How Credits Work
Credits are consumed based on two factors:- Model usage: the reasoning and decision-making Neo performs across each workflow, including multi-step planning, tool selection, and result analysis.
- Infrastructure: the compute resources Neo uses, including isolated sandboxes, browser automation, terminal sessions, network probes, and file storage.
Typical Credit Ranges by Workflow
Here’s what common workflows cost on average:| Workflow | ~Credits | What Neo Does |
|---|---|---|
| Pentest | ~20 credits | Full-scope security assessment: reconnaissance, attack surface mapping, hypothesis-driven testing, exploitation attempts, proof-of-concept generation, and a detailed findings report with reproduction steps. |
| Reconnaissance | ~5 credits | Maps your external attack surface: discovers subdomains, enumerates exposed services, fingerprints technologies, identifies open ports, and produces a structured inventory of assets with risk annotations. |
| PR / Feature Pentest | ~5 credits | Targeted security review of a pull request or new feature: analyzes code changes, identifies security-relevant logic, validates findings against the running application, and tests for auth bypasses, injection points, and business logic flaws within the scope of the change. |
| Threat Model | ~3 credits | Analyzes your application architecture, identifies trust boundaries, enumerates threat vectors, and produces a structured threat model with prioritized risks and recommended mitigations. |
| Vulnerability Triage | ~3 credits | Takes a reported vulnerability or scanner finding, validates exploitability in your environment, deduplicates against known issues, assesses real-world impact, and produces an actionable ticket with reproduction steps and remediation guidance. |
These are approximate ranges based on frontier reasoning models, the most capable and thorough option available. If your workflow doesn’t require the deepest reasoning, lower-tier models can run the same tasks at up to 10x fewer credits. Neo gives you the flexibility to choose the right model for the job.
Actual credit consumption varies based on application complexity, scope of the target, depth of testing, and how many tools Neo needs to invoke during execution.
Thinking About Cost vs. Value
The right way to evaluate Neo’s cost isn’t credits per workflow. It’s what that workflow would cost you without Neo. A single pentest at ~20 credits replaces days of manual work. A security engineer running the same assessment manually would spend time on reconnaissance, tool setup, hypothesis testing, validation, and report writing. Neo compresses that into a single automated workflow with full evidence and reproduction steps. PR security reviews at ~5 credits keep pace with your engineering team. Most teams can’t review every PR for security because there aren’t enough security engineers. At ~5 credits per review, Neo can cover every meaningful code change without becoming a bottleneck. Vulnerability triage at ~3 credits eliminates the noise. Security teams spend a significant portion of their time investigating findings that turn out to be false positives or low-impact issues. Neo validates exploitability upfront, so your team only spends time on findings that matter. Threat modeling at ~3 credits makes it repeatable. Threat models are high-value but often skipped because they’re time-intensive. At ~3 credits, Neo makes it practical to threat model every new feature or architecture change, not just the ones that feel risky enough to justify the effort.The Bottom Line
Neo’s pricing is designed so that running security workflows costs a fraction of what those same workflows cost in engineer time, contractor fees, or external pentest engagements. And because we’ve built the infrastructure to run these workflows efficiently, those costs stay low as your usage scales. The goal is simple: make it economically rational to do more security testing, not less.How We Keep Costs Low
Neo is engineered from the ground up to make every credit go further through deliberate architecture decisions, purpose-built tooling, and infrastructure that’s been battle-tested at massive scale.- LLMs for reasoning, not everything. Routing every action through an LLM is expensive, slow, and unreliable. Neo uses LLMs where they genuinely add value: reasoning about security context, generating hypotheses, planning attack paths, and interpreting ambiguous results. For everything else, 40+ specialized tools (terminal execution, browser automation, network probing, code analysis, API schema parsing, and more) handle the mechanical work natively without burning tokens. The LLM reasons about what to do and why; the tools handle the how. Your credits fund actual security reasoning, not schema parsing.
- Caching to reduce redundant work. Neo applies caching at multiple layers to avoid repeating work and avoid repeating cost. When Neo has already reasoned about a particular context, gathered environment details, or resolved a piece of your application’s behavior, that knowledge is retained and reused across workflow steps and future runs. This is especially impactful for workflows that share overlapping scope.
- Built on infrastructure that runs at scale. ProjectDiscovery is an infrastructure company at its core. Our open-source tools power vulnerability scanning for some of the largest security teams in the world. We’ve scaled to process billions of assets and run millions of vulnerability scans, and that operational discipline directly shapes how Neo is built. The same infrastructure engineering that makes Nuclei fast and reliable at scale (efficient resource allocation, optimized network I/O, parallel execution, and cost-aware compute scheduling) runs under Neo’s sandboxed environments. When Neo spins up a browser, executes terminal commands, or probes an API endpoint, it’s running on infrastructure we’ve spent years optimizing for throughput, reliability, and cost efficiency. This matters for your credit consumption because infrastructure cost is a real component of every workflow. You get the depth of a thorough security assessment without paying for infrastructure that wasn’t built for it.