Everything you need to ship secure APIs
NAT combines multi-agent AI, OWASP security checks, and adaptive risk scoring into a single tool that fits into your existing workflow.
BDI Multi-Agent Engine
Autonomous agents collaborate via ECNP to maximize endpoint coverage and share belief states across the scan graph.
OWASP API Top 10
All 10 checks plus 5 GraphQL-specific security checks — broken auth, excessive data exposure, SSRF, injection, and more.
Adaptive Risk Scoring
Neural networks predict which endpoints are highest risk and route agents there first — smarter with every scan.
REST + GraphQL
OpenAPI/Swagger parsing and GraphQL introspection scanning out of the box. No manual test authoring required.
CI/CD GitHub Action
Block PRs on high-severity findings with 3 lines of YAML. Native GitHub Actions integration with configurable thresholds.
Live Dashboard
Risk heatmaps, agent belief visualization, anomaly timeline, and full security finding drill-down in a dark-mode web UI.
From spec to findings in minutes
No agents to configure, no test scripts to write. NAT reads your spec and does the work.
Upload your OpenAPI spec
Point NAT at your OpenAPI/Swagger file or provide a live API URL. GraphQL? Use introspection. No manual test authoring — NAT reads your spec and builds the scan graph automatically.
nat scan --spec openapi.yaml --url https://api.example.comNAT's agents scan, learn, and prioritise
BDI agents fan out across your endpoints, running OWASP checks and building a live belief graph. The neural risk scorer identifies your highest-risk surfaces and routes agents there first.
[Agent-7] Belief updated: /users/{id} → CRITICAL (risk: 0.91)View results in the interactive dashboard
Open the web dashboard for risk heatmaps, agent belief visualization, full security finding detail, and scan history. Export to JSON, HTML, or JUnit for your CI pipeline.
✓ 127 endpoints · 3 CRITICAL · 8 HIGH · 51 min · dashboard readyStart scanning in 5 minutes — no install required
The SaaS path gives your team full NAT capability without provisioning a single server. Sign up, paste a URL, and get actionable security findings before your next stand-up.
Sign up — free
Create your account at app.nat-testing.io. No credit card required. Your free tier includes 100 scans per month.
Paste your API URL or spec
Enter your live API URL or upload an OpenAPI / GraphQL spec. NAT reads your spec automatically — no test authoring, no configuration.
See prioritised results
Within minutes, your dashboard shows endpoint risk scores, OWASP findings, and agent-driven insights — sorted by severity, ready to act on.
Prefer self-hosted? pip install nat-engine and run locally — free forever under AGPL-3.0.
Designed for security engineers
A dark-mode dashboard built for fast triage — not checkbox compliance. Every finding links to evidence, not guesswork.
Agent Activity
Real-time belief state visualization for every BDI agent in the scan fleet.
Security Findings
Prioritised OWASP findings with severity, endpoint, and fix recommendations.
Finding Detail
Full request/response traces, CWE references, and remediation guidance.
How NAT compares
Built for the security engineer who needs more than manual test scripts and checkbox scanners.
| Capability | ★ BestNAT | Postman | SoapUI | Burp Suite |
|---|---|---|---|---|
| OpenAPI / Swagger scanning | ||||
| GraphQL support | Partial | Manual | ||
| OWASP API Top 10 checks | Manual | |||
| Adaptive AI prioritization | ||||
| Neural risk scoring | ||||
| OAuth 2.0 / JWT testing | Partial | Partial | ||
| CI/CD GitHub Action | ||||
| Docker support | ||||
| Open source | ||||
| Python API / SDK | ||||
| Web dashboard | ||||
| No GPU required |
Data accurate as of Q1 2026. Based on publicly available documentation and independent evaluation. "Partial" indicates limited or plugin-dependent support.
Simple, transparent pricing
Start free with no credit card. Upgrade when you need more scans, specs, or team features.
Free
Great for side projects and API exploration.
- 100 scans / month
- 1 API spec
- Basic dashboard
- OWASP Top 10 checks
- Community support
- CLI access
Pro
For individual engineers and small teams shipping fast.
- 1,000 scans / month
- 5 API specs
- Full dashboard
- CI/CD GitHub Action
- Adaptive risk scoring
- Email support
- JSON / HTML / JUnit reports
Team
For security-conscious engineering teams.
- 5,000 scans / month
- Unlimited API specs
- Team management & RBAC
- SSO (SAML / OIDC)
- Priority support
- Webhook integrations
- Scan history & audit log
Enterprise
Dedicated infrastructure, SLAs, and white-glove onboarding.
- Unlimited scans
- Dedicated infrastructure
- 24 / 7 support & SLA
- Custom integrations
- On-prem deployment option
- Pen-test report exports
- Commercial license
All prices in USD. Annual billing saves 20%. Questions? Email us.
Frequently asked questions
Answers for every stakeholder — from security engineers evaluating capabilities to executives approving the budget.
NAT (NeuroAgentTest) is an AI-powered API security testing framework. It uses autonomous BDI (Belief-Desire-Intention) agents to scan REST and GraphQL APIs, run OWASP API Top 10 checks, and prioritise findings by risk — automatically, without manual test scripts.
Still have questions?
hello@nat-testing.ioStop shipping APIs with undiscovered vulnerabilities
NAT finds what static scanners miss — and explains why each finding matters. Start free in 5 minutes, no installation required.