Axiom Blueprint
04Cybersecurity · 01 / 0402

A Claude-orchestrated assessment platform for serious portfolios.

The flagship offering. A planning agent decomposes the assessment; specialist agents handle recon, web, API, and auth coverage; the reporter agent writes CVSS-scored, PDPA-mapped findings — all under structured human authorisation at every action that touches a real target.

What's included

Eight components.

Orchestrator

Plans the assessment from the scope brief, decomposes it into sub-tasks, routes to specialists.

Recon

Passive OSINT, certificate transparency, subdomain mapping, technology fingerprinting.

Web pentest

OWASP Top 10 (2021) checklist execution against in-scope web applications.

API pentest

OWASP API Top 10 (2023) coverage — BOLA, broken authentication, over-exposure.

Auth

Authentication and session-management testing.

Reporter

CVSS v3.1 scoring, finding write-ups, evidence chain, PDPA mapping.

Tool integrations

nmap, nuclei, ffuf, sqlmap, Burp Suite API, custom scanners via MCP.

Safety layer

Scope enforcement, rate limits, kill switch, evidence chain-of-custody, authorisation gates.

How it runs

Five stages.

01
Scoping

Joint workshop with the client SOC. Agreed scope document. Authorisation letter. Infrastructure setup.

02
Deployment

Stack deployed in the client environment, or Axiom-hosted, depending on data-sovereignty posture. Safety gates validated against benign targets first.

03
First production assessment

Tier 1 applications tested under joint Axiom-client oversight. Findings reviewed live with the SOC team.

04
Handover and training

Client team trained to run subsequent assessments. Couples naturally to the Training practice.

05
Retainer transition

Optional move into Continuous Monitoring on a quarterly cadence.

What you receive
Capability

A synthetic run.

synthetic pentest run · illustrative
[scoping]verifying scope...
[scoping]scope confirmed · 3 web apps, 1 API
[recon]enumerating attack surface...
[recon]1,247 endpoints mapped
[authz]awaiting human authorisation
[authz]authorised by operator · gate cleared
[exec]running OWASP A1...
[exec]running API1...
[finding]high · reflected XSS at /search
[report]writing PDPA-mapped section
Safety and authorisation

Every action that touches a real target requires structured authorisation. Every finding carries an evidence chain.