Frequently Asked Questions

Automated scanners run scripted tests and can't adapt to defenses or reason about business logic. S6 Spectra uses multi-agent orchestration with cyclic reasoning graphs—agents plan reconnaissance strategies, adapt to defensive responses, and make autonomous decisions like an L3 analyst. It's true agentic AI, not programmatic testing.

Cloud deployment with H100 GPUs delivers maximum speed for organizations wanting fastest possible assessments. On-premise runs at reduced speed but is entirely sufficient for scheduled penetration testing during maintenance windows—most engagements complete comprehensive testing in hours, not days. For air-gapped and classified environments, on-premise is the only option and provides complete data sovereignty.

No. S6 Spectra is designed for security teams, not data scientists. You define testing scope and objectives in plain language. The agentic AI handles methodology, tool selection, and execution autonomously. Reports are readable by security professionals without AI expertise.

ScopeGuard is our unique rules of engagement enforcement system. It validates every agent action against defined scope in real-time, automatically pausing missions if violations are detected. This prevents autonomous agents from testing unauthorized systems—critical for production environments and regulated industries.

Traditional engagements often suffer from limited transparency—you don't always know what was tested, how thoroughly, or whether junior or senior consultants performed the work. S6 Spectra provides complete visibility: every test, every methodology, every finding is logged and auditable. You get L3-level reasoning depth across your entire attack surface, parallel autonomous testing for 5x coverage, and findings within 24 hours vs weeks. Most importantly, you can verify exactly what Spectra did.

Yes. S6 Spectra supports complete air-gapped deployment with local LLM hosting. No external network access required. This meets requirements for IL5/IL6 environments, classified networks, and organizations with strict data sovereignty policies.

We contribute security tools to the community under appropriate licenses at github.com/s6securitylabs. Enterprise products like Spectra maintain proprietary IP while leveraging vetted open source components. All dependencies are disclosed with Software Bill of Materials (SBOM) documentation.

S6 Spectra is SOC 2 Type II certified. Findings map to NIST, OWASP, MITRE ATT&CK frameworks. Supports HIPAA (healthcare), PCI-DSS (financial), FedRAMP roadmap (government). Complete audit trails meet compliance reporting requirements.

Annual subscription based on testing scope and deployment type. On-premise deployment includes licensing for local LLM usage. Cloud deployment offers managed infrastructure. Contact sales for custom pricing based on your environment and requirements.

Minimum: Modern server with GPU (e.g., NVIDIA RTX 4090 or higher). Recommended: Dedicated testing environment isolated from production. Storage for test artifacts and forensic logs. Network access to target systems within scope. We'll help you size infrastructure during the implementation planning phase.

On-premise: 1-2 weeks including installation, scope configuration, and initial testing. Cloud: 3-5 days for provisioning and scope setup. Includes training for your security team on mission planning and report interpretation.

Enterprise support includes: 24/7 technical support, dedicated customer success manager, quarterly review calls, access to security researcher team for complex findings, and priority feature requests. Training and onboarding included.