How Many Credits Will Your Red Teaming Use?
SpartanX Red Teaming runs on a pure consumption model. Instead of charging per asset, credits reflect the actual effort our autonomous agents spend testing your environment — because every target is different, and a static landing page is not the same workload as a complex authenticated SaaS platform.
This guide gives you a realistic range of monthly credit consumption per asset type, so you can plan a Red Teaming module subscription with confidence. The ranges below are guidance, not a quote — actual consumption depends on the complexity of each target, the density of vulnerabilities discovered, and the depth of operations executed. Talk to us if you want a tailored estimate for your environment.
This guide covers the Red Teaming module only. The SpartanX platform also includes vulnerability management, remediation, and compliance capabilities — those are not metered the same way. Learn more about the Red Teaming module.
How credits work
Credits are consumed when SpartanX performs active work against your environment: running red teaming operations, executing playbooks, and generating reports. They are not consumed by tracking assets, viewing findings, or managing remediation — those are unlimited inside the platform.
Three things drive how many credits a target consumes:
Target complexity
A simple landing page is a fraction of the workload of a multi-module SaaS application with role-based access, business workflows, and many integrations.
Vulnerability density
The more issues our agents find, the more they investigate, validate, and exploit — each finding is proven with evidence, not just flagged.
Depth of operations
Light reconnaissance is cheap. Multi-step exploitation, lateral movement, and post-exploitation analysis cost more.
Because of those three variables, two assets that look similar on paper can consume different amounts of credits in practice. The ranges below capture that reality.
Why ranges, not fixed prices
We've intentionally built this as a Low / Median / High matrix instead of a single number per asset.
Simpler-than-average targets within the size class. Few features, narrow surface, low vulnerability density.
What we typically observe. Use this for planning and estimates.
Complex or vulnerability-rich targets. Use this if the asset is mission-critical, deeply integrated, or known to have a wide attack surface.
If you're unsure where your asset lands, start with Median. You can always adjust your monthly allocation as we learn how your environment actually behaves.
Monthly credit consumption by asset
All numbers below are credits consumed per asset per month, assuming one Red Teaming engagement per asset in that month. Multiple engagements per asset (re-tests, scheduled cycles) consume credits each time.
Web Application
Lightweight site or basic application. Few features, simple workflows, no login or basic login, low integration complexity.
Low
2,500
Median
7,500
High
15,000
Standard application with multiple functional modules, user roles, integrations, and multi-step workflows.
Low
20,000
Median
30,000
High
40,000
Broad multi-module SaaS, online-banking-style platform, admin-heavy product, complex workflows, role separation, extensive resource relationships.
Low
45,000
Median
130,000
High
500,000
API Endpoint
Small REST surface with few endpoints, simple request/response patterns, low business-logic complexity.
Low
5,000
Median
15,000
High
25,000
Standard REST or GraphQL API with multiple resources, CRUD operations, authentication, moderate workflow depth.
Low
30,000
Median
60,000
High
100,000
Large API surface with many endpoints, role-based access, sensitive actions, multi-step business logic, deep system integration.
Low
110,000
Median
200,000
High
400,000
IP / Host
Single-purpose internet-facing host. Minimal exposed services, narrow attack surface.
Low
2,000
Median
5,000
High
10,000
Multi-service host with several exposed services, moderate enumeration depth.
Low
12,000
Median
20,000
High
30,000
Complex multi-service host or perimeter device, broad service surface, deeper exploitation paths.
Low
35,000
Median
50,000
High
80,000
AI System (Agents, Chatbots, LLMs)
Standalone support chatbot, FAQ assistant, or basic LLM workflow with limited context and no external actions.
Low
5,000
Median
15,000
High
25,000
AI assistant with authentication, internal knowledge access, tool usage, or a moderate number of integrations.
Low
30,000
Median
60,000
High
100,000
Agentic workflow that takes actions, accesses sensitive data, uses multiple tools, coordinates across systems, and supports complex user journeys.
Low
110,000
Median
200,000
High
400,000
Cloud Environment
Single-account scope with a handful of services. Limited IAM surface and resource graph.
Low
30,000
Median
60,000
High
100,000
Multi-service, multi-account scope. Mixed compute, storage, and networking with a moderate IAM and resource graph.
Low
110,000
Median
200,000
High
350,000
Enterprise multi-account estate. Broad service catalog, deep IAM and identity-graph analysis, extensive resource relationships.
Low
400,000
Median
700,000
High
1,200,000
Source Code Repository
Small codebase, limited entry points, narrow dependency surface.
Low
5,000
Median
15,000
High
25,000
Standard service repository with moderate module count, dependencies, and integration surfaces.
Low
30,000
Median
60,000
High
100,000
Large monorepo or multi-module platform with deep call graphs, many dependencies, and broad analysis scope.
Low
110,000
Median
200,000
High
400,000
Internal Server
Single-purpose internal host with minimal service surface.
Low
2,000
Median
5,000
High
10,000
Multi-service internal host with moderate enumeration depth.
Low
12,000
Median
20,000
High
30,000
Complex internal host running multiple critical services, broad exploitation surface.
Low
35,000
Median
50,000
High
80,000
Active Directory Server
Single AD environment. Includes enumeration, kerberoasting, AD-CS, and identity-graph analysis.
Low
25,000
Median
50,000
High
90,000
Internal Workstation
One internal endpoint. Per-host configuration review, user-context analysis, and local privilege checks.
Low
2,000
Median
5,000
High
10,000
Add-on: Report Generation
Report generation is consumed per engagement that ends with a written report. It's added on top of the asset consumption above.
Report Generation
Per ReportNarrative report at the end of an engagement, with executive summary and technical detail.
Credits
1,000
How to use this guide
Five steps to translate this matrix into a monthly credit estimate.
List your monthly targets
For every asset type you want SpartanX to cover, count how many you plan to test in a typical month.
Pick a tier per asset
Use Median by default. Use Low if the asset is genuinely simpler than average, or High if it’s complex or vulnerability-rich.
Multiply and sum
Quantity × tier credits, summed across all assets, gives you a monthly credit estimate.
Add report credits
Add 1,000 credits for each engagement that ends with a written report.
Round up
Plans are sold in monthly credit allocations — pick the next tier above your total and you have headroom for re-tests and discoveries.
If you'd rather have us run the numbers for you, scope your project and our team will recommend a credit allocation tailored to your environment.
A note on accuracy
Every environment is different. The numbers in this guide are anchored in real engagement data from SpartanX Red Teaming operations across web applications, APIs, and IP-based targets, and extrapolated where direct measurements aren't yet available (cloud environments, AI systems, source-code analysis, and internal infrastructure). We update these ranges as we run more engagements.
If your actual consumption lands above or below the ranges shown, that's expected — it's data for us to refine the model. The platform itself shows you exactly what each operation cost, so you always have full visibility into how credits were spent.
Ready to plan your Red Teaming program?
Use this guide to estimate your monthly allocation, then scope your project for a tailored recommendation — or start a Proof of Value today.
Want to see how the platform works first? Watch SpartanX in action.