ABOUT KAOS

Built by offensive security practitioners

We're a team of certified pentesters and AI engineers who got tired of scanners flagging false positives. So we built KAI — and we still ship findings ourselves.

Talk to the teamOpen positions
WHY WE EXIST

From boutique pentesting to AI-driven offense

KAOS started as Pwncat — a boutique offensive security firm running manual penetration tests for enterprises across Europe. For years we lived inside customer networks, chained primitives by hand, and wrote reports that actually changed how security teams worked.

Then we hit the wall every consultancy hits: scanners were broken. They flagged hundreds of theoretical issues, missed every meaningful exploit chain, and forced us to spend half of every engagement triaging noise instead of finding what mattered.

So we built KAI — the AI offensive security agent we always wished we had — and trained it on the methodology we'd been using for a decade. We still run human-led engagements on every customer. That's the deal: AI for breadth, humans for depth, validated proof on everything that ships.

Practitioner credentials

Our practitioners hold:

  • OSCP, OSCE3, OSWE, OSEP
  • CRTO — Certified Red Team Operator
  • CREST CRT, OSCP+ pathway
  • Authored 2 public CVEs
  • Burp Suite Web Security Academy ~90% solved

Trusted by Veolia, Agbar, Prosegur and a network of enterprise customers across Europe.

MISSION

What we believe

Three principles that shape every engagement, every release, and every line of agent prompt we ship.

Validated findings, always

Every finding ships with reproducible proof of exploitation. No theoretical risk, no scanner output dressed up as a report — only what we (or KAI) actually validated.

Hybrid by design

AI for breadth and speed, certified humans for depth and judgment. We don't believe in fully automating offensive security — we believe in amplifying it.

Build with the community

We contribute to open source tooling, publish original research, run training programs, and disclose responsibly. The industry got us here; we pay it forward.

BY THE NUMBERS

Track record

Numbers we update as we ship — not vanity metrics.

10,000+

Findings validated

150+

Attack vectors automated

2

Public CVEs disclosed

99.4%

False positives eliminated

24/7

Platform coverage

<10min

Time to validated finding

ROADMAP

What we're working on

Today

  • KAI — our AI-driven offensive security platform
  • Manual penetration testing engagements
  • Compliance audits (ISO 27001, SOC 2, NIS2, DORA)
  • C2 and red team tooling research
  • Training programs for blue and red teams

Soon

  • Expanded compliance framework coverage
  • More languages across the agent prompt layer
  • Deeper SIEM, ticketing and CI/CD integrations
  • Continuous attack surface monitoring
WHERE WE ARE

Remote-first, headquartered in Europe

Two registered entities, one team distributed across Europe and the Americas. We hire for skill and judgment, not zip code.

HEADQUARTERS

Andorra la Vella

KAOS S.L.U

Corporate HQ and platform engineering.

EU OPERATIONS

Barcelona

KAOS AI SECURITY S.L.

Services delivery and applied research.

Remote-first, with team across Europe and the Americas.

Press inquiries: press@kaos.ad

See press & media

Want to work with us — or for us?

Whether you're hiring offensive security or looking to do offensive security, we'd like to hear from you.

ContactView careers