pricing Free until we earn it.

$0 until we find your
first real bug.

Free until we catch a medium-or-above vulnerability in your code or live site. No card to start. No seat counts. No trial timer.

Day 1 no card
$0until 1st bug

Until we catch your first real (medium+) vulnerability.

  • Unlimited scans · every channel
  • Full findings + AI Quick-Fix
  • OWASP Top 10 + chained attacks
  • No card. No clock.
Install — $0 to start
Solo unlimited projects
$14.99/ month

For founders shipping live apps.

  • Everything in Day 1, unmetered
  • 1 probe / month
  • Probe → IDE feedback loop
  • Email support
Startup ● most chosen
$49.99/ month

For founders with real users.

  • Everything in Solo
  • 2 probes / month
  • Weekly auto-scan · CVEs · drift · secrets
  • Authenticated probe (opt-in)
  • Email support
Business always on
$149.99/ month

For indie hackers shipping multiple apps.

  • Everything in Startup
  • Unlimited probes
  • Daily auto-scan · auth + unauth
  • Authenticated probe default-on
  • Priority queue · <24 hr support
Plans side by side
Feature Day 1 ($0) Solo Startup Business
Unlimited scans
Full findings + auto-fix
MCP + VS Code + git hook + CLI
Projectsunlimitedunlimitedunlimitedunlimited
Manual probes / mo12unlimited
Probe → IDE feedback loop
CVSS + CWE per finding
Auto-scan (CVE / supply / secrets)weeklydaily
Authenticated probeopt-indefault-on
Priority probe queue
Supportcommunityemailemailpriority < 24 hr

What's a probe?

A live security scan against your deployed site. We discover routes, fuzz inputs, check for common runtime vulns (XSS, IDOR, SSRF, broken auth), then route the findings back to your IDE so your AI fixes them in-source.

Why are scans unlimited?

Scans are cheap for us to run. We'd rather you scan everything than worry about quota. The real cost (and value) is in probing your deployed app — that's where pricing lives.

Can I switch plans anytime?

Yes. Upgrade applies immediately; downgrade takes effect at the end of your billing cycle. No prorating headaches.

Scan vs probe?

Scan = look at code (your editor, your git, your AI's output). Probe = look at your deployed app from outside. Scans catch "I shouldn't have written that"; probes catch "I didn't realize the deployed config was wrong."

Can I cancel?

Anytime, in your dashboard. You keep access until the period ends; after that the scanner keeps working (still free), but probes stop until you re-subscribe.

Do you read my code?

We scan it on a stateless backend. We don't persist file contents — only the audit log of decisions + findings ties back to your account. We never train models on your code.

Need custom terms — invoicing, SSO, on-prem, SLA? hello@literalsec.com →