Cleveland, OH — July 9, 2026 — SubRosa, a cybersecurity company built on six years of penetration testing, offensive security, and managed detection work, today announced the launch of Sable, an all-in-one governance, risk, and compliance (GRC) platform purpose-built for AI and SaaS companies. The launch marks the company's expansion from a services-led model into product-led software — and a bet that security teams are ready for a self-serve alternative to the demo-gated compliance tools that dominate the category today.
Sable brings together the modules security and compliance teams typically stitch across spreadsheets and point tools — compliance frameworks (including SOC 2 and ISO 27001), vendor risk management, vulnerability management, policy management, and risk and controls tracking — into a single workspace. Unlike most platforms in the category, Sable is available today with a self-serve free trial: no sales call, no demo gate, and no credit card required to get started.
“Every company in this space makes you talk to a salesperson before you can even see the product,” said John Price, Founder and CEO of SubRosa. “We've spent six years breaking into companies' systems to find out where compliance checkboxes and real security diverge. Sable is us putting that experience into software instead of just a report — and letting people try it themselves instead of sitting through a pitch.”
SubRosa built Sable in-house alongside its existing security services business, which includes network and web application penetration testing, wireless and social engineering assessments, managed security operations, and a growing practice in LLM and AI system penetration testing. The company says that offensive security lineage is the core differentiator behind Sable: rather than a checklist-driven compliance tool built by auditors, Sable is built by the same team that spends its days finding the gaps automated scanners miss.
“Compliance software tells you a control exists,” Price said. “We've spent our careers proving that having a control on paper and having it actually hold up under an attack are two very different things. That's the gap Sable is built to close.”
Sable is priced in four self-serve tiers — Starter, Team, Growth, and Scale — with published pricing available on SubRosa's website, a departure from the “contact sales” pricing pages common among GRC vendors. The platform is available now at https://subrosacyber.com/en/solutions/sable
The launch does not signal a step back from SubRosa's services business, which continues to operate alongside Sable. The company says services revenue — from penetration testing and managed SOC engagements — will continue to fund Sable's development as the product matures, with the two lines of business designed to reinforce each other over time.
SubRosa plans to expand Sable's self-serve motion into its existing managed service provider (MSP) partner network in the coming months, giving partners a way to offer compliance automation to their own client base alongside SubRosa's assessment services.
About SubRosa
SubRosa is a cybersecurity company providing penetration testing, managed security operations, and — with the launch of Sable — self-serve compliance and risk management software. Founded six years ago, SubRosa serves clients across industries with services spanning network, web application, and wireless penetration testing, social engineering assessments, and AI/LLM security testing. Learn more at subrosacyber.com.