Changelog

Internal Testing is now Generally Available

Bring RedVeil inside the firewall. Our internal network testing agent graduates from beta to GA, with cloud-orchestrated reconnaissance, password cracking, and live tooling — all running on hardware you control.

May 1, 2026

When we launched RedVeil, we set out to make external and web application penetration testing cheaper, quicker, and easier to use. The follow-up question came almost immediately from every customer we talked to:

"Can it test the inside of my network too?"

For the past several months, the answer has been "yes, but in beta." Today, we're flipping the switch.

Internal Testing is now Generally Available.

You can now deploy a single, self-hosted RedVeil agent — codenamed Sigil — inside any segment of your network and let our agentic AI run a real internal pentest end-to-end. Same methodology, same audit-ready output, same one-click retests as our external engine.

Why internal testing matters

Most breaches don't end at the perimeter — they start there. Once an attacker gets a foothold (a phished credential, a forgotten VPN, a misconfigured cloud account), the real damage happens laterally: cracking hashes, abusing AD, pivoting through flat networks, and quietly escalating until they own the domain.

Until now, validating that side of your environment meant scheduling an internal pentest weeks in advance, shipping a laptop to a contractor, or running a checkbox vulnerability scan that misses everything an attacker would actually do. Internal Testing brings the same agentic methodology that powers RedVeil's external pentests — but pointed at the inside.

How it works

  1. Deploy the Sigil agent. Pull our hardened container image and run it with docker on any machine inside the segment you want tested. Drop in your org-scoped API key and the agent registers itself with the RedVeil cloud.
  2. Pick your scope. From the RedVeil application, select an internal project, point it at your private CIDRs, and choose the agent that should run the test.
  3. Press start. The agentic AI takes over: discovering live hosts, mapping services, running service discovery, gaining initial access, capturing and cracking hashes, chaining vulnerabilities, and writing its evidence as it goes.
  4. Read the report. When it's finished, you get the same audit-ready output you already know — business impact, reproduction steps, prescriptive fixes, and one-click retest.

Pricing and availability

Internal Testing is available on the Full Coverage and Enterprise plans. If you're on one of those tiers, admins can register agents, scope projects, and run engagements today. On a different plan and want in? Talk to us and we'll get you upgraded.

What's next

We're already working on the next chapter:

  • Multi-agent engagements — coordinate Sigil agents across multiple network segments in a single test to validate cross-segment attack paths
  • Continuous internal posture — scheduled, low-noise re-runs that flag drift between authoritative pentests
  • Internal asset enrichment — wire Internal Testing results back into Asset Inventory automatically

If your last internal pentest was twelve months ago and a PDF, it's time for an upgrade.

Ready to test the inside? Deploy Sigil and kick off your first internal engagement in minutes.

Previous

Introducing Compliance Framework Mapping

Next

Segmentation Testing comes to RedVeil