ModernPentest Is Verified Under Anthropic's Cyber Verification Program

Today we're sharing a milestone: ModernPentest has been verified under Anthropic's Cyber Verification Program.

What that means in plain terms: our AI agents can now perform legitimate, end-to-end offensive security testing on the most capable Claude models — without being interrupted by the default safety filters that would otherwise refuse this kind of work. For an AI-native penetration testing platform, that's not a vanity badge. It's the difference between an agent that describes a vulnerability and one that proves it.

The problem this solves

As frontier models get better at offensive security, they also get more cautious by default. Anthropic has rolled out real-time cyber safeguards that automatically detect and block requests that look like prohibited or high-risk cyber activity.

That's the right call for the open internet — but it creates friction for the people doing this work legitimately. Penetration testers, red teamers, vulnerability researchers, and incident responders all rely on exactly the "dual-use" techniques those safeguards are designed to catch: probing authentication, crafting injection payloads, chaining a server-side request forgery into an internal pivot. A model that refuses to help with any of that is safe — and useless for defense.

Without an exception, an AI pentester hits a wall precisely when the work gets interesting.

What the Cyber Verification Program is

The Cyber Verification Program is Anthropic's vetted pathway for security teams whose legitimate work is affected by those safeguards. Organizations apply, demonstrate that their use is grounded in defensive objectives, and — once verified — can apply Claude to a wider range of dual-use cybersecurity tasks like detailed threat modeling, adversarial simulation, and exploitation analysis.

A few things worth being precise about, because they matter:

• It's a clearance, not a blank check. Genuinely prohibited activity — mass data exfiltration, ransomware development, indiscriminate attacks — stays blocked regardless of verification status.
• It's tied to our organization. Verification is bound to a specific organization and a demonstrated commitment to ethical, defensive practice. It isn't transferable, and it isn't automatic.
• It's about capability, not endorsement. Verification confirms that our work qualifies as legitimate defensive security. We want to be clear that it is not a statement by Anthropic about ModernPentest's quality, efficacy, or results — and we won't present it as one.

We think that last point is worth stating plainly. Security is a field where overstated claims are a liability, and we'd rather tell you exactly what this is.

Why it matters for your security

ModernPentest's pipeline is built around a simple stance: a finding you can't demonstrate isn't a finding you should ship. Our prover agents don't stop at "this endpoint looks vulnerable" — they carry the test through to a real, evidenced exploitation so you see proof, not speculation, and so false positives get filtered out before they ever reach your dashboard.

That stance only works if the underlying model will actually do the offensive steps. Verification under the program means:

• Fewer blind spots. Legitimate offensive techniques don't get silently refused mid-test, so coverage is more complete.
• Real demonstrations, not theory. Our agents can carry an attack through to evidence — the exploited request, the leaked data, the chained pivot — instead of stopping at a cautious description.
• Higher-fidelity findings. When an agent can actually attempt exploitation, confirming and ruling out vulnerabilities both get more reliable.

The bigger picture

We applied to this program because we think the future of security testing runs on frontier AI, and that future has to be built on a foundation of trust and safety — not in spite of it. The same safeguards that make us prove our intentions are the ones that keep these capabilities out of the wrong hands. We're glad to operate inside that framework, and to be transparent about what it does and doesn't mean.

If you want to see what evidence-backed, AI-driven penetration testing looks like on your own application, get in touch.

ModernPentest is verified under Anthropic's Cyber Verification Program. This post describes our participation in that program; it does not imply partnership with, sponsorship by, or endorsement by Anthropic.