Sold by: Tenzai
AI changed the attackers. Defense has to change too. AI hackers will be testing your apps. The only question is whose side they're on.
Tenzai is the AI hacker on your side: autonomous, end-to-end, and as sharp as an elite human. It reasons about your app, discovers attack surface, chains weaknesses, and ships reproducible exploits with the evidence to fix them. It finds the business-logic flaws and chained vulnerabilities other AI tools and scanners miss. Transparent, guidable, and continuous across every app you ship. No red team to schedule.
120 x faster. 4% to 100% coverage. Same team. Compliance in days, not quarters. Continuous pentests in CI/CD. Every app you ship.
Overview
For thirty years, the best application testers have been a small group of skilled humans. They still are. But the surface they cover has exploded and the attackers now have AI. Engineers ship more code, faster, with weaker review. Frontier models reason about code, chain weaknesses, and produce working exploits. AI hackers will be testing your apps. The only question is whose side they're on.
Tenzai reasons about your application the way an elite human would, 24/7. It discovers attack surface, chains weaknesses, and ships reproducible exploits with the evidence to fix them. Purpose-built for the enterprise: deep, exhaustive coverage; business-logic and chained vulnerabilities other AI tools and scanners miss; high accuracy; continuous learning every run. Transparent and guidable - your team scopes, directs, and reviews its reasoning at every step. Scales to every app you ship, continuously. No red team to schedule.
Most teams find something worth fixing in the first four hours.
What changes for customers:
- 120 x faster compliance. Work that took quarters now takes days.
- More in a week than five.
- 4% to 100% coverage.
Founded in 2025 by cybersecurity veterans Pavel Gurvich (CEO), Ariel Zeitlin (CTO), Aner Mazursky (CPO), Itamar Tal (VP R&D), and Ofri Ziv (VP Research). Backed by a record $75M seed from Greylock, Battery, and Lux Capital. Tenzai ranks top 1% across six global CTF platforms - beating 125,000 human hackers.
Highlights
- Tenzai is the AI hacker on your side - autonomous, end-to-end, and as sharp as an elite human. Ranked top 1% across six global CTF platforms - better than 99% of the people you'd hire to test your applications.
- Find what other AI and scanners miss. Deep, exhaustive coverage of the entire attack surface. Chained business-logic vulnerabilities. High accuracy. Continuous learning every run. Transparent reasoning your team can scope, direct, and review.
- Custom pricing via AWS Private Offer - contact sales
Details
Sold by
Categories
Delivery method
Integration protocol
Type
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Tenzai Enterprise | Annual enterprise subscription. Contact sales@tenzai.com for a Private Offer tailored to your environment and scan volume. | $0.01 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
API-Based Agents & Tools
API-Based Agents and Tools integrate through standard web protocols. Your applications can make API calls to access agent capabilities and receive responses.
Additional details
Usage instructions
Integration surface: Tenzai is consumed as an MCP server, not a public REST API. Any MCP-compatible client (Claude Code, Cursor, Devin, or a customer's own agent) can connect, authenticate, and call Tenzai tools.
MCP endpoint: https://mcp.tenzai.io/mcp
Authentication: OAuth 2.0 via Descope. The MCP client is redirected to Descope to sign in, then uses the returned JWT as a Bearer token on subsequent MCP requests. Tokens are scoped to a single Tenzai tenant.
Rotating credentials OAuth access token: No buyer action is required under normal operation. The MCP client rotates this token automatically through the standard OAuth refresh flow.
OAuth refresh token: To rotate this token, re-run the OAuth authorization flow by re-authenticating the MCP client.
Access key: To rotate this key, the buyer replaces it in the Descope tenant UI. The previous key value is invalidated immediately. Note that the new value is shown only once at creation and cannot be recovered afterward, so capture it at that time.
Revoking credentials To revoke all access for a buyer tenant: A Tenzai operator disables or deletes the tenant through the Tenzai support backoffice. This blocks all token refresh immediately, and any live tokens expire within 30 minutes.
Example -- adding Tenzai to Claude Code: claude mcp add tenzai -t http https://mcp.tenzai.io/mcp
On first use, Claude (or any MCP client) opens the Descope sign-in flow and stores the resulting token.
What you can do via MCP:
- List applications and tests in your tenant
- Launch new pentests against registered targets
- Query test status, network flows, and the agent's reasoning trace
- Retrieve findings (OCSF-compliant) and evidence
- Open tickets in Jira / ServiceNow directly from findings
Input modality: JSON tool arguments; optional uploads of source code, OpenAPI/Swagger specs, threat models, and authentication profiles via the Tenzai console.
Output modality: Structured security findings with evidence, reproducible exploit steps, OCSF-compliant JSON export, and Jira/ServiceNow ticket creation.
Model providers: Anthropic and OpenAI frontier models, accessed via Amazon Bedrock and direct provider APIs.
Data privacy: Zero data retention on all LLM calls; tenant-isolated infrastructure; SOC 2 Type II; no training on customer data; full audit trail.
Documentation: MCP integration guide and onboarding materials available at https://www.tenzai.com/support ; customer-facing API docs are on the roadmap.
Resources
Vendor resources
Support
Vendor support
Tenzai provides enterprise support for all AWS Marketplace customers.
Support email: support@tenzai.com Hours: 24x7 business-hours coverage with on-call escalation for Sev-1 issues.
Response SLAs: Sev-1 (production down / active exploit blocking) -- 1 business hour; Sev-2 (major functionality impaired) -- 4 business hours; Sev-3 (minor issue / question) -- 1 business day;
Onboarding: Every new customer is paired with a Tenzai solutions engineer for kickoff, target onboarding, and first-scan walkthrough. Security & compliance: SOC 2 Type II, zero data retention on all LLM calls, tenant-isolated infrastructure. Compliance reports available on request. Refunds: No refunds, except as required by the applicable agreement. Contact support@tenzai.com for any billing or service issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Bishop Fox Offensive Security Services
Strengthen your security posture with Bishop Fox, the leader in offensive security testing. Our expert-driven services help you proactively identify and remediate vulnerabilities before attackers can exploit them. Delivered through the Bishop For portal, hosted on AWS, you can real-time visibility into assessment findings, secure access to detailed reports, and on-demand remediation. Whether securing your applications, cloud environments, networks, AI initiatives, or products, Bishop Fox helps you stay ahead of threats.
Continuous AI-driven penetration testing combined with human expertise to identify and validate real-world exploitable risk across cloud environments
Advanced penetration testing services designed to identify vulnerabilities in AI systems, generative AI platforms, and Large Language Model (LLM) applications. Our AI security testing approach evaluates model behavior, APIs, infrastructure, and integrations to protect organizations from emerging AI-specific threats.
Our clients rely on our cybersecurity expertise and experience to help them reduce risk and remediate their security vulnerabilities. Coalfire's DivisionHex provides a flexible solution to deliver the threat-focused outcomes required by enterprises in rapidly and ever-changing environments.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.