Credits & billing
AISafe uses a credit-based consumption model. Credits are the currency that funds assessment runs, report generation, and continuous capabilities like PR review and monitoring. You purchase credits upfront or subscribe to a plan that includes a monthly credit allowance.
How credits work
Each assessment run consumes credits based on its type, the size of the target (lines of code for code audits, number of endpoints for pentests), and the selected duration. You see the estimated credit cost before starting an assessment. AISafe debits credits when the assessment starts and refunds them if the assessment fails due to a platform error. Continuous capabilities like PR review and monitoring consume credits per invocation.
Purchasing credits
You can purchase credits in two ways: through the dashboard under Billing, or via the API. One-time credit packs are available without a subscription. Subscription plans include a monthly credit allowance that replenishes each billing cycle. Purchased credits do not expire and remain available until you use them.
Duplicate charge prevention
Credit spend is idempotent. If duplicate events trigger the same operation twice, the system records a single debit. AISafe tracks each credit-consuming operation with a unique reference, so retries and duplicate deliveries resolve to a single debit. The same logical action incurs a single charge, even when upstream systems fire redundant events.
Plans
AISafe offers subscription plans with included monthly credits and per-credit overage pricing. Plan tiers scale with team size, assessment volume, and access to continuous capabilities (PR review, scheduled scans, monitoring). You can purchase one-time credit packs without a subscription.
Usage tracking
The Billing page in organization settings shows your current credit balance, recent transactions (purchases, assessment debits, refunds), and usage trends. You can set up low-balance alerts to receive notifications before credits run out.
Spend guardrails
Organizations can configure a monthly spend policy with alert thresholds and optional blocking enforcement. A policy can set an organization-wide cap, a per-project cap, a calendar-month or rolling-30-day window, and threshold percentages such as 80%.
When enforcement is set to warn, AISafe allows new spend but emits spend.threshold_crossed once per threshold and window. When enforcement is set to block, AISafe rejects new assessment starts and skips continuous capabilities before any debit if the projected spend would exceed the cap. Refunds reduce the current window spend.
Use GET /api/v1/organizations/{id}/spend-posture to inspect current window spend, cap state, per-capability breakdown, and projected end-of-window burn.
Webhook notifications
AISafe fires webhook notifications for billing events, including spend thresholds and cap-reached states. See Webhooks for the full event catalogue.