Home
PreBreach documentation — AI-powered penetration testing for modern web applications.
PreBreach Documentation
PreBreach is an AI-powered penetration testing platform that finds real vulnerabilities in your web applications before attackers do. Purpose-built for modern stacks — Next.js, Supabase, Firebase, Vercel, and apps built with AI coding tools — PreBreach combines 8 specialized AI agents with industry-standard scanning tools to deliver professional-grade security assessments.
What PreBreach Does
- Discovers real vulnerabilities across the OWASP Top 10, including injection flaws, broken authentication, misconfigurations, and more
- Understands modern architectures with 24 custom scanning templates designed for Next.js, Supabase, Firebase, and Vercel deployments
- Validates findings with AI consensus using Claude Opus analysis cross-checked by GPT to eliminate false positives
- Generates actionable reports with CVSS v4.0 scoring, security grades (A-F), proof-of-concept evidence, and remediation guidance in PDF, HTML, and JSON formats
Documentation Sections
Getting Started
Create your account, add a domain, verify ownership, and run your first scan.
Domains
Add domains, verify ownership via DNS TXT records, and manage your assets.
Scanning
Understand the 5-phase scan pipeline and what happens during a security assessment.
Reports
Read and interpret your security reports, grades, CVSS scores, and export formats.
AI Agents
Learn about the 8 specialized AI agents that power PreBreach security analysis.
Billing
Manage your subscription, understand pricing plans, and view payment history.
Quick Overview
| Feature | Details |
|---|---|
| Scan Duration | 30-60 minutes per domain |
| AI Models | Claude Opus (primary) + GPT (validation) |
| Vulnerability Coverage | OWASP Top 10, modern stack misconfigurations |
| Report Formats | PDF, HTML, JSON |
| Scoring | CVSS v4.0 + Security Grade (A-F) |
| Verification | DNS TXT record required |
Why PreBreach?
Modern web applications built with AI coding assistants often ship with subtle security gaps that traditional scanners miss entirely. Server Actions with missing authorization checks, exposed Supabase service role keys, permissive Firebase security rules, and leaky Next.js middleware are just a few examples.
PreBreach was built specifically for this new generation of web apps:
- Purpose-built for modern stacks — Not a generic scanner. PreBreach understands the specific vulnerability patterns in Next.js, Supabase, Firebase, and Vercel applications
- AI-native analysis — 8 specialized agents don't just pattern-match; they reason about your application's security posture the way an experienced penetration tester would
- Validated, not noisy — Multi-model consensus between Claude Opus and GPT eliminates the flood of false positives that plague traditional scanners
- Developer-friendly — Reports include copy-paste remediation code, not just descriptions of what's wrong
Who It's For
PreBreach is designed for:
- Solo developers and indie hackers who ship fast and need a security gut-check before launch
- Startup engineering teams who can't afford a $10K-$50K manual pentest but need real security assurance
- Agencies and freelancers who want to offer security assessments as a value-add for client projects
- Security-conscious teams who want continuous monitoring of their applications between annual pentests
Getting Started
The fastest path to your first security report:
- Create an account — Free, no credit card required
- Add your domain — Enter your app's URL and verify DNS ownership
- Run a scan — Subscribe to a plan, then let the AI agents do their work
- Read your report — Get your security grade, findings, and remediation steps
The entire process takes about 5 minutes of setup, then 30-60 minutes while the automated scan runs.
Getting Help
If you run into issues or have questions, reach out to our support team at support@prebreach.com. For bug reports and feature requests, email feedback@prebreach.com.