Products & Services

The security products we build and run, and the consultancy work behind them.

Foxhound
Pentesting Platform

Foxhound

The workflow and delivery platform behind our web, mobile, API, network, cloud, and AI security testing. Findings are verified, CVSS v4.0 scored, tracked in real time, and delivered through the Foxhound portal.

See how it works
Extension Security Intelligence

RiskyPlugins

Risk profiles across 550K+ browser and IDE extensions in 9 marketplaces. Know what you’re installing before it becomes a problem. PrivateStores is in development for enterprise private marketplaces with curated approval workflows.

Visit RiskyPlugins
Open-Source Passkey Manager

Fenko Vault

A local-first passkey and 2FA vault for Chrome, Firefox, and Android. Open source under MIT, no account, no cloud lock-in. Optional cross-device sync runs over Nostr relays, end-to-end encrypted, with no server that ever holds your vault.

How it works
Passive DNS Monitoring

dnsmonster

Open-source passive DNS capture and indexing from network traffic, PCAP, and dnstap. A managed SaaS successor is coming for hosted DNS analytics, anomaly detection, and threat visibility.

Visit dnsmonster.dev
AI & Security Advisory

Consultancy

Focused security and AI advisory for teams that need architecture reviews, threat modelling, AI system hardening, and implementation support.

Get in touch

Most of what we do ships as a product. Foxhound runs every pentest engagement, RiskyPlugins scores the extension supply chain, Fenko Vault keeps passkeys under your own control, and dnsmonster turns raw DNS traffic into something you can search. Where a product can’t do the job alone, our consultancy practice picks it up.

Inside the Consultancy practice

The Fenko consulting practice covers hands-on security work that needs judgement, context, and implementation help. We pair with internal teams, run focused engagements, and stay long enough to make sure the work sticks.

  • Architecture reviews: assess your infrastructure, cloud setup, or application stack for security gaps.
  • Threat modelling: identify what matters, what’s exposed, and where to focus.
  • AI security: audits, prompt injection testing, inference monitoring, MCP governance, and access control for AI systems.
  • AI agent development: custom autonomous agents, multi-agent orchestration, and RAG pipelines built for your workflows.

Let's talk.

Pentest, extension supply chain, or security programme. We're here.

Contact Us