Vulnerability Scanner Now Offers Discounts for Every Finding It Gets Wrong

AMSTERDAM—Vulnerability management vendor Vuln4U announced Tuesday a new pricing model that charges customers per vulnerability found, while offering equally large discounts for any findings the scanner later turns out to have misidentified.

Customers pay €10,000 per critical vulnerability, with lower fees for lower severities. But for every incorrect finding, they earn automatic credits—€12,000 for misclassified criticals, €5,000 for anything that wasn’t actually a vulnerability, and a 15% invoice reduction if more than 40% of a scan is wrong. A free re-scan is triggered if the tool flags “any household appliance” as impacted by a CVE.

Analysts say the structure effectively converts Vuln4U false-positive rate into a cashback program. Several customers have already reported receiving more in credits than they were charged, with one CISO saying his team unintentionally reached “Platinum Misclassification Tier,” which includes early feature access and a fleece jacket.

In early financial projections shared with investors, Vuln4U said the discount model is so “customer-centric” that the company expects to pay out more in misclassification credits than it collects, noting that these payouts will be “fully covered by existing venture funding through at least Q4.”

When asked if the system incentivizes further inaccuracies, Vuln4U insisted its classifications remain governed by “strict accuracy safeguards,” including policies ensuring all severity ratings are “directionally appropriate for revenue forecasting.”

The company says credits can be applied to future scans, premium support, or its upcoming AI-powered suggestion engine.