Basan
Log inSign up

Changelog

New updates and product improvements

Real domain verification and in-app help

A small but important upgrade.

You actually own the domain you’re scanning

Adding a target used to flip it to “verified” the second you clicked the button. That was effectively trust-on-faith, and not good enough for a security tool. We now check.

When you add a target, Basan shows you a unique token. Drop it into your domain’s DNS as a TXT record under _basan-verify.<host>, and we’ll pick it up automatically on the next check. Verified targets are re-checked quarterly, so if the record disappears, the target eventually flips back to pending and stops accepting new scans.

In-app help

A new “Get help” item in the sidebar opens a small panel with the support email and a one-click copy button, so you can reach us whether or not your default mail app is set up.

Polish

  • Pages no longer flash blank between navigations. Each route now shows a placeholder while it loads.
  • Updated the pricing page so it matches the tiers you actually see when you sign up.
  • Brand colours unified across the marketing site and the app, so signing up doesn’t feel like landing in a different product.

From sign-up to first scan in five minutes

Self-serve onboarding is live. New accounts now land in a short, guided setup instead of an empty dashboard.

What’s in the first run

  • Name your workspace. One step, one name. Done.
  • Add your first target. Paste the URL you want to scan and pick a few defaults. We scaffold the rest.
  • Verify your domain. A quick check confirms the URL is yours before any scans dispatch against it.
  • Take a quick tour. A short walkthrough of where targets, scans, findings, and reports live, so you don’t have to hunt for the basics.

The whole flow takes about five minutes from sign-up to your first running scan. Stop halfway and you’ll pick up where you left off the next time you log in.

Scheduled scans

Running a scan every time you ship something is a great intention and a terrible habit. Schedules are the cure.

Set it once, let it run

Any target can now scan itself on a recurring cadence:

  • Pick a cadence. Daily, weekly, monthly, or any custom interval that fits how often you ship.
  • Lock in the configuration. A schedule snapshots its settings the moment you create it, so editing the target’s defaults later won’t silently change runs already on the calendar.
  • Attach credentials. If the scan needs to authenticate, point the schedule at a credential from the vault and Basan will use it on every run.
  • Pause anytime. Stop a schedule from triggering further runs without deleting it. Resume when you’re ready.

Each scheduled run still costs one credit, drawn from the same balance as one-off scans. We won’t kick off a run if your balance won’t cover it.

Notifications and billing

Two big additions to the preview.

Stay in the loop

Plug Basan into the channels your team already uses:

  • Slack and email. Get pinged when a scan completes or new findings appear, so you don’t have to keep the dashboard open.
  • In-app notification center. A bell in the app header collects everything that happened recently. Each teammate sees only the items they haven’t read yet.

If a notification ever fails to send, your scans and findings still land. Alerts will never be the bottleneck.

Pay for what you use

Subscriptions are live with a four-tier credit model:

  • Free. Kick the tires with a small monthly allowance.
  • Tier 1, 2, 3. Increasing monthly credit allotments for teams running more frequent scans.

Each scan costs one credit. Unused credits roll forward, and you can buy top-up packs at any time. Plan changes take effect at the next billing cycle, so there are no mid-month surprises.

First preview

After a few quiet months of building, the first working version of Basan is live for a few early users.

What you can do today

  • Add a target. Register any URL you own and configure how Basan should scan it. Remove a target you don’t need anymore, and if you add it back later, you pick up where you left off.
  • Run a scan. Kick off a one-off scan or set up a recurring run. Each scan launches an autonomous agent that explores your application, tries realistic attack paths, and reports back as it works. Cancel anything in flight if you change your mind.
  • Triage findings. Every issue lands with a severity rating, OWASP category, reproduction steps, and remediation guidance. Mark items acknowledged, resolved, or won’t-fix as your team works through them.

We’re working closely with early users to find them quickly.

We started Basan

Today marks the beginning of Basan: an AI security agent built for engineering teams who want continuous, practical security feedback without the overhead.

Why we started this

Modern teams ship code quickly, but security often lags behind. Compliance checklists, one-off pentests, and noisy scanners all create friction rather than flow.

Basan is designed to keep pace with your development cycle and surface real-world risks as your application evolves.

What Basan is

An autonomous agent that explores your application like a careful attacker, chains actions to find exploitable issues, and surfaces findings as engineering feedback, not alarms.

What to expect

We’re building this for teams that ship fast and take responsibility seriously. Expect:

  • Founder-led honesty: clear boundaries, no hype, a commitment to building something useful.
  • Practical focus: features that integrate with how engineering teams actually work.
  • Transparent development: regular updates on what we shipped, what we learned, and what’s next.

We’ll be in touch soon with details on early access.