Built by offensive security practitioners
We're a team of certified pentesters and AI engineers who got tired of scanners flagging false positives. So we built KAI — and we still ship findings ourselves.
From boutique pentesting to AI-driven offense
KAOS started as Pwncat — a boutique offensive security firm running manual penetration tests for enterprises across Europe. For years we lived inside customer networks, chained primitives by hand, and wrote reports that actually changed how security teams worked.
Then we hit the wall every consultancy hits: scanners were broken. They flagged hundreds of theoretical issues, missed every meaningful exploit chain, and forced us to spend half of every engagement triaging noise instead of finding what mattered.
So we built KAI — the AI offensive security agent we always wished we had — and trained it on the methodology we'd been using for a decade. We still run human-led engagements on every customer. That's the deal: AI for breadth, humans for depth, validated proof on everything that ships.
Practitioner credentials
Our practitioners hold:
- OSCP, OSCE3, OSWE, OSEP
- CRTO — Certified Red Team Operator
- CREST CRT, OSCP+ pathway
- Authored 2 public CVEs
- Burp Suite Web Security Academy ~90% solved
Trusted by Veolia, Prosegur and a network of enterprise customers across Europe.
What we believe
Three principles that shape every engagement, every release, and every line of agent prompt we ship.
Validated findings, always
Every finding ships with reproducible proof of exploitation. No theoretical risk, no scanner output dressed up as a report — only what we (or KAI) actually validated.
Hybrid by design
AI for breadth and speed, certified humans for depth and judgment. We don't believe in fully automating offensive security — we believe in amplifying it.
Build with the community
We contribute to open source tooling, publish original research, run training programs, and disclose responsibly. The industry got us here; we pay it forward.
Track record
Numbers we update as we ship — not vanity metrics.
Findings validated
MITRE-mapped attack techniques
Public CVEs disclosed
False positives eliminated
Platform coverage
Time to validated finding
What we're working on
Today
- KAI — our AI-driven offensive security platform
- Manual penetration testing engagements
- Compliance audits (ISO 27001, SOC 2, NIS2, DORA)
- C2 and red team tooling research
- Training programs for blue and red teams
Soon
- Expanded compliance framework coverage
- More languages across the agent prompt layer
- Deeper SIEM, ticketing and CI/CD integrations
- Continuous attack surface monitoring
Remote-first, headquartered in Europe
Two registered entities, one team distributed across Europe and the Americas. We hire for skill and judgment, not zip code.
Andorra la Vella
KAOS S.L.U
Corporate HQ and platform engineering.
Barcelona
KAOS AI SECURITY S.L.
Services delivery and applied research.
Remote-first, with team across Europe and the Americas.
Press inquiries: press@kaos.ad
Want to work with us — or for us?
Whether you're hiring offensive security or looking to do offensive security, we'd like to hear from you.