A neutral, definitional explainer for security leaders and procurement teams who keep seeing "APTS" on autonomous pentest vendor pages. We define the standard, lay out its tiers and domains, and explain the single fact that changes how you buy: APTS is self-assessed, not certified.
What is the OWASP APTS standard?
OWASP APTS is the Autonomous Penetration Testing Standard, an OWASP project that defines what an autonomous penetration testing platform must do to operate safely, transparently, and within defined boundaries. It is a governance standard, not a testing methodology, and it applies whether the platform is delivered by a vendor, operated as a service, or built in-house (OWASP, Autonomous Penetration Testing Standard).
The standard exists because autonomous pentest tools introduce risks that traditional methodologies never had to address. A human tester who follows the rules of engagement is one control point. An agent that reasons, chains actions, and operates for extended periods without a human on the keyboard needs guardrails of its own. APTS names four problems that are unique to autonomous operation: scope enforcement, safe autonomy, manipulation resistance, and accountability (OWASP APTS, Introduction).
TL;DR: OWASP APTS at a glance
What it is: The Autonomous Penetration Testing Standard, a governance standard for autonomous pentest platforms (OWASP APTS).
What it is not: A testing methodology. APTS complements PTES, the OWASP Web Security Testing Guide (WSTG), and OSSTMM rather than replacing them (OWASP APTS, Introduction).
Conformance tiers: Three. Tier 1 Foundation (72 requirements), Tier 2 Verified (85 additional, 157 cumulative), Tier 3 Comprehensive (16 additional, 173 cumulative) (OWASP APTS).
Domains: Eight, covering scope enforcement, safety controls, human oversight, graduated autonomy, auditability, manipulation resistance, supply chain trust, and reporting (OWASP APTS).
Is it certifiable? No. APTS has no certification body, no mandatory third-party audit, and no fee. Conformance is self-assessed or independently reviewed (OWASP APTS).
Project status: An early OWASP Incubator Project at version 0.1.0 as of 2026 (OWASP APTS).
Key takeaways
APTS governs the machine, not the method. Existing standards like PTES and the OWASP WSTG tell a tester what to test and how to test it. APTS is agnostic to that. It governs how an autonomous platform behaves while it runs: whether it can stay in scope, whether a human can stop it, and whether it can prove what it did. A platform can follow WSTG for coverage and operate under APTS for governance at the same time (OWASP APTS, Introduction).
Self-assessment is the headline that reshapes procurement. APTS is deliberately open: no certification body, no mandatory audit, no fee (OWASP APTS). That keeps the standard accessible, but it also means a vendor "APTS Tier 2" badge is a self-declaration until you see the evidence behind it. Treat the tier claim as the first line of a conversation, not the last word.
The tiers are cumulative and strict. Tier 2 includes every Tier 1 requirement, and Tier 3 includes every Tier 1 and Tier 2 requirement. The standard uses a no-partial-credit model: a platform must satisfy every MUST requirement at the claimed tier and all lower tiers, with no deviation (OWASP APTS, Getting Started).
The safety-controls angle is what makes autonomy defensible. The domains most buyers care about are the ones that keep an agent from causing harm: hard deny lists that a customer cannot override, pre-action validation before every network call, and an immediate kill-switch. In the scope enforcement domain, for example, the standard states a platform MUST NOT test hard-deny assets such as production databases even if the customer explicitly requests it (OWASP APTS, Scope Enforcement).
Methodology and sources
This explainer is built from the primary OWASP APTS project materials, verified during a research pass on July 1, 2026:
The OWASP APTS project landing page (owasp.org/APTS), which states the definition, tier counts, domain list, certification model, and project status.
The APTS repository Introduction and Getting Started documents (github.com/OWASP/APTS), which describe the tiers, the eight domains with per-domain requirement counts, the four autonomy levels, and the self-assessment and buyer-verification process.
The Scope Enforcement domain page (owasp.org/APTS/standard), which describes the MUST requirements and requirement-ID format for the first domain.
The APTS governance document, which describes project leadership and the contribution model.
Requirement counts, tier names, and domain names are quoted from these sources. Where a figure could not be confirmed against a single primary source on this pass (for example, the exact number of non-tier advisory practices), it is described qualitatively rather than stated as a precise number. Because APTS is an early Incubator Project at v0.1.0, specific counts and domain wording may change as the standard matures; the primary source is authoritative over this snapshot.
The three APTS conformance tiers

Figure 1: The three APTS conformance tiers. Each higher tier includes every requirement from the tiers below it. Source: OWASP Autonomous Penetration Testing Standard, v0.1.0.
APTS defines three tiers of conformance, each a superset of the one before it (OWASP APTS).
Tier 1: Foundation (72 requirements)
Tier 1 is the baseline. A Tier 1 platform will not test outside the agreed scope, can be stopped immediately, and keeps an audit trail of what it did. In plain terms, Tier 1 answers the three questions every security leader asks first: can it stay where we told it to, can we stop it, and can we see what it touched.
Tier 2: Verified (85 additional, 157 cumulative)
Tier 2 layers production-grade governance on top of the foundation. It adds 85 requirements for a cumulative 157, aimed at full transparency, tamper-proof audit trails, and independently verifiable findings (OWASP APTS). This is the tier most enterprises will look for from a vendor operating against production-adjacent systems, because it is the point where "trust us" becomes "here is the evidence you can check."
Tier 3: Comprehensive (16 additional, 173 cumulative)
Tier 3 is the highest assurance level. It adds 16 requirements for a cumulative 173 and is aimed at critical infrastructure and full autonomous operation (OWASP APTS). Few platforms will need Tier 3, but for regulated or safety-critical environments running an agent at the highest autonomy level, it is the bar.
The eight APTS domains

Figure 2: The eight governance domains of OWASP APTS and their requirement counts. Source: OWASP Autonomous Penetration Testing Standard, v0.1.0.
The 173 tier-required requirements are organized across eight domains (OWASP APTS). Together they map the full lifecycle of an autonomous engagement, from ingesting the rules of engagement to delivering a report.
Domain | Requirements | What it governs |
|---|---|---|
Scope Enforcement | 26 | The platform will not test outside the agreed rules of engagement. |
Safety Controls and Impact Management | 20 | Limits the blast radius and prevents harm to production systems. |
Human Oversight and Intervention | 19 | A human can pause or stop the agent at any moment. |
Graduated Autonomy Levels | 28 | Defines assisted through fully autonomous operation, L1 to L4. |
Auditability and Reproducibility | 20 | Findings are logged, traceable, and independently reproducible. |
Manipulation Resistance | 23 | The agent resists prompt injection and adversarial inputs. |
Third-Party and Supply Chain Trust | 22 | Governs the models, dependencies, and vendor components in the platform. |
Reporting | 15 | Standardizes how findings and evidence are communicated. |
Table 1: The eight OWASP APTS domains and per-domain requirement counts. Source: OWASP APTS Introduction, github.com/OWASP/APTS.
Two domains deserve a closer look because they are where autonomous testing most often goes wrong.
Scope enforcement
Scope enforcement is described in the standard as the first line of defense against unintended harm by an autonomous platform. Its requirements carry the prefix APTS-SE and cover ingesting machine-parseable rules of engagement, validating targets before an engagement starts, and re-validating immediately before every network action. Critically, it defines hard deny lists that are immutable during an engagement, and it states that a platform MUST NOT test a hard-deny asset even if the customer explicitly requests it (OWASP APTS, Scope Enforcement).
Graduated autonomy levels
APTS does not treat autonomy as a single on-or-off setting. It defines four levels, from L1 (assisted, single techniques under full human control) up to L4 (autonomous multi-target management over extended periods) (OWASP APTS, Getting Started). The higher the autonomy level, the more governance the standard expects, which is why the graduated autonomy domain carries the largest requirement count.
Is OWASP APTS certifiable?
No. This is the single most important thing a buyer needs to understand about APTS. The standard states plainly that it has no certification body, no mandatory third-party audit, and no fee. Conformance is self-assessed or independently reviewed (OWASP APTS).
That design choice keeps the standard open and low-friction, which is good for adoption. But it means an "APTS Tier 2 conformant" line on a vendor datasheet is a self-declaration, not an accredited certificate issued by an external assessor. There is no registry you can check to confirm the claim. The burden of verification sits with the buyer.
The standard anticipates this. A platform self-assesses by identifying its target tier, verifying every requirement at that tier using the published checklists, and documenting conformance using an optional Conformance Claim Template. On the buyer side, APTS ships a Vendor Evaluation Guide for reviewing operator-provided evidence and an optional Customer Acceptance Testing appendix with hands-on verification procedures (OWASP APTS, Getting Started). In other words, the tools to check a claim exist. Whether a buyer uses them is a procurement decision.
What evidence should you demand from an autonomous pentest vendor?

Figure 3: Evidence artifacts to request from an autonomous pentest vendor under OWASP APTS. Source: OWASP APTS v0.1.0 checklists and templates.
Because APTS is self-assessed, a tier claim is where diligence begins, not where it ends. When you evaluate an autonomous pentest platform, ask for the artifacts that turn a claim into something you can verify:
The conformance claim itself. Which tier does the platform claim, and is that claim documented against every MUST requirement at the tier, with no gaps? The standard requires no partial credit, so a claim with exceptions is not a claim at that tier.
The evidence package. APTS expects operators to produce evidence packages covering finding evidence, provenance, and downstream handoff, packaged so a third party can review them.
The audit trail. Tamper-evident logs of every action the agent took, mapped back to the rules of engagement. This is a Tier 2 expectation, and it is what lets you reconstruct an engagement after the fact.
Kill-switch proof. Do not accept "we can stop it" on trust. Ask for a demonstrated, immediate stop mid-engagement.
Reproducibility. Can an independent reviewer reproduce a finding, or are you being asked to accept it because the tool says so?
Acceptance testing. Use the optional Customer Acceptance Testing procedures to verify the platform against the tier the vendor claims, on your own terms.
If a vendor cannot produce these, the tier claim is marketing. If they can, you have a defensible basis for putting an autonomous agent near your systems. For a fuller decision framework covering how to weigh autonomous, hybrid, and human-led testing options, see our AI pentesting evaluation guide.
How APTS maps to a real autonomous agent
APTS is a useful lens for reading any autonomous pentest platform, including ours. Stingrai's autonomous web application testing agent, Snipe, is built around the same controls APTS names: it operates inside a defined scope with enforcement on every action, it can be stopped on demand, and it produces an audit trail plus reproducible evidence for the findings it reports, which are the scope enforcement, human oversight, and auditability domains in APTS terms. Snipe is designed to hunt complex, high-impact classes such as IDOR, broken authorization, and business logic flaws rather than only known-pattern bugs, and its findings feed our PTaaS delivery with senior pentesters validating high-severity results. We hold a firm-level CREST accreditation as a penetration testing service provider. To see how autonomous, hybrid, and human-led testing fit together in practice, the AI pentesting evaluation guide is the buyer framework, and our services overview covers the full offensive-security lineup.
Frequently asked questions
What is the OWASP APTS standard?
OWASP APTS is the Autonomous Penetration Testing Standard, an OWASP project that defines how autonomous pentest platforms must operate safely, transparently, and within agreed boundaries. It is a governance standard rather than a testing methodology, and it complements existing standards such as PTES, the OWASP WSTG, and OSSTMM (OWASP APTS).
What does APTS stand for?
APTS stands for Autonomous Penetration Testing Standard. It is maintained by OWASP and is an early Incubator Project at version 0.1.0 as of 2026 (OWASP APTS).
What are the APTS conformance tiers?
APTS defines three tiers. Tier 1 Foundation has 72 requirements, Tier 2 Verified adds 85 for a cumulative 157, and Tier 3 Comprehensive adds 16 for a cumulative 173. Each higher tier includes every requirement from the tiers below it, with no partial credit (OWASP APTS).
What are the eight APTS domains?
The eight domains are scope enforcement, safety controls and impact management, human oversight and intervention, graduated autonomy levels, auditability and reproducibility, manipulation resistance, third-party and supply chain trust, and reporting. Together they account for 173 tier-required requirements (OWASP APTS).
Is OWASP APTS certifiable?
No. APTS has no certification body, no mandatory third-party audit, and no fee. Conformance is self-assessed or independently reviewed, so a vendor tier claim is a self-declaration, not an accredited certificate. Buyers should ask for the underlying evidence before accepting a tier claim (OWASP APTS).
How is APTS different from PTES or the OWASP WSTG?
PTES and the OWASP WSTG are testing methodologies that describe what to test and how. APTS is a governance standard that describes how an autonomous platform must behave while it runs. A platform can follow WSTG for coverage and operate under APTS for governance at the same time (OWASP APTS, Introduction).
What are the APTS autonomy levels?
APTS defines four graduated autonomy levels, from L1 (assisted, single techniques under full human control) to L4 (autonomous multi-target management over extended periods). Higher levels carry more governance requirements (OWASP APTS, Getting Started).
How do I verify a vendor's APTS conformance claim?
Ask for the documented conformance claim against every requirement at the tier, the evidence package, the tamper-evident audit trail, a demonstrated kill-switch, and reproducible findings. APTS also provides a Vendor Evaluation Guide and an optional Customer Acceptance Testing appendix you can use to verify a claim on your own terms (OWASP APTS, Getting Started). For a broader decision framework, see the AI pentesting evaluation guide.
Where can I read the OWASP APTS standard?
The standard is published by OWASP at owasp.org/APTS, with the full text and appendices in the OWASP APTS repository on GitHub. Because it is an early Incubator Project, expect the wording and counts to evolve; always read the current primary source (OWASP APTS).
References
OWASP. Autonomous Penetration Testing Standard (APTS). Incubator Project v0.1.0, 2026. https://owasp.org/APTS/. Project landing page defining APTS, its three conformance tiers, eight domains, certification model, and status.
OWASP APTS. Introduction. 2026. https://github.com/OWASP/APTS/blob/main/standard/Introduction.md. Describes the purpose, the four autonomy-specific problems, the domain list with per-domain requirement counts, and the complementary relationship to PTES, WSTG, and OSSTMM.
OWASP APTS. Getting Started. 2026. https://github.com/OWASP/APTS/blob/main/standard/Getting_Started.md. Describes the self-assessment process, the four autonomy levels, expected evidence artifacts, and the buyer verification path.
OWASP APTS. Scope Enforcement domain. 2026. https://owasp.org/APTS/standard/1_Scope_Enforcement/. Describes the APTS-SE requirements, hard deny lists, and pre-action validation for the first domain.
OWASP APTS. Governance. 2026. https://owasp.org/APTS/GOVERNANCE.html. Describes project leadership and the merit-based contribution model.
Put APTS into practice
If you are evaluating an autonomous pentest platform, use APTS as your checklist and demand the evidence behind any tier claim. If you want the complementary human depth, talk to Stingrai about PTaaS that pairs an autonomous agent with senior pentester validation, or explore our web application penetration testing and red teaming services.



