Your cloud.
Your findings.
Your disclosure protocol.
Hades is an adversarial AI. It reads your software, reasons about how it breaks, runs exploit attempts in an isolated sandbox, and returns a reproducible proof of every real weakness. For enterprise, the whole system deploys inside a peered VPC in your own cloud account — code, runs and findings all stay on your side of the boundary, delivered directly to your security team on a disclosure protocol you define.
A sealed Hades VPC — inside your cloud org.
Hades provisions a single-tenant VPC inside your own cloud organisation — AWS, GCP, Azure, Hetzner, OVH, or any EU-sovereign provider — in the region your compliance envelope requires. Hades operates that VPC end-to-end: harness, code graph, sandbox fleet, all sealed. It peers natively to your existing workload VPCs, pulls your code across the link, and runs every sandbox locally. Data residency is automatic — your cloud, your region — and your security team keeps operating exactly as they do today.
- ·Your repositories + services
- ·Your data, secrets, keys
- ·Findings + audit trail (yours)
- ·Nothing leaves this boundary
- ·Harness · deterministic runner
- ·Code graph · structured analysis
- ·Sandbox · ring-layered containment
- ·No public egress · CVE research built-in
Every boundary has a named owner — signed before any repo connects.
Your AWS Org, Azure tenant, or GCP Org. Your IAM, KMS roots, peering approval. Hades provisions the sealed VPC inside this boundary under scoped IAM you grant.
Harness, code graph, sandbox fleet. All sealed, operated by Hades end-to-end, inside the VPC we provision in your cloud.
Your code enters the sealed VPC for analysis and never crosses your cloud-org boundary. Findings land in a customer-owned store you nominate; audit trail follows.
You define it in discovery — channels, keys, SLAs, ticket format. We build the pipeline to match and sign it into the engagement.
>finding: HADES-ENT-2026-0042
>target: acme-internal/checkout-svc@a1f2c
>severity: CVSS 8.9 · high
|reproduced: 11/11 runs · deterministic
>wrap: kms/alias/acme-sec-kek (customer)
>channel: s3://acme-sec-findings (customer)
>recipient: sec-team (pgp 4a9f...c2e1)
|envelope sealed · customer KMS
|delivered · recipient ACK received
>ticket: acme-jira SEC-4119 (created)
>audit: acme-sec-audit log written (customer)
!raw payload: never leaves your cloud org
|
Direct, encrypted, on your protocol.
No public advisory portal. No vendor dashboard. Every finding is encrypted with your keys (PGP, KMS, or HSM), delivered on the channel you specify, and written to an audit trail you own.
The whole pipeline is a contract, not a default protocol. Discovery captures your channels, keys, SLAs and ticket format; the engagement brief pins them before any repo connects.
Hades fits your process — not the other way around.
Enterprise change management is the expensive part. A new tool that reports findings in its own format forces months of internal work to translate, route and triage them. Hades doesn't do that. Discovery captures how your security team already operates — taxonomy, cadence, tooling, review gates — and the pipeline is built to match before the first finding is written.
From first call to steady cadence.
Discovery
Scope, compliance envelope, disclosure protocol. One call, one engagement brief signed before any repo connects.
Deploy
Hades provisions the sealed VPC inside your cloud org, peers into your workload networks, first target agreed with your team.
First findings
Real targets, real findings. Every finding clears the reproducibility gate and lands on your disclosure protocol.
Review
Scope expansion, ongoing cadence, long-term terms. The pilot transitions into a steady engagement.
Questions the committee will ask.
What languages and stacks does Hades cover?
Hades is language-agnostic. The harness procedurally stands up any codebase inside a ring-layered sandbox — regardless of language, toolchain or runtime — and probes it adversarially. There's no supported-stack list to check against; the sandbox orchestration is the point.
Does anyone on your side read our code or findings?
Hades adversarially reads and probes your code inside the sealed VPC — that is the product. No human on the Hades side reads findings or customer data. Hades operations may audit the deployment itself (the stack, not the data) for incident response.
How does Hades fit our existing security stack?
Hades is an autonomous runner, not another dashboard or portal. Your SOC, triage rotation and incident response all operate exactly as they do today — Hades becomes one more powerful tool in the mix. Ticketing output is the one integration routinely scoped; anything else is discussed case by case in discovery.
Where does it run, and where does our data live?
Inside your cloud organisation, in the region your compliance envelope requires. AWS Frankfurt stays Frankfurt; Azure Enterprise France stays France; GovCloud stays GovCloud. Hades does not operate a parallel footprint your data could leak into — the system runs in yours.
Who do we contract with?
Hades Security Pty Ltd, registered in Australia. DPA-ready, sub-processors published, insurance via named partners, no US legal nexus. EU enterprise engagements can additionally contract through Germany-based enterprise AI facilitation partners where a local entity is required.
How do you secure Hades itself?
Hades runs against Hades — every release is adversarially probed by the system on our own stack before it ships. Each customer-peered VPC is compartmentalised, versioned, and isolated from every other customer and from the main Hades cloud. Tight digital hygiene, scoped personnel access, and a threat model we treat as adversarial by default.