Loading startup

DealFlow OS
Market indexPublic companiesMorning briefingTerminal
Request accessSign in

DealFlow

Terminal access

IndexTop moversSignals

Public markets

Public companiesMorning briefing
Browse index
C

Casco

Pre-SeedFunding signal
casco.comB2BUnknown
Market index

Market data is refreshed once per day from public sources. Information may be incomplete or outdated — verify independently before making decisions. This is not investment advice.

Investor read

Evidence-bound summary — expand sections for movement, risks, and signals.

Memo snapshot · Jul 2, 2026, 5:26 PM

Strong interestEvidence-bound analyst verdict
  • •Funding: Raised $500K across 1 funding round. Latest: $500K Pre-seed (Apr 2025). Investors: Y Combinator.
  • •Named backers in indexed sources: Y Combinator.
  • •Hiring: 7 hiring‑related row(s); role‑spam risk if mostly generic boards
  • •Product/news: 20 product/news‑styled row(s); headline risk without filings

DealFlow OS uses public web data and automated enrichment. Research may be incomplete, outdated, or incorrect. Verify important information before making investment or outreach decisions.

TL;DR

Seed (YC)

Casco - Autonomous Security Testing Official autonomous security testing platform.

Funding

Raised $500K across 1 funding round. Latest: $500K Pre-seed (Apr 2025). Investors: Y Combinator. (High).

Financial signals

HeadcountEstimated(low)

11-50

Headcount band (inferred from open roles)

Inferred from 5 open roles on careers page; not verified FTE count.

jobs_board

Quick read

  • •Casco - Autonomous Security Testing Official autonomous security testing platform.
  • •Reported angle: Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Key signals

Funding

Raised $500K across 1 funding round. Latest: $500K Pre-seed (Apr 2025). Investors: Y Combinator. (High).

Hiring

7 hiring‑related row(s); role‑spam risk if mostly generic boards (High).

Product / news

20 product/news‑styled row(s); headline risk without filings (High).

Traffic / social

2 social/traffic‑styled row(s) (Low).

Evidence summary

Verified facts

  • •Casco - Autonomous Security Testing Official autonomous security testing platform.
  • •Reported angle: Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Inferred (corpus-only)

  • •Inferred: Headcount: 11-50 (Headcount band (inferred from open roles); jobs_board)

Recent movers

  • •Jul 2, 2026 · Blog — Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco
  • •May 11, 2026 · Blog / news — What to Share When Clients Ask for a Pentest Report?
  • •May 11, 2026 · Blog / news — What to Pack for RSAC 2026

+5 more in Recent movement below

  • •Jul 2, 2026 · Blog — Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco
  • •May 11, 2026 · Blog / news — What to Share When Clients Ask for a Pentest Report?
  • •May 11, 2026 · Blog / news — What to Pack for RSAC 2026
  • •May 11, 2026 · Blog / news — Artifacts You Should Expect From a High-Quality Pentest
  • •May 11, 2026 · Blog / news — Better together: Vouch Insurance and Casco
  • •May 11, 2026 · Blog / news — Why "Clean" Pentest Reports are a Red Flag
  • •May 11, 2026 · Blog / news — Why You Need Account-Based Rate Limits
  • •May 11, 2026 · Blog / news — The Blueprint of a North Korean Attack on Open-Source
  • •Y Combinator

Suggested next steps

  • ▸Schedule a partner intro within 2 weeks and request a data pack.
  • ▸Verify the funding history and syndicate directly with the founders.

Funding & hiring signals

funding_articleConfidence: low

Casco: Autonomous security testing | Y Combinator

Casco (YC Spring 2025) provides agentic red teaming for web, API, cloud, and AI systems.

Affected score: noObserved: May 20, 2026

Weak funding evidence: mention does not include a parsed raise amount/round and may refer to non-funding context.

Open roles (indexed)

No open roles indexed yet.

Public index
55Activity 80/100Elevated public activity signal
7D+3 (+5.8%)
30D+19 (+52.8%)
High Confidence

The index price and activity score are algorithmic estimates based on observed public company-level signals. They may be incomplete, stale, or inaccurate and are not investment, legal, tax, or business advice.

Source health

  • githubok
    Last checked Mon, Jun 29, 02:37 AM
  • socialok
    Last checked Mon, Jun 29, 02:37 AM

    Casco:reddit_credentials_not_configured

  • hiringok
    Last checked Mon, Jun 29, 02:37 AM
  • public_page:blogok
    Last checked Mon, Jun 29, 02:37 AM
  • public_page:homeok
    Last checked Mon, Jun 29, 02:37 AM
  • public_page:careersok
    Last checked Mon, Jun 29, 02:37 AM
  • public_market_enrichmentok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_careersok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_what-to-share-when-clients-ask-for-pentest-reportok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_what-to-pack-for-rsac-2026ok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_what-is-a-high-quality-penetration-testok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_we-hacked-ycombinator-agentsok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_vouch-insurance-and-casco-partnershipok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_the-myth-of-the-clean-pentest-reportok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_the-importance-of-rate-limitingok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_the-blueprint-of-a-north-korean-attack-on-open-sourceok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_owasp-top-10-2025-navigating-the-new-security-landscapeok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_owasp-ai-exchange-sponsorshipok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_no-more-clean-pentest-reportsok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_mcp-tool-poisoningok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_how-we-hireok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_how-to-hack-ford-for-130k-dollarsok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_electricsql-order-by-sql-injectionok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_dont-get-scammed-by-your-pentester-the-5-levels-of-pentestingok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_customer-crewaiok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_crest-penetration-testing-approvalok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blog_building-self-securing-softwareok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_blogok
    Last checked Mon, May 11, 09:04 AM
  • public_page:_ok
    Last checked Mon, May 11, 09:04 AM

Signal timeline

40 dated public signals · newest on the right

Funding
Hiring
Code
Press
Social
Company
Other
Mar 14, 2025Nov 16, 2025Jul 20, 2026
Funding (1)Hiring (6)Code (5)Press (20)Social (2)Company (3)Other (3)

Signal breakdown

Latest momentum signal per category. Expand a card to inspect raw payloads.

Public source summary

Total evidence rows
40
Latest evidence
Thu, Jul 2, 03:26 PM

Source types found

blogcareers_pagecompany_sitefunding_articlegithubhiringofficial_siteotherpresssocial

Strongest / recent news-style rows

  • Casco: Autonomous security testing | Y Combinator

    Wed, May 20, 05:42 PM · confidence 88%high quality

  • We hacked Y Combinator's AI agents

    Wed, May 20, 05:42 PM · confidence 85%high quality

  • Casco Bay

    wikipedia · Mon, Jun 29, 02:37 AM · confidence 50%medium quality

Public signal timeline

Newest first · 40 event(s)

1
Thu, Jul 2, 03:26 PM · blog · 90% · publichigh qualitySecurity Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Source: Blog

Expert insights on security testing, autonomous security testing, and agentic AI security. Learn from our security engineers about the latest in cybersecurity.

Source ↗
2
Thu, Jul 2, 03:26 PM · careers_page · 90% · publichigh qualityCareers at Casco - Join Our Mission

Source: Careers page

Join Casco and help build the future of security. We are looking for talented individuals passionate about keeping systems safe and secure.

Source ↗
3
Mon, Jun 29, 02:37 AM · social · 56% · publichigh qualityThe Blueprint of a North Korean Attack on Open-Source

Source: hackernews

Source ↗
4
Mon, Jun 29, 02:37 AM · social · 56% · publichigh qualityElectricSQL database takeover vulnerability found by AI

Source: hackernews

Source ↗
5
Mon, Jun 29, 02:37 AM · hiring · 68% · publichigh qualityCustomer Success EngineerCustomer Success•San Francisco, CA•Full-time

Source: jobs_board

Source ↗
6
Mon, Jun 29, 02:37 AM · hiring · 68% · publichigh qualityTechnical Account ExecutiveSales•San Francisco, CA•Full-time

Source: jobs_board

Source ↗
7
Mon, Jun 29, 02:37 AM · hiring · 68% · publichigh qualityGrowth EngineerGrowth•San Francisco, CA•Full-time

Source: jobs_board

Source ↗
8
Mon, Jun 29, 02:37 AM · hiring · 68% · publichigh qualityOffensive Security EngineerEngineering•Remote (US)•Full-time

Source: jobs_board

Source ↗
9
Mon, Jun 29, 02:37 AM · hiring · 68% · publichigh qualitySoftware EngineerEngineering•Remote (US), SF or Seattle preferred•Full-time

Source: jobs_board

Source ↗
10
Mon, Jun 29, 02:37 AM · official_site · 75% · publichigh qualityCareers at Casco - Join Our Mission

Source: official_site

Careers - Join Our Mission | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Join Our Mission Our mission is to make all software effortlessly secure. We're looking for t…

Source ↗
11
Mon, Jun 29, 02:37 AM · official_site · 75% · publichigh qualityCasco - Autonomous Security Testing

Source: official_site

Autonomous Security Testing for Modern Applications | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Always-on Security Testing Casco performs autonomous security testing for…

Source ↗
12
Mon, Jun 29, 02:37 AM · official_site · 75% · publichigh qualitySecurity Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Source: official_site

Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Blog Vulnerability Disclosure: Database Takeover in E…

Source ↗
13
Wed, May 20, 05:42 PM · funding_article · 88% · verified_publichigh qualityCasco: Autonomous security testing | Y Combinator

Casco (YC Spring 2025) provides agentic red teaming for web, API, cloud, and AI systems.

Source ↗
14
Wed, May 20, 05:42 PM · press · 85% · verified_publichigh qualityWe hacked Y Combinator's AI agents

Technical blog demonstrating AI agent security research.

Source ↗
15
Wed, May 20, 05:42 PM · company_site · 85% · verified_publichigh qualityCasco - Autonomous Security Testing

Official autonomous security testing platform.

Source ↗
16
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityWhat to Share When Clients Ask for a Pentest Report?

Source: Blog / news

Even though clients intuitively ask for a pentest report, they are often not getting the right one. You are actually supposed to share the remediation report instead. This blog post explains why and what to share instead.

Source ↗
17
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityWhat to Pack for RSAC 2026

Source: Blog / news

Most security professionals pack for RSA like they're heading to Vegas in February. Wrong coast, wrong weather, wrong strategy. Here's everything you need to know.

Source ↗
18
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityArtifacts You Should Expect From a High-Quality Pentest

Source: Blog / news

High-quality penetration test don't just stop with an initial report, they should include retesting, remediation reports, and actively discourage the practice of ingenuine "clean" reports.

Source ↗
19
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityBetter together: Vouch Insurance and Casco

Source: Blog / news

Get 20% off your annual pentest and 5% off your insurance with Vouch Insurance and Casco.

Source ↗
20
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityWhy "Clean" Pentest Reports are a Red Flag

Source: Blog / news

Why a "clean" pentest report is a red flag and how to spot the good penetration tests from the bad ones.

Source ↗
21
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityWhy You Need Account-Based Rate Limits

Source: Blog / news

The Importance of Rate Limiting.

Source ↗
22
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityThe Blueprint of a North Korean Attack on Open-Source

Source: Blog / news

Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly via…

Source ↗
23
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityOWASP Top 10 2025: Navigating the New Security Landscape

Source: Blog / news

The release of the OWASP Top 10 2025 marks a pivotal moment for application security. While some classic vulnerabilities remain, the list reflects a world where software is increasingly complex and interconnected. For security teams, this means the goalposts…

Source ↗
24
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityCasco Becomes Gold Sponsor of OWASP AI Exchange to Advance AI Security

Source: Blog / news

Casco is proud to announce that we have become a Gold Sponsor of the OWASP AI Exchange to advance AI security practices globally.

Source ↗
25
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityOur Policy on "Clean" Pentest Reports

Source: Blog / news

Effective April 12, 2026, Casco no longer issues "clean pentest reports". Here's what that means and how to verify report authenticity.

Source ↗
26
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityUnderstanding MCP Security: Tool Poisoning

Source: Blog / news

Why unverified MCPs can be a major vulnerability

Source ↗
27
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityHow We Hire

Source: Blog / news

How we hire at Casco. Our mission is to make all software effortlessly secure. We hire with a simple 3-step process.

Source ↗
28
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityHow to Hack Ford.com for $130,000

Source: Blog / news

How we hacked Ford.com for $130,000. This is a story about a forgotten subdomain and a $130,000 domain purchase that could have led to a massive breach.

Source ↗
29
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityVulnerability Disclosure: Database Takeover in ElectricSQL

Source: Blog / news

A SQL injection vulnerability in ElectricSQL's ORDER BY parameter gave attackers full database access. The ElectricSQL team fixed and deployed it in 2 hours.

Source ↗
30
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityThe 5 Levels of Penetration Testing

Source: Blog / news

Why many penetration test are not getting approved by clients and how to spot the good penetration tests from the bad ones.

Source ↗
31
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityCrewAI + Casco

Source: Blog / news

Announcing CrewAI as a customer of Casco.

Source ↗
32
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityCasco Achieves CREST Accreditation for Penetration Testing

Source: Blog / news

Casco is proud to announce that we have achieved CREST accreditation, meeting rigorous international standards for penetration testing excellence.

Source ↗
33
Mon, May 11, 09:04 AM · blog · 90% · publichigh qualityBuilding Self-Securing Software

Source: Blog / news

How to build self-securing software with autonomous security testing.

Source ↗
34
Mon, Jun 29, 02:37 AM · github · 55% · publicmedium qualityvue-casco

Source: npm_registry

A hacky solution to a problem that shouldn't exist: adding classes to the body tag

Source ↗
35
Mon, Jun 29, 02:37 AM · github · 55% · publicmedium qualitycasco

Source: npm_registry

Source ↗
36
Mon, Jun 29, 02:37 AM · github · 55% · publicmedium qualitycasco-umr

Source: npm_registry

Casco Universal Middleware Router

Source ↗
37
Mon, Jun 29, 02:37 AM · github · 55% · publicmedium quality@dsr-rollback-gazes-dozen-atoke-casco/dsr-package-public-gazes-dozen-atoke-casco

Source: npm_registry

empty

Source ↗
38
Mon, Jun 29, 02:37 AM · github · 55% · publicmedium qualitygenerator-casco

Source: npm_registry

Source ↗
39
Mon, Jun 29, 02:37 AM · other · 50% · publicmedium qualityCasco Bay

Source: wikipedia

Source ↗
40
Mon, Jun 29, 02:37 AM · other · 50% · publicmedium qualityCasco

Source: wikipedia

Source ↗

Official / company site

4 row(s)

The company's own site — the authoritative description of what they sell and to whom. Marketing-controlled, so treat claims as positioning rather than verified traction.

official_site·Mon, Jun 29, 02:37 AM·Confidence 75%high qualitypublic
Careers at Casco - Join Our Mission

Careers - Join Our Mission | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Join Our Mission Our mission is to make all software effortlessly secure. We're looking for t…

Why it matters: Primary source — the company's own positioning; best read for what they sell and to whom, not for traction claims.

Open source ↗
official_site·Mon, Jun 29, 02:37 AM·Confidence 75%high qualitypublic
Casco - Autonomous Security Testing

Autonomous Security Testing for Modern Applications | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Always-on Security Testing Casco performs autonomous security testing for…

Why it matters: Primary source — the company's own positioning; best read for what they sell and to whom, not for traction claims.

Open source ↗
official_site·Mon, Jun 29, 02:37 AM·Confidence 75%high qualitypublic
Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco Penetration Testing Events Blog Partners Careers Support Book a demo Penetration Testing Events Blog Partners Careers Support Blog Vulnerability Disclosure: Database Takeover in E…

Why it matters: Primary source — the company's own positioning; best read for what they sell and to whom, not for traction claims.

Open source ↗
company_site·Wed, May 20, 05:42 PM·Confidence 85%high qualityverified_public
Casco - Autonomous Security Testing

Official autonomous security testing platform.

Why it matters: Primary source — the company's own positioning; best read for what they sell and to whom, not for traction claims.

Open source ↗

News

3 row(s)

Third-party press coverage. Independent reporting corroborates company claims; repeated coverage across outlets is a momentum signal.

press·Wed, May 20, 05:42 PM·Confidence 85%high qualityverified_public
We hacked Y Combinator's AI agents

Technical blog demonstrating AI agent security research.

Why it matters: Independent coverage — third-party corroboration of company claims; recurring coverage indicates rising visibility.

Open source ↗
other·Mon, Jun 29, 02:37 AM·Confidence 50%medium qualitypublic
Casco Bay

Why it matters: Independent coverage — third-party corroboration of company claims; recurring coverage indicates rising visibility.

Open source ↗
other·Mon, Jun 29, 02:37 AM·Confidence 50%medium qualitypublic
Casco

Why it matters: Independent coverage — third-party corroboration of company claims; recurring coverage indicates rising visibility.

Open source ↗

Funding / news

1 row(s)

Funding announcements and investor-database records. The strongest public signal of capitalization: round, amount, and syndicate quality when disclosed.

funding_article·Wed, May 20, 05:42 PM·Confidence 88%high qualityverified_public
Casco: Autonomous security testing | Y Combinator

Casco (YC Spring 2025) provides agentic red teaming for web, API, cloud, and AI systems.

Why it matters: Funding signal — Pre-Seed per this source; verify against the linked original before relying on it.

Open source ↗

Hiring

6 row(s)

Open roles and careers pages. Active hiring implies runway to spend and shows where the company is investing (engineering vs GTM vs ops).

careers_page·Thu, Jul 2, 03:26 PM·Confidence 90%high qualitypublic
Careers at Casco - Join Our Mission

Join Casco and help build the future of security. We are looking for talented individuals passionate about keeping systems safe and secure.

Why it matters: Hiring signal — open roles imply runway to spend and show where the company is investing.

Open source ↗
hiring·Mon, Jun 29, 02:37 AM·Confidence 68%high qualitypublic
Customer Success EngineerCustomer Success•San Francisco, CA•Full-time

Why it matters: Hiring signal — 5 open role(s) indexed; hiring implies runway and shows growth priorities.

Open source ↗
hiring·Mon, Jun 29, 02:37 AM·Confidence 68%high qualitypublic
Technical Account ExecutiveSales•San Francisco, CA•Full-time

Why it matters: Hiring signal — 5 open role(s) indexed; hiring implies runway and shows growth priorities.

Open source ↗
hiring·Mon, Jun 29, 02:37 AM·Confidence 68%high qualitypublic
Growth EngineerGrowth•San Francisco, CA•Full-time

Why it matters: Hiring signal — 5 open role(s) indexed; hiring implies runway and shows growth priorities.

Open source ↗
hiring·Mon, Jun 29, 02:37 AM·Confidence 68%high qualitypublic
Offensive Security EngineerEngineering•Remote (US)•Full-time

Why it matters: Hiring signal — 5 open role(s) indexed; hiring implies runway and shows growth priorities.

Open source ↗
hiring·Mon, Jun 29, 02:37 AM·Confidence 68%high qualitypublic
Software EngineerEngineering•Remote (US), SF or Seattle preferred•Full-time

Why it matters: Hiring signal — 5 open role(s) indexed; hiring implies runway and shows growth priorities.

Open source ↗

GitHub

5 row(s)

Public engineering activity. Sustained commits, releases, and stars indicate real product development and, for dev tools, developer adoption.

github·Mon, Jun 29, 02:37 AM·Confidence 55%medium qualitypublic
vue-casco

A hacky solution to a problem that shouldn't exist: adding classes to the body tag

Why it matters: Engineering signal — public repo activity evidences active development and possible developer adoption.

Open source ↗
github·Mon, Jun 29, 02:37 AM·Confidence 55%medium qualitypublic
casco

Why it matters: Engineering signal — public repo activity evidences active development and possible developer adoption.

Open source ↗
github·Mon, Jun 29, 02:37 AM·Confidence 55%medium qualitypublic
casco-umr

Casco Universal Middleware Router

Why it matters: Engineering signal — public repo activity evidences active development and possible developer adoption.

Open source ↗
github·Mon, Jun 29, 02:37 AM·Confidence 55%medium qualitypublic
@dsr-rollback-gazes-dozen-atoke-casco/dsr-package-public-gazes-dozen-atoke-casco

empty

Why it matters: Engineering signal — public repo activity evidences active development and possible developer adoption.

Open source ↗
github·Mon, Jun 29, 02:37 AM·Confidence 55%medium qualitypublic
generator-casco

Why it matters: Engineering signal — public repo activity evidences active development and possible developer adoption.

Open source ↗

Social

2 row(s)

Social presence and mentions. A soft signal — useful for gauging attention and launch reception, not a substitute for verified traction.

social·Mon, Jun 29, 02:37 AM·Confidence 56%high qualitypublic
The Blueprint of a North Korean Attack on Open-Source

Why it matters: Attention signal — social mention or presence; soft signal of market interest.

Open source ↗
social·Mon, Jun 29, 02:37 AM·Confidence 56%high qualitypublic
ElectricSQL database takeover vulnerability found by AI

Why it matters: Attention signal — social mention or presence; soft signal of market interest.

Open source ↗

Blog

19 row(s)

Company blog and newsletters. Shipping cadence and technical depth of posts hint at product velocity and team quality.

blog·Thu, Jul 2, 03:26 PM·Confidence 90%high qualitypublic
Security Blog - Insights on Autonomous Security Testing with Agentic AI | Casco

Expert insights on security testing, autonomous security testing, and agentic AI security. Learn from our security engineers about the latest in cybersecurity.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
What to Share When Clients Ask for a Pentest Report?

Even though clients intuitively ask for a pentest report, they are often not getting the right one. You are actually supposed to share the remediation report instead. This blog post explains why and what to share instead.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
What to Pack for RSAC 2026

Most security professionals pack for RSA like they're heading to Vegas in February. Wrong coast, wrong weather, wrong strategy. Here's everything you need to know.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Artifacts You Should Expect From a High-Quality Pentest

High-quality penetration test don't just stop with an initial report, they should include retesting, remediation reports, and actively discourage the practice of ingenuine "clean" reports.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Better together: Vouch Insurance and Casco

Get 20% off your annual pentest and 5% off your insurance with Vouch Insurance and Casco.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Why "Clean" Pentest Reports are a Red Flag

Why a "clean" pentest report is a red flag and how to spot the good penetration tests from the bad ones.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Why You Need Account-Based Rate Limits

The Importance of Rate Limiting.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
The Blueprint of a North Korean Attack on Open-Source

Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly via…

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
OWASP Top 10 2025: Navigating the New Security Landscape

The release of the OWASP Top 10 2025 marks a pivotal moment for application security. While some classic vulnerabilities remain, the list reflects a world where software is increasingly complex and interconnected. For security teams, this means the goalposts…

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Casco Becomes Gold Sponsor of OWASP AI Exchange to Advance AI Security

Casco is proud to announce that we have become a Gold Sponsor of the OWASP AI Exchange to advance AI security practices globally.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Our Policy on "Clean" Pentest Reports

Effective April 12, 2026, Casco no longer issues "clean pentest reports". Here's what that means and how to verify report authenticity.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Understanding MCP Security: Tool Poisoning

Why unverified MCPs can be a major vulnerability

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
How We Hire

How we hire at Casco. Our mission is to make all software effortlessly secure. We hire with a simple 3-step process.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
How to Hack Ford.com for $130,000

How we hacked Ford.com for $130,000. This is a story about a forgotten subdomain and a $130,000 domain purchase that could have led to a massive breach.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Vulnerability Disclosure: Database Takeover in ElectricSQL

A SQL injection vulnerability in ElectricSQL's ORDER BY parameter gave attackers full database access. The ElectricSQL team fixed and deployed it in 2 hours.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
The 5 Levels of Penetration Testing

Why many penetration test are not getting approved by clients and how to spot the good penetration tests from the bad ones.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
CrewAI + Casco

Announcing CrewAI as a customer of Casco.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Casco Achieves CREST Accreditation for Penetration Testing

Casco is proud to announce that we have achieved CREST accreditation, meeting rigorous international standards for penetration testing excellence.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗
blog·Mon, May 11, 09:04 AM·Confidence 90%high qualitypublic
Building Self-Securing Software

How to build self-securing software with autonomous security testing.

Why it matters: Company publishing — post cadence and depth hint at product velocity.

Open source ↗

Private workspace

Sign in as an active team member to view private notes, watchlist controls, transcript evidence, and interaction history.

Sign in
DealFlow OS · Public market terminal
Privacy PolicyTerms & Conditions