Bertha Siege Engine
AI-driven penetration testing for the modern cloud stack.
Bertha Siege Engine is a cross-platform penetration-testing suite for modern cloud web applications. It runs 23 attack modules across reconnaissance, injection, auth, API and business logic, then uses Claude to analyse findings, generate stack-aware payloads and verify false positives — turning raw scan noise into confirmed, prioritised, fixable findings. It hardens the rest of the portfolio and powers hands-on client security engagements.
The layer
Govern. Before you trust a system, you attack it. Bertha Siege Engine is the offensive counterpart to Silo’s defensive control plane — the in-house red team that keeps the whole portfolio honest.
The problem
Automated scanners drown teams in false positives and generic findings that ignore the actual architecture — so real vulnerabilities hide in the noise, and modern stacks (Amplify, CloudFront, Kong, Supabase JWT, Kubernetes microservices) get tested with tools that don’t understand them.
What it does
Bertha Siege Engine runs a full battery of attack modules against modern cloud stacks, then applies Claude to analyse, verify and prioritise. AI-enhanced false-positive verification — active retesting plus source-code cross-referencing — separates confirmed issues from artefacts, and every finding ships with a stack-specific fix. Its strongest edge is depth in the AWS Amplify / CloudFront / Kong stack that generic scanners treat as a black box.
How it’s used
Bertha is a proprietary tool for authorised testing only. Today it serves two roles: hardening Agencie.io Labs’ own products before they ship, and powering hands-on client security engagements. The clearest commercial path is a focused niche — the security scanner for AWS Amplify apps — rather than competing head-on with general-purpose tools. It sits in the portfolio as proof of the security depth behind everything else.