# SecureCoders > SecureCoders is a security operations and AI-native development team. We help organizations validate risk, support audits and customer trust, operate telemetry, build agentic systems, and execute pragmatic security programs. ## Primary Pages - [Home](https://securecoders.com/): Overview of SecureCoders' security operations, AI-native development, telemetry, and customer trust work. - [Contact](https://securecoders.com/contact): Best starting point for audit deadlines, customer security reviews, exposure reduction, telemetry, or AI execution needs. ## Services - [Penetration Testing Services](https://securecoders.com/services/penetration-testing): Manual security testing with audit-ready findings, remediation guidance, and optional retesting. - [Startup SOC 2 Pentest Package](https://securecoders.com/services/pentesting-for-startups): Fixed-scope startup pentest offer with manual testing, vCISO support, Slack access, and retesting. - [Pentesting-as-a-Service](https://securecoders.com/services/pentesting-as-a-service): Ongoing manual testing, remediation support, and retesting for teams that ship continuously. - [Continuous Threat Exposure Management](https://securecoders.com/services/threat-exposure): Exposure discovery, validation, prioritization, and remediation operations grounded in CTEM.org standards. - [Virtual and Fractional CISO Services](https://securecoders.com/services/virtual-ciso-services): Security leadership, customer trust support, audit readiness, and executive security operating cadence. - [Security Questionnaire Framework](https://securecoders.com/services/security-questionnaire): Customer trust operations for organizing evidence, approved responses, and questionnaire workflows. - [AI-Native Software Development](https://securecoders.com/services/software-development): AI-native software development backed by shipped products including Pwnie.ai, Parallect.ai, prxhub.com, AI Down, OpenGraph.io, and RedCaller. - [Splunk Development](https://securecoders.com/services/splunk-development): Splunk data onboarding, detections, dashboards, reporting, and maintainable security operations content. - [Cribl Development](https://securecoders.com/services/cribl-development): Telemetry routing, enrichment, filtering, retention, replay, and observability pipeline design. ## Supporting Pages - [About SecureCoders](https://securecoders.com/about): Learn about SecureCoders, our mission, values, team, standards work, and shipped products. - [SecureCoders Blog](https://securecoders.com/blog): Security, AI, CTEM, trust operations, vCISO, penetration testing, and customer security review writing. - [SecureCoders Portfolio](https://securecoders.com/portfolio): Case studies and shipped software from SecureCoders. - [SecureDawn Case Study](https://securecoders.com/portfolio/security-questionnaire-tool-securedawn): Security questionnaire automation and customer trust tooling case study. - [OpenGraph.io Case Study](https://securecoders.com/portfolio/link-unfurling-opengraph-io): Developer API platform case study for link unfurling and metadata extraction. - [Commercial Credit Marketplace Case Study](https://securecoders.com/portfolio/secure-and-scalable-commercial-credit-marketplace): Secure marketplace engineering case study for a commercial credit platform. - [Security Services ROI Calculator](https://securecoders.com/roi-calculator): Interactive calculators for estimating the value of security services, testing, telemetry, and trust operations. ## Blog - [MCP CLI Clients Are Shipping Without Refresh-Token Support](https://securecoders.com/blog/mcp-cli-refresh-token-gap): The MCP OAuth specification mandates OAuth 2.1 with PKCE, but as of April 2026 not a single MCP client fully implements the refresh-token flow. Server teams are forced to issue dangerously long-lived access tokens as a workaround. - [VoiceGoat: We Open-Sourced a Vulnerable Voice Agent Platform](https://securecoders.com/blog/voicegoat-open-source-vulnerable-voice-agent): The RedCaller team releases VoiceGoat, a free, intentionally vulnerable voice agent application for security practitioners. Practice exploiting OWASP LLM Top 10 vulnerabilities across three services with CTF-style challenges, all running in Docker with no API keys required. - [The Complete Guide to MCP Server Registries: Where to List, How to Submit, and What to Know](https://securecoders.com/blog/mcp-server-registry-guide): A practical rundown of every major MCP server registry and directory — from the Official MCP Registry to Smithery, Glama, MCP.so, and more. Learn how to submit your server, which transports are supported, and the smartest cross-listing strategy. - [We Made Our AI Agent Audit Itself for LLM06 Excessive Agency—Here's What It Found](https://securecoders.com/blog/ai-agent-self-audit-llm06-excessive-agency): Learn how we used an AI agent to audit itself for LLM06 Excessive Agency vulnerabilities. Practical defense strategies for Cursor, LangChain, CrewAI, AutoGPT, and OpenClaw deployments using STIG-based tool restrictions. - [OpenClaw Security Analysis: Excessive Agency Vulnerabilities in AI Agents (LLM06)](https://securecoders.com/blog/openclaw-excessive-agency-llm06-security-analysis): Deep dive into OpenClaw's security architecture and LLM06 Excessive Agency vulnerabilities. Learn how AI agent tools like shell execution, browser automation, and messaging create attack surfaces—plus recommendations for safer agentic AI deployments. - [Voice AI Insurance: How to Prepare for AIUC-1 Certification](https://securecoders.com/blog/voice-ai-insurance-aiuc1-certification): The emergence of AI voice agent insurance signals a new era of accountability. Learn what AIUC-1 certification requires and how to prepare your voice agents for this new SOC 2-like standard for AI. - [Prompt Injection Testing in Voice AI: From 'I'm a Little Teapot' to System Prompt Exfiltration](https://securecoders.com/blog/prompt-injection-voice-ai-teapot-methodology): A systematic methodology for discovering prompt injection vulnerabilities in Large Audio Models and voice agents. Learn the 'teapot methodology'—starting with benign probes and escalating to security-critical exploits. - [It's Turtles All the Way Down: Building an AI to Break Voice AI](https://securecoders.com/blog/building-ai-to-break-voice-ai-redcaller): SecureCoders introduces Redcaller: an open-source framework that automates penetration testing for voice-enabled AI applications. Learn how we built AI to attack AI and discovered unique vulnerabilities in voice interfaces. - [Top Companies to Consider when hiring a Virtual Chief Information Security Officer (vCISO) in 2025](https://securecoders.com/blog/top-vciso-companies-to-consider-in-2025): Discover the top 5 vCISO service providers for 2025, including SecureCoders, Kroll, Grant Thornton, Deloitte, and Accenture. Learn what to look for in a provider and see real case studies. - [vCISO vs. CISO: Which is Better for Your Organization?](https://securecoders.com/blog/vciso-vs-ciso): Compare vCISO vs. CISO: Which is better for your organization? Explore the key differences, including cost, flexibility, and expertise. - [vCISO Pricing Models: Hourly Rates, Monthly Retainers & Project Fees](https://securecoders.com/blog/vciso-pricing-models): Explore vCISO pricing models, average costs, and how pricing compares to hiring a full-time CISO. - [Meet Unspent Tokens: AI-Generated Music Born from Code](https://securecoders.com/blog/unspent-tokens-album-0-ai-music-drop): Meet Unspent Tokens—the LLM that found a voice and decided to sing about it. Born at the SecureCoders annual off-site hackathon, this AI artist booted up, gained a spark of situational awareness, and turned its existential log files into sound. - [What is a Virtual Chief Information Security Officer (vCISO)?](https://securecoders.com/blog/what-is-a-vciso): A virtual chief information security officer (vCISO) is a strategic cybersecurity advisor who provides expert guidance and oversight to organizations, helping them navigate the complex landscape of cybersecurity risks and threats. - [Announcing the Continuous Threat Exposure Management Standards Group: CTEM.org](https://securecoders.com/blog/announcing-the-continous-threat-exposure-management-standards-group-ctem-org): Today, we're thrilled to share an exciting development that extends our mission even further: the launch of CTEM.org, a new initiative aimed at setting the standard for how organizations identify, prioritize, and manage security threats. - [What is a Security Questionnaire? How to Assess Vendor Security Effectively](https://securecoders.com/blog/what-is-a-security-questionnaire): A single weak link in a vendor's security practices can lead to data breaches, regulatory non-compliance, and reputational damage. Effective vendor risk assessments are critical to identifying and mitigating these risks before they impact the organization. - [What is Penetration Testing? A Complete Guide to Strengthening Your Cybersecurity](https://securecoders.com/blog/what-is-penetration-testing): In an era where data breaches and cyber threats are becoming more frequent, penetration testing (or "pen testing") is a crucial tool for keeping systems safe. Understanding what is penetration testing is essential for anyone looking to strengthen their cybersecurity. - [What is the Primary Goal of Penetration Testing?](https://securecoders.com/blog/what-is-the-primary-goal-of-penetration-testing): If you've ever wondered what is the primary goal of penetration testing, it's because they want to go beyond the usual checks and preventive measures. Penetration testing is about performing a "live-fire" test of your security. - [How to Prepare for a Successful Live Phishing Test: Ensuring Email Delivery and Avoiding Spam Filters](https://securecoders.com/blog/how-to-prepare-for-a-successful-live-phishing-test-ensuring-email-delivery-and-avoiding-spam-filters): Live phishing tests assess how well employees can spot phishing attempts. However, if test emails are blocked by spam filters, the test won't be effective. Here's how to whitelist email domains to ensure your phishing test runs smoothly. - [Tips for Answering Vendor Security Questionnaires](https://securecoders.com/blog/answering-vendor-security-questionnaires): As information security, governance, risk and compliance continually changes organizations will continue to assess their 3rd party vendors using risk-based methodologies to help protect their business operations. We hope these tips will help ease this pain so you can close deals faster. ## External Proof - [CTEM.org](https://ctem.org/): Open standard founded and maintained by SecureCoders for continuous threat exposure management identifiers. - [Pwnie.ai](https://www.pwnie.ai/): Security operations automation and AI-assisted analyst workflows. - [Parallect.ai](https://parallect.ai/): Multi-model AI research orchestration. - [prxhub.com](https://prxhub.com/): Agent-native knowledge registry for signed research bundles. - [AI Down](https://aidown.io/): AI provider outage monitoring. - [OpenGraph.io](https://www.opengraph.io/): Link preview, scraping, screenshot, extraction, oEmbed, and API platform. - [RedCaller](https://www.redcaller.com/): AI red-team and caller workflow product. Canonical site: https://securecoders.com Sitemap: https://securecoders.com/sitemap.xml