Who We Are
Fenko Limited is a New Zealand security company working across AI security, offensive testing, and security products.
We build and test systems where AI, software supply chains, and real-world security overlap. That includes penetration testing through Foxhound, extension intelligence through RiskyPlugins, passive DNS tooling through dnsmonster, and consulting work for teams building or deploying AI systems.
Our Philosophy
The name Fenko is a twist on “Fenek,” referring to the Fennec fox. Native to the desert, the Fennec fox is known for its oversized ears, which allow it to hear prey moving underground. It is small, agile, and hyper-aware of its environment.
That maps cleanly to how we work. We pay attention to weak signals, test assumptions directly, and look for the failure modes that are easy to miss when a system is moving fast.
Our Products
We build Foxhound, the workflow and delivery platform behind our penetration testing practice. Foxhound gives clients a single portal to track engagement progress, review findings as they’re published, inspect evidence, and download reports.
We are also the creators of RiskyPlugins.com, a platform for analysing the security posture of browser extensions, IDE extensions, and AI-adjacent plugins. Third-party extensions are a supply-chain problem. RiskyPlugins gives teams a way to inspect that risk before software is installed across an organisation.
dnsmonster is our open-source passive DNS capture and indexing project. It is built for teams that need visibility into DNS traffic from network capture, PCAP, or dnstap sources. The source now lives under FenkoHQ/dnsmonster.
How We Work
We are strongest where security work needs both engineering depth and practical judgement: AI system reviews, prompt injection testing, agent architecture, extension risk, cloud and application testing, and the workflows around remediation.
We try to be clear about scope, evidence, and limitations. If a finding matters, we show why. If a tool is not the right answer, we say so.