Question 1

What is VELO Security?

Accepted Answer

VELO (Vulnerability Evaluation & Lifecycle Orchestration) is a deterministic security-assessment platform. You paste a GitHub repo and VELO returns a reproducible scan quote in seconds, then runs a panel of 6–11 specialist agents covering AWS, Azure, GCP, Kubernetes, IaC, AppSec, AI/LLM defense, prompt injection, and compliance frameworks like STRIDE, MITRE ATT&CK, OWASP, CIS Benchmarks, and NIST SSDF.

Question 2

How much does a VELO security scan cost?

Accepted Answer

Scans start at $49.13. Typical small projects land around $67–$87, mid-size cloud/AI projects around $150, and large multi-cloud or AI-heavy systems can reach $400 or more. Pricing is deterministic — the same project produces the same quote today and tomorrow. Traditional threat-modeling consulting engagements cost $10,000–$50,000+; VELO compresses that into a 30-minute, $49 starting price.

Question 3

What frameworks does VELO use?

Accepted Answer

STRIDE for per-data-flow threat modeling, MITRE ATT&CK for adversary tactics mapping, OWASP Top 10 and ASVS for application security, OWASP LLM Top 10 for AI/LLM projects, CIS Benchmarks for cloud and Kubernetes hardening, and NIST SSDF + PASTA for secure-development lifecycle and risk-centric modeling.

Question 4

Does VELO store my code?

Accepted Answer

No. Source code is fetched into an ephemeral sandbox, analyzed, and discarded immediately after the scan completes. Nothing is written to persistent storage, no embeddings are kept, and we never train on customer code. A deterministic sanitizer strips secrets, API keys, tokens, .env values, IP addresses, internal hostnames, employee emails, and PII before any data reaches an LLM. Generated reports are retained for 90 days so you can revisit them, then cryptographically shredded. We do not request or accept production credentials, cloud account access, or anything that exposes your runtime environment — VELO works from the artifact, not the live environment.

Question 5

Who built VELO?

Accepted Answer

VELO was built by former Google, Microsoft, and Anthropic engineers and pentesters with deep experience in shift-left security, threat modeling, compliance, and governance. The mission is to democratize access to enterprise-grade threat modeling so any team can build secure systems as AI accelerates the threat landscape.

Question 6

Why is AI-driven threat modeling needed now?

Accepted Answer

We're entering what some researchers call the Dark Ages of Cybersecurity: a $20-budget attacker can now match a well-funded threat actor with LLM tooling, LLM-driven phishing is 5–7× more effective, agentic AI introduces entirely new attack classes (prompt injection, tool-use abuse, model exfiltration), and the window between disclosure and weaponization is collapsing. Companies need continuous, reproducible threat modeling — not annual consulting engagements.

Question 7

Does VELO require a subscription?

Accepted Answer

No. VELO is pay-as-you-go. You create an account for free, get a deterministic quote, and only pay when you run a scan. Optional subscriptions provide auto-credit discounts.

Former Google, Microsoft & Anthropic engineers

The mission: democratize expert-grade security