RiftX

Why RiftX Exists

Retesting should be rigorous, repeatable, and far less manual.

After years of pentesting, I kept watching senior pentesters spend hours retesting the same reflected XSS they had seen dozens of times. The loop was identical every engagement: navigate, inject, screenshot, write it up. RiftX exists because that loop should take five minutes, not thirty.

Operating stance

Why the company exists

Routine retesting keeps consuming the time of senior pentesters even when the loop is repetitive, structured, and automatable.

What we believe

Verification should be faster without becoming less defensible. A speed gain only matters if the evidence still holds up in a report.

Who it is built by

Built by practitioners with years of AppSec experience and direct exposure to the repetitive retesting work consultancies handle engagement after engagement.

Product Doctrine

The system is opinionated because the workflow demands it.

Steps-to-reproduce is primary

The system is designed around pentester-provided reproduction steps, not payload fields or scanner artifacts. Human context is the real input.

Proof beats indication

A verdict should be grounded in evidence, not weak symptoms. We optimize for artifacts pentesters can defend in a report.

Honesty beats confidence theater

Needs Review is a valid outcome. The system is not supposed to guess its way into a green badge.

Product Boundaries

Serious tools are clear about what they are not.

01

Not a scanner. It verifies reported findings. It does not discover new ones.

02

Not a replacement for pentesters. It compresses routine verification so your team can spend time on judgment-heavy work.

03

Not AI theater. Deterministic detection leads. LLM fallback supports the workflow. It does not impersonate certainty.

Built by a pentester

The company perspective comes from real AppSec and offensive security work. That matters because the product is trying to compress the repetitive parts of the job without flattening the judgment that makes pentesters valuable.

Private beta

Get your pentesters out of the retesting loop.

If your team retests reported web findings by hand every engagement, RiftX was built for you. Limited beta spots available.