Traditional security scanners excel at pattern matching, but modern vulnerabilities often emerge through multi-step chains that require deeper context. To solve this, Ostorlab is introducing Cyber Models: a managed, prepaid AI compute infrastructure that embeds advanced reasoning directly into Deep Agentic Scans.

Operating under approved channels with whitelisted offensive security status, Cyber Models lets your agents evaluate vulnerabilities, generate exploit strings, and simulate attack paths at full capability. It eliminates restrictive consumer-tier safety alignment layers that cause standard models to refuse legitimate penetration testing tasks. Best of all, it removes the operational overhead of provisioning external provider accounts, managing API keys, or dealing with surprise infrastructure bills that prompt urgent Slack messages from finance. Security teams can simply define the target, select the scan depth, and let Ostorlab handle the infrastructure choreography.

Why Cyber Models

AI-assisted security testing is moving from experimentation to real operational workflows. That changes the problem. The hard part is no longer just getting access to powerful models; the hard part is controlling how they are used.

Security teams need to know who can run AI-assisted scans, which targets are in scope, how much each scan can consume, where usage is recorded, and how to avoid surprise infrastructure costs.

Bring-your-own-key (BYOK) deployments offer flexibility, but they introduce overhead. Teams must provision external provider accounts, manage API keys, configure billing, monitor usage, handle rate limits, reconcile provider invoices, and maintain visibility across multiple systems. That works for some organizations. For others, it is one more operational puzzle in a security program that already has enough puzzles.

Cyber Models removes that friction. Ostorlab manages the AI infrastructure layer while security teams control scan scope, effort level, and prepaid usage directly from the Portal.

Key Benefits

• No external API key management: Decouples scan environments from local credentials.
• Prepaid token-based billing: Purchases are added to a centralized workspace wallet.
• Managed model orchestration: Advanced custom profiles run at full capability without standard commercial restrictions.
• Predictable spend controls: Maximum budgets are reserved upfront, and execution limits are tied to scan effort profiles so finance stays happy.
• Centralized wallet auditing: Total visibility over current balances, ledger entries, and transaction history.

Cyber Models vs BYOK

When configuring a Deep Agentic Scan, teams choose how Ostorlab routes AI-assisted execution. Cyber Models is built for teams that want managed AI infrastructure, prepaid usage controls, and centralized accounting inside Ostorlab. BYOK remains available for teams that prefer to route execution through their own provider accounts and manage configuration themselves.

Infrastructure Attribute	Cyber Models	BYOK
Provider Access	Managed through Ostorlab-approved provider channels	Routed through customer-managed provider accounts
Model Orchestration	Handled by Ostorlab’s abstraction layer	Controlled by customer configuration
Model Configuration	Optimized model profiles (GPT-5.5 Cyber, Opus 4.8 with Cyber Verification)	Client-specified provider endpoints
API Key Management	No external keys required	Customer manages provider API keys
Billing Model	Prepaid compute credits through the Ostorlab wallet	Direct metered billing through provider accounts
Spend Control	Credit reservation and settlement per scan	Provider dashboard limits and customer-managed caps
Rate Limits / Concurrency	Managed through Ostorlab capacity controls	Bound to customer provider limits
Execution Controls	Scan-profile limits, scoped execution, and credit ceilings	Customer-managed limits and provider-side settings
Auditability	Wallet balance, ledger logs, and transaction history in Ostorlab	Split across provider and internal systems

If your team wants direct provider control, BYOK is there. If your team wants the deep scan without the infrastructure choreography, Cyber Models is the smoother path.

How Cyber Models Compute Credits Work

Cyber Models uses prepaid compute credits for AI-assisted scan execution to abstract away chaotic, vendor-specific pricing. Cyber Models credits should be understood as Ostorlab-managed compute credits, not raw language-model input or output tokens. A credit represents managed AI scan execution within Ostorlab’s infrastructure, not a direct context-window measurement.

The credit lifecycle operates through three distinct stages:

1. Reservation

When a Deep Agentic Scan is initialized, Ostorlab reserves the maximum credit ceiling associated with the selected effort profile. This confirms that the workspace has enough available balance to complete the selected scan depth before execution begins. Reservation gives teams a predictable maximum cost upfront without guessing, hidden model-metering math, or spreadsheet archaeology.

2. Scoped Execution

Ostorlab provisions a scoped execution context bound to the selected target boundaries, scan configuration, and credit ceiling. The scan proceeds without requiring external credentials. During execution, teams can monitor live credit consumption directly from the scan log view. This means you see exactly how the scan is consuming its reasoning budget while it runs, instead of discovering usage later in a surprise provider invoice and pretending to enjoy surprises.

3. Settlement

When the scan completes or is manually cancelled, Ostorlab calculates actual usage. Only consumed credits are deducted from the workspace wallet. Any unused reserved credits are automatically returned after settlement. This gives teams the best of both worlds: a predictable maximum cost before execution and an automatic credit return for unused reserved capacity.

Scan Effort Profiles

Cyber Models supports three effort profiles for Deep Agentic Scans. Each profile adjusts the depth of the agentic execution loop, including reasoning breadth, state exploration, hypothesis evaluation, and validation depth. The ceilings below represent Cyber Models compute-credit limits, not raw language-model context tokens.

Effort Profile	Credit Ceiling	Best For	Execution Behavior
Core	200 credits	Focused testing of priority assets	Fast, high-confidence analysis with limited exploration.
Advanced	500 credits	Broader application and API coverage	Expanded reasoning across medium-confidence hypotheses and deeper paths.
Elite	1,000 credits	Complex environments and high-value targets	Deepest available assessment profile with broader state exploration and multi-step analysis.

Your wallet balance determines your scanning composition. For example, a balance of 1,000 credits permits 5 Core scans (200 credits each), 2 Advanced scans (500 credits each), or 1 Elite scan (1,000 credits). This allows you to mix and match execution types as needed.

Operational Workflow

Cyber Models is fully managed from the Ostorlab Portal. Teams can top up their workspace wallet, monitor token balances, review transaction history, and launch Deep Agentic Scans without leaving the platform.

Phase 1: Provision Compute Balance

To begin using Cyber Models, add tokens to your workspace wallet.

1. Navigate to the Upgrade interface from the primary dashboard.
2. Select the Cyber Models tab.

3. Choose the compute profile pack that matches your expected scan volume and specify the required quantity.
4. Complete payment through Stripe.

The token balance is added to your workspace wallet. Once payment is complete, the balance becomes available for Cyber Models-powered scans.

Phase 2: Monitor Wallet Balances and Ledger Logs

Cyber Models includes native wallet visibility inside the Ostorlab Portal. Teams can review:

• Current token balance
• Reserved token amounts
• Completed scan consumption
• Refunds of unused reserved tokens
• Historical debit and credit transactions
• Usage trends over time

This information is available through the Token Wallet and Transaction History components.

The wallet ledger gives teams a clear record of token usage across scans, making it easier to track spend, audit consumption, and plan future testing depth.

Phase 3: Execute a Deep Agentic Scan with Cyber Models

Once your wallet is funded, Cyber Models can be selected during the scan configuration workflow.

1. Open the New Scan workflow.
2. Configure the target boundaries and scan scope.
3. Advance to the AI Provider configuration screen.
4. Select Cyber Models instead of BYOK Simple or BYOK Advanced.

5. At the Effort step, choose the depth that matches the target environment: Core, Advanced, or Elite.

6. Submit the scan.

Controlled Depth for Authorized Security Testing

Cyber Models is designed for teams that need deeper AI-assisted security analysis without losing control over scope, execution, or spend. Each scan is strictly governed by target boundaries, effort-based credit ceilings, prepaid wallet limits, live usage visibility, manual cancellation support, and automatic settlement after completion.

Security teams can use Cyber Models to support:

• Chained vulnerability discovery across multiple application behaviors.
• Attack-path reasoning across APIs, workflows, and exposed services.
• Business-logic testing for application-specific abuse cases.
• Authorization testing across roles, tenants, and object boundaries.
• Authentication edge-case analysis across login, recovery, and session flows.
• API behavior exploration across documented and undocumented endpoints.
• Multi-step vulnerability validation within approved scopes.
• Adversarial simulation against authorized targets.

The goal is not uncontrolled automation. The goal is governed depth: deeper reasoning, bounded execution, visible usage, and clear accounting. It gives teams the depth they want, the control they need, and fewer reasons to open five different dashboards before running one scan, making it a rare win for both security and sanity.

Deploy Deep Agentic Scans with Cyber Models

Cyber Models is now available in the Ostorlab Portal. To run advanced AI-assisted security assessments through managed Cyber Models infrastructure, navigate to your workspace dashboard, top up your token wallet, and select Cyber Models when configuring your next Deep Agentic Scan.