FrootAI — AmpliFAI your AI Ecosystem Get Started

Security

Penetration Test Summary

Third-party security assessment of the FrootAI Cloud platform. No exploit details are published — only methodology, scope, and finding counts.

✅ PASS — 0 Critical, 0 High findings

Assessed by Cure53 · Completed 2026-Q3 · 4 weeks

Scope

FrootAI Cloud GA Security Assessment

  • Cloud Engine API (runs, streaming, tenant isolation)
  • Cloud Eval API (eval runs, schedule management)
  • Cloud Registry API (manifest versioning, promotion)
  • Stripe Webhook Handler (signature verification, billing)
  • Studio Web Application (auth flows, session management)
  • Authentication (OAuth redirect, token handling, escalation)
  • API Key Management (enumeration, scope, revocation)

Methodology

OWASP Testing Guide v4.2, PTES, manual + automated testing (Burp Suite Pro, Nuclei, custom scripts)

Findings (12 total)

0

critical

0

high

3

medium

5

low

4

informational

Remediation Status

SeverityTotalFixedIn ProgressSLA
critical00024 hours
high00014 days
medium32190 days
low532Next release
informational400Backlog

Next penetration test

2027-Q1 (annual cadence)

Annual cadence

Full report under NDA: Full report available under NDA for Enterprise customers. Contact [email protected].

Security Overview Incident SLOs Report a vulnerability