If you've been evaluating security vendors and Prescient Security is on your list — or if Prescient Security was your compliance provider and you're now reassessing your security partnerships following the Delve compliance scandal — this page gives you a direct, honest comparison. We'll be upfront: we are Lorikeet Security, and this is our perspective on how we compare. Read it with that in mind, but we'll do our best to give you the factual picture rather than a marketing document.
Context: Prescient Security was one of the CPA firms that delivered SOC 2 reports through the Delve platform. Delve was found in March 2026 to have fabricated or templated nearly 500 SOC 2 reports with 99.8% identical language. If your SOC 2 was issued by Prescient Security via Delve, your report may be compromised. See our full analysis: Are You a Prescient Security Client Who Got SOC 2 Through Delve?
What Prescient Security Offers
Prescient Security is a compliance-oriented advisory and CPA firm that offers: SOC 2 Type 1 and Type 2 audits, ISO 27001 gap assessments and readiness, HIPAA assessments, penetration testing (offered as a supporting service to compliance work), and general security consulting. Their primary orientation is compliance attestation — they are structured as an audit and advisory firm that also offers security testing as part of a compliance package.
Their client base has historically skewed toward startups and mid-market SaaS companies pursuing SOC 2 for the first time, often bundled with their broader compliance advisory engagement. They have operated in the compliance-automation platform era alongside tools like Vanta and Drata.
What Lorikeet Security Offers
Lorikeet Security is a penetration testing and attack surface management firm that also supports compliance. The distinction in emphasis matters: our core capability is offensive security — web application pentests, API testing, network and Active Directory assessments, red team operations, and continuous attack surface monitoring. Compliance support (SOC 2 pentest evidence packages, ISO 27001 Annex A testing, HIPAA technical assessments) is built on top of that offensive security foundation.
Key platform differentiators: our PTaaS (Penetration Testing as a Service) model gives clients real-time access to findings during the assessment via a client portal, not a PDF delivered weeks later. Our attack surface management service provides continuous monitoring of your external footprint between point-in-time pentests. Pricing is transparent and published — no custom quotes for everything.
Direct Comparison
| Dimension | Prescient Security | Lorikeet Security |
|---|---|---|
| Primary orientation | Compliance-first (audit & advisory CPA firm) | Security-first (offensive security firm with compliance support) |
| Penetration testing | Offered, typically as part of compliance package | Core capability; PTaaS platform with real-time client portal |
| SOC 2 audits | Full CPA audit capability; Delve connection is a current concern | Not a CPA audit firm; partner with accredited auditors for audit; provide pentest evidence |
| Attack surface management | Not a primary offering | Continuous ASM platform with real-time monitoring |
| Pricing transparency | Custom quotes typical | Transparent pricing published on website |
| Typical client stage | Pre-Series A through Series B seeking compliance | Seed through Series C+ seeking real security plus compliance evidence |
| Delve / compliance scandal | Used Delve platform for SOC 2 delivery; reports may be compromised | Not connected to Delve; independent pentest evidence only |
| Report format | Traditional PDF audit reports | Real-time portal findings + executive PDF + compliance evidence package |
Why the Compliance-First vs Security-First Distinction Matters
This is the most important factor in the comparison. A compliance-first firm is incentivized to produce clean audit reports — that's the deliverable customers pay for, and that's what drives renewals. When penetration testing is a supporting service to a compliance engagement, the natural incentive is a test scoped to produce evidence that satisfies the auditor, not a test scoped to find the most impactful security vulnerabilities.
A security-first firm's core product is finding real vulnerabilities. The pentest is the primary deliverable, and the value is measured by the quality and actionability of findings — not by whether the resulting evidence satisfies a compliance checkbox. When we scope a pentest for a SOC 2 compliance engagement, we scope it to find real security issues in your production environment, and that evidence happens to also satisfy your auditor. Both outcomes are achieved, rather than optimizing for just one.
What if you need both audit and pentest?
Our recommendation for most companies: use a specialized, independent CPA firm for your SOC 2 audit, and use a security-first firm like Lorikeet for your penetration testing. The independence between your auditor and your security tester is actually a feature — your auditor evaluating your pentest report should be evaluating real findings from an independent security assessment, not a report from their own team. This is the model that most sophisticated enterprise buyers prefer to see.
If You Were a Prescient Security Client
If your SOC 2 was delivered through Prescient Security, the first question is whether Delve was involved in that delivery. See our guide for Prescient Security SOC 2 clients for specific steps to verify your report's integrity and what to do if it was issued through the Delve platform.
Regardless of the Delve question, if you are reconsidering your security vendors as a result of this situation, we are happy to provide a consultation on what Lorikeet Security's assessment services would look like for your environment. There is no obligation, and we will tell you honestly if a different provider would be a better fit.
Looking for a security-first alternative?
Lorikeet Security provides penetration testing, continuous attack surface monitoring, and compliance-ready evidence packages — with transparent pricing and real-time findings access during assessments.
