Engagements,
Not Subscriptions.
Root Access Protection is a services-led firm. You purchase expert-led engagements powered by our adversary reasoning platform—not software licenses. Pricing is engagement-based, scoped to your environment, and capacity-gated to ensure quality.
We deliberately limit the number of active engagements to maintain the operational depth that distinguishes our work from commodity security testing.
The Model
Engagement-Based Pricing
Every engagement is scoped, authorized, and evidence-producing.
- Scoped to Your EnvironmentNo one-size-fits-all packages. We scope based on your infrastructure, threat model, and compliance requirements.
- Capacity-GatedWe limit concurrent engagements. Quality over volume. Every client receives the full depth of our methodology.
- Evidence-ProducingEvery dollar spent produces evidence: attack paths, board summaries, regression baselines.
- Continuous by DesignEngagements are designed for ongoing validation, not one-time snapshots. Security posture is a continuous practice.
What You Can Engage For
Expert-led services powered by our adversary reasoning platform.
Continuous adversarial validation for AI systems—targeting prompt injection, agentic risks, and compliance readiness. Tests whether your AI defenses stop real-world attacks like goal hijacking and knowledge poisoning.
Cadence: Continuous / On-Demand
Learn More →Ongoing, authorized adversary-style testing using observed methodology. Tests if your defenses stop how actual attackers operate today.
Cadence: Monthly / Quarterly
Threat hunting for environments with limited telemetry. Sqrrl-inspired agentic workflows that elevate hunting maturity despite visibility constraints.
Cadence: Weekly / Bi-weekly
Translating technical findings into organizational change and board-level risk communication. Roadmap translation, board deck preparation, ROE development, and engineering backlog alignment.
Cadence: Monthly / Quarterly
Included
Every Engagement Includes
ROE Package
Formal rules of engagement, deconfliction protocol, and safety boundaries before any technical activity.
Attack Path Narratives
Documented kill chains showing exactly how attack paths were identified, executed, and what was validated.
Board-Ready Summaries
Executive-level briefs translating technical risk into business impact. No FUD, just facts.
Detection Gap Analysis
Clear mapping of where your defensive stack detected, missed, or partially caught adversary activity.
Regression Testing
Re-validation after remediation to confirm fixes actually close the gaps. Evidence of improvement, not assumption.
Direct Communication
No ticket queues. Direct access to the operator running your engagement for real-time context and coordination.
Process
How to Start
1. Discovery Call
15-minute mutual fit check. We confirm scope, constraints, and alignment. Not a sales pitch—a conversation between practitioners.
2. Scoping & ROE
We define the engagement scope, Rules of Engagement, and deliverable expectations together. No surprises, no hidden costs.
3. Active Engagement
Continuous validation operations at defined cadence. Evidence delivered at each cycle. Regression testing after remediation.
Ready to Scope Your Engagement?
Every engagement starts with a conversation. Book a discovery call to discuss your environment, or join the waitlist for priority access.