XNinja: Automated Penetration Testing & Compliance Platform for Enterprises and SMEs

A penetration test costs EUR 10,000 to 50,000 and takes weeks to schedule. For a mid-size German manufacturer facing NIS2 compliance deadlines, this is not just expensive — it is operationally paralyzing. The company needs quarterly security assessments to maintain compliance, but each engagement requires finding available pentesters, negotiating scope, waiting for the report, and then translating raw technical findings into the specific control language of NIS2, BSI IT-Grundschutz, and ISO 27001. By the time the report arrives, the infrastructure has already changed. The compliance snapshot is already outdated.

The Challenge

The European compliance landscape has tightened dramatically. NIS2, which came into force in October 2024, expanded cybersecurity obligations to over 160,000 organizations across the EU — many of which had never been subject to mandatory security assessments. BSI IT-Grundschutz, Germany's national framework, requires documented evidence of regular penetration testing. TISAX certification, mandatory for automotive supply chain participants, demands demonstrated security controls. And the DSGVO (GDPR) requires organizations to prove they take appropriate technical measures to protect personal data.

For large enterprises with dedicated security teams, this is manageable. For the vast majority of European businesses — the Mittelstand manufacturers, logistics companies, healthcare providers, and financial service firms with 50 to 500 employees — it creates an impossible choice: spend EUR 40,000 or more per year on manual pentests they can barely afford, or risk non-compliance fines that can reach 2% of annual revenue under NIS2.

Existing automated tools solve only part of the problem. Nmap scans networks. Nuclei tests web applications. TestSSL checks certificate configurations. But none of them produce output that a compliance officer can use. A list of open ports is not a compliance finding. A CVE identifier is not a control gap analysis. The translation from technical vulnerability to compliance language requires human expertise — which is exactly what makes manual pentests so expensive.

How a Scan Works

When a user initiates a scan in XNinja, the following orchestration sequence executes:

• The user enters a target domain or IP range and selects the applicable compliance frameworks (e.g., NIS2 + ISO 27001 + BSI IT-Grundschutz)
• The LangGraph orchestrator analyzes the target and deploys the appropriate agents: network scanning (Nmap), web application testing (Nuclei), SSL/TLS analysis (TestSSL), and endpoint discovery — all running in parallel within isolated containers
• As findings arrive from each agent, the AI risk scoring engine evaluates business impact — a critical vulnerability on an internet-facing payment system is scored differently than the same vulnerability on an internal development server
• The compliance mapping engine takes each finding and maps it to the specific controls it affects across all selected frameworks. An expired SSL certificate, for example, maps to ISO 27001 A.10.1.1, NIS2 Article 21(2)(e), and BSI IT-Grundschutz CON.1
• The report generator produces three outputs simultaneously: an executive summary for management, a technical report with step-by-step remediation instructions, and a compliance gap analysis showing exactly which controls are satisfied and which require action
• Total time from scan initiation to complete report: typically under 15 minutes for a standard web application and network perimeter

The Compliance Engine

XNinja's compliance engine is not a simple lookup table. Each of the 5 supported frameworks (ISO 27001, NIS2, BSI IT-Grundschutz, DSGVO, TISAX) contains between 80 and 200 individual controls, and the relationships between technical findings and controls are often many-to-many. A single misconfigured firewall rule can affect controls across multiple frameworks, and a single control can be impacted by multiple technical findings.

The engine uses pgvector semantic similarity search to identify non-obvious control mappings that keyword matching would miss. When a new vulnerability type emerges — for example, a novel HTTP header misconfiguration — the engine can identify which compliance controls it affects even if no explicit mapping has been coded, by analyzing the semantic similarity between the vulnerability description and control requirements.

What a Report Looks Like

XNinja generates three report layers designed for different audiences within an organization:

• Executive summary (1-2 pages): Overall risk score, number of findings by severity, compliance status for each selected framework, and a prioritized list of the top 5 actions that would have the greatest impact on the organization's security posture. Written in plain language, suitable for board presentations.
• Technical report (detailed): Every finding with CVE references, proof of exploitability, step-by-step remediation instructions with code examples where applicable, and estimated effort to fix. This is what the IT team needs to actually resolve the issues.
• Compliance gap analysis (per framework): For each selected compliance framework, a control-by-control assessment showing which controls are satisfied by current security posture, which have gaps, and what specific actions are needed to achieve compliance. Formatted for direct submission to auditors.

All reports are generated in both German and English, with remediation guidance localized for each language. Additional languages are on the roadmap based on customer demand.

Product Status

XNinja is currently in closed beta with select pilot customers across Germany and Austria, primarily in the manufacturing, logistics, and financial services sectors. These pilot engagements are validating the compliance mapping accuracy, report quality, and usability for non-security professionals. Public launch is planned for Q2 2026, with initial availability in the DACH region (Germany, Austria, Switzerland) before expanding to broader EU markets.

We are being transparent about this timeline because we believe honesty about product maturity builds more trust than premature marketing claims. The pilot customers are providing real feedback that is shaping the product — from compliance framework coverage priorities to report format preferences to integration requirements with their existing IT management tools.

Pricing Model

XNinja is priced to make regular security assessments economically viable for organizations that currently cannot afford manual pentesting. A comprehensive automated scan costs a fraction of a manual pentest — making it feasible to run quarterly or even monthly assessments instead of annual point-in-time tests. The subscription model includes unlimited scans, compliance mapping updates as frameworks evolve, and continuous monitoring for organizations that need it.

Results & Impact

• 5 compliance frameworks mapped: ISO 27001, NIS2, BSI IT-Grundschutz, DSGVO, and TISAX
• 8 integrated security tools orchestrated by AI agents for comprehensive coverage
• Under 15 minutes from scan initiation to full compliance report for typical targets
• Three report layers (executive, technical, compliance) generated simultaneously in DE/EN
• Semantic compliance mapping via pgvector that identifies non-obvious control relationships
• Multi-tenant SaaS architecture with complete data isolation and EU-only infrastructure
• Continuous compliance monitoring replacing expensive point-in-time assessments

Technology Stack

• Angular frontend with real-time WebSocket dashboard for live scan progress
• Django REST backend with multi-tenant isolation and role-based access control
• PostgreSQL with pgvector for semantic similarity search across vulnerability databases
• LangGraph multi-agent orchestration for coordinating parallel scan workflows
• Nmap, Nuclei, TestSSL, and custom discovery tools for comprehensive attack surface coverage
• Redis for task queuing, caching, and real-time event streaming