Private Beta Free Community plan No credit card to start Start free
Built in France · CNIL/NIS2 ready

Agentic mobile
and API security.

Three AI agents in production. CNIL, NIS2 and GDPR mapped. Hosted in the EU.

80% fewer false positives. Mobile, web, source and cloud in one upload. Self-serve from EUR 299 a month, no enterprise contract.

Scan your app free See it work
Live in beta

AI Investigator

Triages every finding. Generates contextual remediation with a senior pentester mindset.

GitHub · GitLab · Jenkins

CI/CD Agents

Runs in your pipeline. Your code never leaves your CI. Block insecure builds before merge.

Android · LLM-driven

AI-Guided DAST

Turns SAST findings into executable test cases via LLM-driven app navigation. 97.9% test coverage.

1,200+
Detection rules
80%
False positives filtered
3
Android, iOS, Web
EU
Hosted. GDPR compliant.
What we actually do
Three types of analysis. Four ML models. One report with only the findings that matter.

Static Analysis

Binary decompilation, source code scanning, manifest analysis, dependency checks. 25+ vulnerability categories and 740+ detection patterns across Android and iOS. Hardcoded secrets, weak crypto, insecure storage, misconfigurations.

Android iOS Source code
Scan history showing real analysis results

Dynamic Analysis

Your app runs on a real device. We intercept HTTPS traffic, crawl the UI, test runtime behavior, and catch what code review never will. 23+ runtime test scenarios.

Real devices HTTPS interception SSL pinning bypass
MASVS compliance dashboard with security radar

AI-Guided DAST

Four trained models, one per platform and scan type. Every finding gets a confidence score. 80% of noise gets killed before it reaches your team. The AI engine maps attack surfaces and chains vulnerabilities into exploit paths a real attacker would follow.

4 ML models Exploit chains 2,500+ payloads
CI/CD pipeline integrations

Web Scanner

8-phase scanning. SQLi, XSS, SSRF, out-of-band detection. APIs and web apps.

Store Scanning

Paste a store link. We download, analyze, report. No binary needed.

Compliance

MASVS, CWE, CVSS 3.1, OWASP Top 10. Auditor-ready reports.

CI/CD + API

GitHub Actions, GitLab CI, Jenkins. Block insecure builds.

Every finding tied to a regulation.
Mappings printed in every PDF report. Plain English, with the full citation in the report itself.

OWASP MASVS v2.0

20 controls auto-mapped per finding. Pass/fail table in every PDF.

CNIL (France)

Mobile-app recommendation 2024 mapped per actor (publisher, developer, SDK, OS, store).

NIS2 (EU)

Risk-management measures: crypto, secure development, access control, MFA.

GDPR (EU)

Data minimisation, lawfulness, security of processing, processors and transfers.

Full article references and pass/fail tables are inside every PDF report. This is a security-control mapping, not a substitute for legal review by a DPO or lawyer.

Upload. Scan. Ship.
No agents to install. No infrastructure to manage.
~/projects
$ titanshield scan --app myapp.apk [sast] Decompiling binary... 517 patterns matched [dast] Running on device... 23 tests active [ml] Scoring findings... 14 false positives removed Done 4m 32s 2 critical / 5 high / 3 medium report: titanshield.tech/r/a3f8c1
01

Drop your app

Drag a binary or paste a store link. APK, AAB, IPA, or source code. We handle the rest.

02

We tear it apart

SAST decompiles. DAST runs on real devices. ML scores every finding. Under 10 minutes.

03

You fix what matters

We open a pull request with the fix. When an automatic fix is not safe, your team gets a ready-to-apply patch. PDF, SARIF, JSON, push to Jira.

See it work
Enterprise security. Startup pricing.
Most mobile security platforms cost $20,000-$60,000 per year. We built TitanShield to change that.
Legacy vendors TitanShield
Starting price $20,000+/yr 299 EUR / mo
Setup time Weeks (sales calls, SOWs) 2 minutes
SAST + DAST Separate tools, separate bills One scan, one report
False positive rate 30-60% <10% (ML-filtered)
AI agents None or roadmap 3 in production
Data hosting US-based EU (GDPR compliant)
Private Beta

Start free. Upgrade when you are ready.

Scan your first app free in under 5 minutes. Upgrade to unlock DAST, the API and compliance reports.

Start free
No credit card to start. Free Community plan, paid plans from EUR 299 a month.
Monthly
Annual 2 months free
Community
€0 forever
Free forever
Try the scanner. No commitment.
  • 3 SAST scans / day
  • 1 app, Android + iOS
  • ML false positive filtering
  • HTML report (no PDF)
  • No DAST, no API, no team
Get started
Starter
€299/ month
billed monthly
Indie devs and freelancers.
  • Unlimited SAST scans
  • 10 DAST scans / month / app
  • PDF + JSON reports
  • CI/CD + SARIF export
  • Email support
Start with Starter
Titan
€699/ month
Most popular
billed monthly
Small dev shops and agencies.
  • Unlimited SAST + DAST scans
  • 5 seats per app
  • PDF + SARIF + custom rules
  • REST API + Jira / Slack
  • Email support 24h
Start with Titan
Business
€1299/ month
billed monthly
Regulated SMBs and product teams.
  • Unlimited everything, 25 seats per app
  • SSO / SAML + audit log
  • OWASP MASVS / GDPR / NIS2 evidence
  • CI/CD (GHA, GitLab CI, Jenkins)
  • Priority support 12h
Start with Business
Unlimited apps
No quota, no overage.
14-day money-back
Cancel within 14 days for a full refund.
No setup
Sign up, upload, scan. No agents to install.
Cancel anytime
Self-serve from the billing page.
Enterprise
On-prem air-gap, custom SLA, DPA, SAML SSO, white-label reports, dedicated support. Custom pricing.
Talk to us about Enterprise

Flat monthly billing. Unlimited apps on every paid plan. Hosted in the EU.

Frequently asked questions
Operational answers. No marketing fog.
Which platforms, languages and formats are supported?
Android (APK and AAB), iOS (IPA, including FairPlay-encrypted via on-device runtime), web apps and APIs, and source repositories in Kotlin, Java, Swift, Objective-C, JavaScript, TypeScript, Python, Go, PHP and Ruby. SAST, DAST and SCA in one scan.
My app ships on both iOS and Android. Is that one subscription or two?
One. Every paid plan includes unlimited apps across platforms. We never charge per-app or per-platform on the public tiers.
How long does a scan take?
A typical SAST run finishes in under 5 minutes on a mobile app. DAST on a real device takes 10 to 25 minutes depending on UI depth. Web URL scans depend on target size.
Do you store my source code or binaries? For how long?
Hosted entirely in the EU (Germany). Uploads and intermediate artefacts auto-delete according to your plan's retention. You can also delete a scan and all associated data at any time from the dashboard.
TitanShield Intelligence: how do you handle fixes you can't safely automate?
TitanShield Intelligence is our autofix engine. When a fix is safe and isolated (outdated crypto, missing flag, hardcoded secret), Intelligence opens a pull request directly on your repo with the patch and unit-test proof. When a fix is sensitive (auth flows, business logic, anything that could regress in production), we never push code we are not 100% sure about. Intelligence ships an expert fix guide your engineers apply with their context. Our promise: we never break your production.
Which CI/CD systems do you integrate with?
GitHub Actions, GitLab CI, Bitbucket Pipelines, Jenkins, CircleCI, Azure DevOps and Bitrise are wired natively. SARIF export covers any other runner. Findings can ticket to Jira and notify Slack.
How is this different from MobSF or other open-source scanners?
Open-source scanners give you raw findings. We add ML false-positive filtering (about 80% fewer noise findings on a Bitwarden benchmark, 56 down to 11), open a pull request with the fix when possible, and run everything in the EU with no third-party AI dependency.
Why TitanShield instead of an established AppSec vendor?
Most appsec platforms ship findings; we ship the patch. Four differentiators: EU sovereign by design (every byte of code, every AI call and every artefact stays in the EU on our own infrastructure, no US cloud, no third-party AI APIs); the autofix PR is the moat (not a report, an actual code patch on your branch); native CI/CD across 7 systems plus SARIF, no agent to install; flat predictable pricing, self-serve from day one, no enterprise contract required to start.
Do I need a credit card to try TitanShield?
No. The Community plan is free forever and lets you run real scans. A card is only required when you upgrade to a paid plan.
How do I cancel? Is there a refund?
Cancel any time from the billing page. Within the first 14 days, cancelling triggers a full automatic refund. After that, you keep access until the end of the billing period.
How do team workspaces and seats work?
Team workspaces with multiple users are in private beta on Business and Enterprise plans. The architecture is built around organizations: scans, billing and audit trail live at the org level, and members can belong to multiple orgs. Talk to us to onboard your team early.
Is on-premise deployment available?
Yes, on the Enterprise plan. Air-gapped install on your own infrastructure, with a dedicated upgrade channel and SLA. Get in touch to scope it.

More questions? Email hello@titanshield.tech.

Upload your app. We open the PR that fixes it.

Upload your app. Get a vulnerability report. Fix what matters. The first scan is free and takes under 5 minutes.

Start free scan
Need help?