑upload validation edge cases, and Java deserialisation gadget chains. We're shipping fixes monthly and our changelog is public.
Most scanners hide their gaps. We publish ours. If we miss a known finding on your benchmark, that's a bug. File it and we'll fix it.
We're a focused team of offensive‑security engineers, ML practitioners, and product builders. We ship every week.
Years in red‑team consulting and bug bounty. We know what a real pentest report looks like, and what makes one useless.
Production LLM systems with structured outputs, prompt caching, and groundedness guardrails. We treat models like dependencies, not magic.
Parallel scan orchestration, MongoDB‑backed state, agent fleet management. Built for engagements that touch hundreds of subdomains in parallel.