Evidence-bound summary — expand sections for movement, risks, and signals.
Memo snapshot · May 19, 2026, 7:58 PM
Casco - Autonomous Security Testing Casco performs autonomous security testing for web apps, APIs, infrastructure, and AI systems
Unknown
Verified facts
HTTP 404
HTTP 404
HTTP 404
HTTP 404
HTTP 404
Nexus score momentum
More runs will build history.
Latest momentum signal per category. Expand a card to inspect raw payloads.
Source types found
Newest first · 22 event(s)
Source: Careers
Join Casco and help build the future of security. We are looking for talented individuals passionate about keeping systems safe and secure.
Source: Blog / news
Even though clients intuitively ask for a pentest report, they are often not getting the right one. You are actually supposed to share the remediation report instead. This blog post explains why and what to share instead.
Source: Blog / news
Most security professionals pack for RSA like they're heading to Vegas in February. Wrong coast, wrong weather, wrong strategy. Here's everything you need to know.
Source: Blog / news
High-quality penetration test don't just stop with an initial report, they should include retesting, remediation reports, and actively discourage the practice of ingenuine "clean" reports.
Source: Blog / news
How we hacked Y Combinator spring batch's AI agents and what you can learn from it for your AI agent's security.
Source: Blog / news
Get 20% off your annual pentest and 5% off your insurance with Vouch Insurance and Casco.
Source: Blog / news
Why a "clean" pentest report is a red flag and how to spot the good penetration tests from the bad ones.
Source: Blog / news
The Importance of Rate Limiting.
Source: Blog / news
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly via a pull request.
Source: Blog / news
The release of the OWASP Top 10 2025 marks a pivotal moment for application security. While some classic vulnerabilities remain, the list reflects a world where software is increasingly complex and interconnected. For security teams, this means the goalposts have moved from finding simple bugs to securing entire ecosystems.
Source: Blog / news
Casco is proud to announce that we have become a Gold Sponsor of the OWASP AI Exchange to advance AI security practices globally.
Source: Blog / news
Effective April 12, 2026, Casco no longer issues "clean pentest reports". Here's what that means and how to verify report authenticity.
Source: Blog / news
Why unverified MCPs can be a major vulnerability
Source: Blog / news
How we hire at Casco. Our mission is to make all software effortlessly secure. We hire with a simple 3-step process.
Source: Blog / news
How we hacked Ford.com for $130,000. This is a story about a forgotten subdomain and a $130,000 domain purchase that could have led to a massive breach.
Source: Blog / news
A SQL injection vulnerability in ElectricSQL's ORDER BY parameter gave attackers full database access. The ElectricSQL team fixed and deployed it in 2 hours.
Source: Blog / news
Why many penetration test are not getting approved by clients and how to spot the good penetration tests from the bad ones.
Source: Blog / news
Announcing CrewAI as a customer of Casco.
Source: Blog / news
Casco is proud to announce that we have achieved CREST accreditation, meeting rigorous international standards for penetration testing excellence.
Source: Blog / news
How to build self-securing software with autonomous security testing.
Source: Blog / news
Expert insights on security testing, autonomous security testing, and agentic AI security. Learn from our security engineers about the latest in cybersecurity.
Source: Homepage
Casco performs autonomous security testing for web apps, APIs, infrastructure, and AI systems. Get year-round protection with expert human supervision.
1 row(s)
Source name: Homepage
Casco performs autonomous security testing for web apps, APIs, infrastructure, and AI systems. Get year-round protection with expert human supervision.
https://casco.com/1 row(s)
Source name: Careers
Join Casco and help build the future of security. We are looking for talented individuals passionate about keeping systems safe and secure.
https://casco.com/careers20 row(s)
Source name: Blog / news
Even though clients intuitively ask for a pentest report, they are often not getting the right one. You are actually supposed to share the remediation report instead. This blog post explains why and what to share instead.
https://casco.com/blog/what-to-share-when-clients-ask-for-pentest-reportSource name: Blog / news
Most security professionals pack for RSA like they're heading to Vegas in February. Wrong coast, wrong weather, wrong strategy. Here's everything you need to know.
https://casco.com/blog/what-to-pack-for-rsac-2026Source name: Blog / news
High-quality penetration test don't just stop with an initial report, they should include retesting, remediation reports, and actively discourage the practice of ingenuine "clean" reports.
https://casco.com/blog/what-is-a-high-quality-penetration-testSource name: Blog / news
How we hacked Y Combinator spring batch's AI agents and what you can learn from it for your AI agent's security.
https://casco.com/blog/we-hacked-ycombinator-agentsSource name: Blog / news
Get 20% off your annual pentest and 5% off your insurance with Vouch Insurance and Casco.
https://casco.com/blog/vouch-insurance-and-casco-partnershipSource name: Blog / news
Why a "clean" pentest report is a red flag and how to spot the good penetration tests from the bad ones.
https://casco.com/blog/the-myth-of-the-clean-pentest-reportSource name: Blog / news
The Importance of Rate Limiting.
https://casco.com/blog/the-importance-of-rate-limitingSource name: Blog / news
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly via a pull request.
https://casco.com/blog/the-blueprint-of-a-north-korean-attack-on-open-sourceSource name: Blog / news
The release of the OWASP Top 10 2025 marks a pivotal moment for application security. While some classic vulnerabilities remain, the list reflects a world where software is increasingly complex and interconnected. For security teams, this means the goalposts have moved from finding simple bugs to securing entire ecosystems.
https://casco.com/blog/owasp-top-10-2025-navigating-the-new-security-landscapeSource name: Blog / news
Casco is proud to announce that we have become a Gold Sponsor of the OWASP AI Exchange to advance AI security practices globally.
https://casco.com/blog/owasp-ai-exchange-sponsorshipSource name: Blog / news
Effective April 12, 2026, Casco no longer issues "clean pentest reports". Here's what that means and how to verify report authenticity.
https://casco.com/blog/no-more-clean-pentest-reportsSource name: Blog / news
Why unverified MCPs can be a major vulnerability
https://casco.com/blog/mcp-tool-poisoningSource name: Blog / news
How we hire at Casco. Our mission is to make all software effortlessly secure. We hire with a simple 3-step process.
https://casco.com/blog/how-we-hireSource name: Blog / news
How we hacked Ford.com for $130,000. This is a story about a forgotten subdomain and a $130,000 domain purchase that could have led to a massive breach.
https://casco.com/blog/how-to-hack-ford-for-130k-dollarsSource name: Blog / news
A SQL injection vulnerability in ElectricSQL's ORDER BY parameter gave attackers full database access. The ElectricSQL team fixed and deployed it in 2 hours.
https://casco.com/blog/electricsql-order-by-sql-injectionSource name: Blog / news
Why many penetration test are not getting approved by clients and how to spot the good penetration tests from the bad ones.
https://casco.com/blog/dont-get-scammed-by-your-pentester-the-5-levels-of-pentestingSource name: Blog / news
Announcing CrewAI as a customer of Casco.
https://casco.com/blog/customer-crewaiSource name: Blog / news
Casco is proud to announce that we have achieved CREST accreditation, meeting rigorous international standards for penetration testing excellence.
https://casco.com/blog/crest-penetration-testing-approvalSource name: Blog / news
How to build self-securing software with autonomous security testing.
https://casco.com/blog/building-self-securing-softwareSource name: Blog / news
Expert insights on security testing, autonomous security testing, and agentic AI security. Learn from our security engineers about the latest in cybersecurity.
https://casco.com/blogSign in as an active team member to view private notes, watchlist controls, transcript evidence, and interaction history.