Lorikeet Security: Turning Pentests into a Dynamic Platform

Most “pentests” end as PDFs. Lorikeet turns them into an operating system for security

In an industry still mailing static reports, our team found Lorikeet Security takes the contrarian route: a platform-first offensive security stack that keeps humans in the loop while wiring the entire security program into a real-time portal. Under the hood, its core technology blends manual-first testing workflows with continuous attack surface intelligence, a control-mapping engine for compliance, and “Lory,” an AI assistant trained on ~2,000 vulnerability write-ups. The design philosophy is clear: treat offensive testing, monitoring, and audit readiness as one lifecycle, not three siloed services. For teams building and operating APIs and cloud-native systems, that translates to faster triage, repeatable remediation, and measurable risk reduction rather than one-off artifacts.

Architecture & Design Principles

Lorikeet’s platform revolves around a few pragmatic decisions:

• Human-in-the-loop orchestration: engagements are 100% manual, but the portal models assets, vulnerabilities, evidence, and remediation status as first-class entities. Think work-queue meets knowledge graph, where each test step, proof, and fix maps to owners and controls.
• Continuous discovery: 24/7 attack surface monitoring implies a data ingestion pipeline that tracks domains, certificates, cloud accounts, and exposed services. Expect a blend of scheduled polling and event-driven discovery across DNS/CT logs and cloud provider APIs for AWS, Azure, and GCP.
• Control mapping engine: compliance automation hinges on normalizing evidence and findings to frameworks (SOC 2, PCI-DSS, ISO 27001, HIPAA, and more). Architecturally, that suggests a rule-based mapper aligned to common control catalogs with exportable, audit-ready packages.
• AI assistance via retrieval: Lory likely uses retrieval-augmented generation over a curated vulnerability corpus, surfacing step-by-step remediation guidance tailored to developers and auditors. Scalability here is less about request-per-second and more about analyst throughput, asset scale, and evidence lineage. The portal prioritizes real-time visibility, role-based access, and retest workflows so teams can iterate without re-scoping.

Feature Breakdown

Core Capabilities

• Manual-first penetration testing with AI-augmented guidance Technical: Findings are produced by senior researchers rather than scanner diffs, reducing false positives and improving exploit chains across web apps, APIs (REST/GraphQL/SOAP), mobile, desktop, thick clients, and AI agent assessments. Lory accelerates root-cause and fix paths by grounding responses in a vetted vulnerability KB. Use case: A fintech exposes both REST and GraphQL APIs. Lorikeet chains IDOR and authorization bypasses across API versions, then Lory generates developer-ready remediation playbooks plus evidence for auditors.

• Continuous attack surface monitoring Technical: A discovery engine enumerates assets across networks, cloud accounts (AWS, Azure, GCP), containers/Kubernetes, and wireless, flagging drift (new services, leaked subdomains, misconfigured storage). This reduces mean-time-to-detection for exposure events between formal tests. Use case: A new staging S3 bucket becomes public via IaC drift. Monitoring flags it within hours, the portal opens a remediation task, and Lorikeet verifies the fix via free retesting.

• Compliance automation with audit pipeline Technical: Evidence from tests and monitoring is normalized and mapped to frameworks including SOC 2, PCI-DSS, ISO 27001, HIPAA, CMMC, HITRUST, GDPR, FedRAMP, NIS2, DORA, SOX, CCPA/CPRA, GLBA, CIS Controls, and Google CASA/MASA. Partnerships with Vanta and Drata streamline continuous control monitoring; Accorp Partners CPA anchors attestation for SOC 2 and ISO 27001. Use case: A SaaS aiming for SOC 2 and ISO 27001 consolidates pentest evidence, risk treatment plans, and policy artifacts in one place, then routes directly into an attestation track.

Integration Ecosystem

Lorikeet’s integrations skew programmatic over plug-in sprawl. To support 24/7 discovery and cloud testing, the platform leverages cloud provider interfaces (read-only roles and APIs) for AWS, Azure, and GCP. On the compliance side, official partnerships with Vanta and Drata enable data exchange for control status and evidence synchronization. The audit pipeline extends to Accorp Partners CPA for formal attestation, keeping artifacts and auditor requests within one workflow. While the portal is the primary interface, the emphasis is on interoperating with existing compliance automation and cloud accounts rather than maintaining a large catalog of third-party connectors.

Security & Compliance

Data handling emphasizes enterprise readiness: least-privilege cloud access for discovery, role-based access control for portal users, and audit-ready reporting across frameworks. Findings include step-by-step remediation for developers and auditors, reducing translation risk during audits. Managed services (SOC as a Service, access reviews, vCISO) complement evidence continuity. Lorikeet doesn’t position itself as an in-band traffic processor; sensitive payloads stay within customer systems unless explicitly shared as evidence.

Performance Considerations

Because testing is out-of-band and manual, there’s no runtime latency penalty on production systems—unlike inline protection tools. Monitoring scales via periodic and event-driven checks, with performance bounded by asset volume and API rate limits. Retesting is included, which materially reduces time-to-verified-fix. For high-velocity environments, throughput depends on engagement scope and analyst bandwidth, but the portal’s work-queue model helps parallelize triage across teams.

How It Compares Technically

While Flowtriq excels at automated, sub-second DDoS detection and mitigation to keep services online, Lorikeet is better suited for finding design and implementation flaws across applications, APIs, and cloud infrastructure. Flowtriq operates in-path or near-path with network telemetry and traffic scrubbing, optimized for L3/L4/L7 attack signatures and bursty traffic. Lorikeet is out-of-band and human-led, optimized for exploit chains, business logic abuse, misconfigurations, and compliance mapping. Pricing models typically differ too: Flowtriq aligns with protection tiers and bandwidth, whereas Lorikeet aligns to test scope, asset count, and managed service depth. Ease-of-use mirrors the missions—Flowtriq is a quick operational drop-in; Lorikeet deploys as a program hub with deeper, ongoing interaction.

Developer Experience

Our team values that findings arrive with reproducible steps and developer-specific remediation guidance, not just CVSS scores. The real-time portal reduces context switching during sprints, and free retesting closes the loop without extra POs. Lory provides just-in-time vulnerability insights grounded in a curated corpus—useful when triaging unfamiliar classes like deserialization or SSRF. SDKs aren’t the focus; instead, the platform integrates with compliance automation partners and cloud accounts, aligning to security and platform teams rather than app developers wiring custom code.

Technical Verdict

Lorikeet’s strengths are its manual-first depth, continuous discovery, compliance orchestration, and an AI assistant that accelerates remediation without flooding teams with scanner noise. Limitations: it’s not an inline shield or DDoS scrubber, and throughput is bounded by expert availability and scope. Ideal for product-led companies with complex API surfaces, multi-cloud footprints, and audit timelines—teams that want one operating picture from exploit to evidence. Pair it with Flowtriq if you also need real-time attack absorption; keep Lorikeet as the program backbone that finds, fixes, and proves it.