CHAPTERWhen the on-call pager screams at 02:13 and the pentest PDF is a dead weight

Picture this: a security lead is woken at 2 a.m. with a notification that a critical endpoint has an exploitable deserialization bug. They open a portal and see the live investigation, remediation steps, a re-test ticket, and an AI assistant summarizing risk to the board — not a stale PDF. This is the operating scenario Lorikeet Security targets: a platform that converges human-led offensive testing, continuous attack-surface monitoring, and compliance orchestration into a single, real-time experience. The product combines 100% manual penetration testing (no scanner noise), a 24/7 surface-monitoring pipeline, and Lory, an AI assistant trained on nearly 2,000 vulnerability entries — all surfaced through a portal that emphasizes live telemetry, remediation workflows, and audit-ready outputs.

CHAPTERArchitecture & Design Principles

Lorikeet is designed as a cloud-native platform-layer that stitches human expertise to automated telemetry. The architecture prioritizes separation of concerns: a findings datastore, ingestion pipelines for asset discovery, a real-time UI layer, and integrations to compliance and ticketing systems. Key design choices likely include containerized services (Kubernetes) to scale concurrent engagements, an event-driven pipeline (Kafka or similar) for continuous monitoring alerts, and secure credential handling for authenticated tests (short-lived, scoped read-only roles for cloud providers). The Lory assistant is implemented as a fine-tuned model + rules engine trained on curated vulnerability entries to minimize hallucinations and accelerate triage. The philosophy is pragmatic: keep humans in the loop for validation, automate telemetry and reporting, and provide an API-first control plane for integrations.

CHAPTERFeature Breakdown

Core Capabilities

• Penetration testing (manual, cross-surface): All engagements are performed 100% manually by experienced researchers rather than automated scanners. Use case: a GraphQL API with complex auth logic — manual testers can chain business logic flaws and produce reproducible PoCs and remediation that automated tools miss.
• Continuous attack surface monitoring: A persistent discovery and monitoring pipeline runs 24/7 to detect new assets, exposed credentials, and drift. Use case: detect a forgotten AWS S3 bucket or newly exposed admin panel within minutes of deployment and forward findings to the remediation queue.
• Compliance automation & reporting: Built-in templates and audit-ready exports for SOC 2, PCI-DSS, ISO 27001, GDPR, and others, plus integrations with Vanta and Drata. Use case: tie pentest findings to control failures and produce evidence bundles for auditors, reducing SOC 2 cycle time.

Integration Ecosystem

Lorikeet exposes an API-first ecosystem and supports webhooks for event-driven workflows, enabling integrations with ticketing (Jira), CI/CD pipelines, and SIEM/SOAR tools. It’s explicitly partnered with Vanta (MSP) and Drata for compliance automation and with Accorp Partners for attestation — enabling a turnkey path from finding to certified audit. Typical cloud integrations use scoped read-only roles (AWS IAM, GCP service accounts, Azure RBAC) and can ingest OpenAPI/Swagger for API assessments.

Security & Compliance

Data handling follows an audit-ready model: encrypted-at-rest findings stores, role-based access controls, SSO/SAML, and granular export of evidence. The platform supports a wide compliance matrix (SOC 2, PCI, ISO 27001, HIPAA, NIS2, DORA, etc.) and routes attestation through Accorp Partners. The data shows the focus is enterprise readiness — emphasis on traceable remediation steps, retesting, and auditor-friendly outputs.

CHAPTERPerformance Considerations

Real-time portal responsiveness requires WebSocket or server-sent events for live engagement updates; batching and prioritized alerting limit noise. Continuous monitoring has typical trade-offs: aggressive scanning finds issues fast but increases API/asset noise and rate limits; Lorikeet’s design appears to use adaptive polling and passive discovery to balance fidelity and resource usage. Manual testing reduces false positives but extends time-to-delivery per finding; free retesting mitigates operational churn for remediation cycles.

CHAPTERHow It Compares Technically

While Flowtriq excels at ultra-low-latency DDoS detection and automated mitigation — a specialist play focused on network availability — Lorikeet Security is better suited for organizations that need a comprehensive offensive program plus compliance. Differentiators: Flowtriq’s strength is real-time, automated network protection and predictable pricing for mitigation capacity; Lorikeet’s strength is breadth (web, API, cloud, AD, K8s, IoT, blockchain) and human-validated findings with audit-ready compliance tie-in. If your primary risk is volumetric or protocol-layer attacks with SLAs measured in seconds, Flowtriq is advantageous. If you need manual exploit validation, continuous asset discovery, and SOC/PCI/ISO attestation workflows, Lorikeet’s platform plays to that need. Pricing and target audience differ: DDoS mitigation SaaS tends to be capacity/throughput priced, whereas offensive security + compliance typically uses scoped engagements, retainer models, and managed services.

CHAPTERDeveloper Experience

Lorikeet is positioned as API-first with webhooks, SSO, and RBAC; developers can expect endpoints for creating engagements, ingesting OpenAPI specs, and receiving remediation statuses. Documentation quality is claimed to be operational (step-by-step remediations for developers and auditors) and is augmented by Lory for quick summaries. Community touchpoints include Parrot CTFs and training modules, which help build practitioner knowledge and reduce friction in handoffs between security and engineering.

CHAPTERTechnical Verdict

Strengths: coverage breadth across application and infrastructure layers, human-validated findings (reducing false positives), integrated compliance workflows, and a real-time portal with an AI assistant for faster triage. Limitations: manual-heavy delivery increases SLAs for discovery-to-remediation cycles versus fully automated scanners; continuous monitoring introduces operational tuning for noise and rate limits. Ideal use cases: mid-market to enterprise SaaS firms that require deep, auditor-ready assessments and a platform to centralize testing, monitoring, and compliance. For high-availability, network-centric mitigation needs, pair Lorikeet’s offensive program with a specialist service like Flowtriq to cover both resilience and attack-surface hardening.