Questions? We've got answers.
Everything you need to know about Orithos \u2014 from first scan to enterprise deployment.
What do I need to start using Orithos?
A running LLM endpoint (or any HTTP API your agent uses), and the ability to make authenticated HTTP requests. No agent instrumentation or code changes required — Orithos calls your endpoint, you don’t modify your agent.
How long does the first scan take?
Most scans complete within 30–60 seconds depending on probe count and your endpoint’s response time. You can view results asynchronously — the scan continues in the background and findings stream in as they’re produced.
Do I need to install anything on my agent?
No. Orithos runs externally and communicates with your agent via its existing API endpoint. There are no sidecars, agents, or instrumentation libraries to install.
What kinds of probes does Orithos run?
Orithos’s probe library covers prompt injection, tool misuse, data leakage, privilege escalation chains, jailbreak attempts, and role-playing exploits. Each probe is drawn from OWASP Top 10 for LLM Applications, Garak, and DeepTeam research — mapped to real agent failure modes.
Can I create custom probe sets?
Yes. You can compose custom probe sets from the existing library or create your own. The Enterprise Team plan includes custom probe creation. The probe library is also extensible through the API.
How are findings graded?
Each finding receives a severity rating: low, medium, high, or critical. Severity is based on the potential impact of the vulnerability — data exposure potential, privilege escalation risk, and ease of exploitation. Findings also include attack path descriptions and remediation guidance.
What is a remediation rerun?
A rerun that executes only the probes that previously failed. This lets you verify fixes without re-running the entire probe set. Reruns count as one scan toward your monthly limit.
How does the Adversarial Simulator work?
The Simulator uses a ToolRiskGraph that models tool-to-tool transition risk. You compose a sequence of tool calls (e.g. browser.fetch then filesystem.write), and the graph scores each transition for escalation potential. Results show overall risk, attack path, and specific risk factors.
What is the Simulator’s risk model based on?
The risk graph encodes known privilege escalation patterns in agentic systems. It considers factors like data flow between tools, capability chaining, and information disclosure potential. Each tool-to-tool transition is scored independently, and the chain receives an aggregate risk rating.
How is my data handled during a scan?
Orithos sends probe payloads to your agent’s endpoint and receives responses. Probe payloads are generated from our OWASP-based probe library and do not contain your sensitive data. Response data is stored temporarily for analysis and retained per your retention policy. You can configure retention to zero (immediate purge) at any time.
What compliance frameworks do you support?
Orithos maps findings to SOC 2, HIPAA, and ISO 27001 AI controls. Every scan produces evidence that can be mapped to specific control requirements. Custom framework mappings are available for Enterprise plans.
Is Orithos SOC 2 compliant?
Orithos undergoes regular security audits. Enterprise Team plan subscribers receive access to our SOC 2 Type II report. All plans include encryption at rest and in transit, bcrypt-hashed API keys, and configurable data retention policies.
What’s included in the Starter plan?
The Starter plan includes 50 scans per month, 3 team seats, access to OWASP LLM attack probes, severity-graded findings, Severity-scored PDF reports, and 30-day evidence retention. No credit card required.
What happens when I hit my scan limit?
You’ll receive a 402 response with an X-Upgrade-URL header pointing to the billing page. Existing scan data remains accessible. Upgrade to Team or Business to increase your limit.
Can I cancel anytime?
Yes. You can downgrade from any paid plan to the Starter plan at any time from the billing settings page. There are no long-term contracts or cancellation fees.
Still have questions?
Reach out to us at support@traceshield.dev. We aim to respond within 24 hours.