Frequently asked questions

RiskPulse is a preemptive resilience platform for business-critical APIs. It helps organizations identify high and critical risks in the real behavior of APIs before they become exploitation, incidents, or operational impact.

That is not how we position RiskPulse. While it uses dynamic analysis, the focus is not 'API testing' in the traditional sense. The focus is anticipating risks, generating evidence, supporting remediations, and proving resilience in critical APIs.

RiskPulse uses dynamic analysis but is not generic scanning. It works in a context-aware way, using specifications, contracts, controlled credentials, and journey criticality to reveal relevant risks in the real behavior of APIs.

RiskPulse is best suited for business-critical APIs: endpoints supporting digital journeys, sensitive data, relevant integrations, critical processes, partners, internal systems, or interfaces that agents and automations can use to act.

When available, OpenAPI, Swagger, and API contracts help deepen the analysis. RiskPulse can also use controlled credentials, defined scope, and authorized application information. Credential use happens only when applicable and authorized.

RiskPulse delivers prioritized risks and evidence for action, including impacted endpoint, used input, observed response, severity, reproduction context, grouped variations, and inputs for remediation and re-evaluation.

RiskPulse can re-evaluate APIs after remediations to verify whether the risk was reduced or addressed within the analyzed scope — moving from 'it was fixed' to 'it was proven'.

No. The API Gateway remains essential for controlling traffic, authentication, authorization, and policies. RiskPulse operates in a different layer: it reveals risks in the real behavior of APIs behind the gateway.

No. Observability is essential for monitoring production, logs, metrics, and incidents. RiskPulse complements that layer by anticipating risks before they surface as incidents or operational signals.

Yes. RiskPulse can evolve to continuous CI/CD operation and can also operate in a self-hosted model, including with the customer's own infrastructure and AI key when required.

RiskPulse was designed for enterprise environments and can operate in models compatible with different security and governance requirements. RiskPulse is formally ISO 27001:2022 certified, reinforcing its commitment to information security and operational best practices.

For point-in-time executions, the scope is defined upfront: APIs, endpoints, environment, permissions, and analysis criteria. RiskPulse assesses high and critical risks and delivers reproducible evidence for prioritization and action. If no high or critical risks are found within the agreed scope, the customer does not pay for that execution.