Press Release
CATAAM Launches Value-Based Pricing and a New Business Tier
Kitchener, Ontario — June 15, 2026
Unified compliance, attack-surface management, and breach-and-attack simulation across four tiers — still well below the cost of stitching together separate point tools.
CATAAM today announced revised pricing for its all-in-one governance, risk and compliance (GRC) platform, introducing value-based tiers and a new mid-market Business plan. The update reflects the platform’s expanded scope — automated compliance, internal and external attack-surface management (iASM), and breach-and-attack simulation (BAS) delivered in a single product.
Even after the change, CATAAM remains positioned well below the market: the Professional plan is priced at roughly half the cost of standalone compliance-automation tools, and a fraction of what teams pay to license separate attack-surface and breach-simulation products.
What’s changing
| Plan | Monthly | Annual | Best for |
|---|---|---|---|
| Starter | $149 | $1,490 | 1 framework, up to 25 users, external ASM |
| Professional | $699 | $6,990 | 5 frameworks, evidence harvesting, iASM + ASM, 30 credits |
| Business (new) | $1,799 | $17,990 | 15 frameworks, 1,000 users, 120 credits, BAS, SSO, dedicated CSM |
| Enterprise | Custom | Custom | Unlimited frameworks, white-label, reseller, on-premise |
Partner billing for CISO resellers and CPA firms is unchanged at $99 per framework, per client, per month, and CATAAM’s free attack-surface tier — connect cloud accounts and explore your attack-surface graph at no cost — remains available.
“Our edge isn’t being the cheapest tool — it’s running our own AI on our own infrastructure, which keeps our costs structurally low. Value-based pricing lets us reflect everything the platform now does — compliance, attack-surface management, and breach simulation in one place — while still coming in well under the price of buying those capabilities separately.”
Why now
CATAAM has expanded from compliance automation into continuous security testing, adding iASM and BAS that map findings to compliance frameworks and to the MITRE ATT&CK framework. Because that AI-heavy work runs on CATAAM’s own local models rather than metered cloud APIs, the company can offer broad capabilities at a lower price point than competitors that rely on per-token third-party inference.
About CATAAM
CATAAM is a governance, risk and compliance platform that unifies SOC 2, ISO 27001, PCI-DSS and GDPR automation with internal and external attack-surface management and breach-and-attack simulation. By running its own AI models in-house, CATAAM delivers continuous compliance and security in a single platform at a fraction of the cost of assembling separate tools.
Media contact: press@cataam.com