Fenko builds security tools and breaks into systems. Penetration testing, extension intelligence, and hands-on advisory for teams dealing with AI and security.
Foxhound — Penetration Testing →
Manual security testing across web applications, mobile apps (iOS and Android), APIs, network infrastructure, cloud environments, and AI systems. Every finding is manually verified, scored with CVSS v4.0, and mapped to compliance frameworks. You get real-time portal access through Foxhound to track engagement progress, review findings with evidence as they’re published, and download reports without waiting until the end. Retesting included.
RiskyPlugins — Extension Security Intelligence →
Search, analyse, and monitor risk profiles across 550K+ browser and IDE extensions in 9 marketplaces. Know what you’re installing before it becomes a problem. We’re building PrivateStores next — enterprise private extension marketplaces with security-first curation and approval workflows.
Consultancy
Hands-on security and AI advisory for teams that need expertise without hiring a full-time head of security.
- Virtual CISO — ongoing security leadership, policy development, and board-level reporting
- Architecture reviews — assess your infrastructure, cloud setup, or application stack for security gaps
- Threat modelling — identify what matters, what’s exposed, and where to focus
- AI security — audits, prompt injection testing, inference monitoring, MCP governance, and access control for AI systems
- AI agent development — custom autonomous agents, multi-agent orchestration, and RAG pipelines built for your workflows
- Compliance guidance — gap analysis and remediation roadmaps for frameworks like ISO 27001, SOC 2, and the EU AI Act
dnsmonster — Passive DNS Monitoring →
Open-source passive DNS capture and indexing. Captures and indexes queries from network traffic, PCAP files, and dnstap sources. The project has been running for years. We’re building a managed SaaS successor for organisations that want hosted DNS analytics, anomaly detection, and threat visibility without standing up their own infrastructure.