Hire those whomaster AI —not those whodepend on it.

• Solving isn't enough

  Capturing a flag proves the candidate found the vulnerability. The mandatory write-up proves they understand why it exists and how to fix it.

• Every flag is session-unique

  The flag is cryptographically derived from the session ID (HMAC-SHA256). It doesn't exist before generation. Not findable on Google. Non-copyable across sessions.

• Judgment, not memory

  Hybrid sessions combine a technical CTF challenge and an SJT (Situational Judgment Test). We verify that the human makes sound decisions even when no tool dictates the answer.

• 01Available

  CTF Challenge

  A real Docker environment with an active vulnerability. The candidate exploits the flaw, captures their session-unique flag, then explains their approach in writing. Score measures execution AND understanding.

  Pack examples

  • JWT Security
  • SQL Injection
  • SSRF → RCE
  • +102 more
• 02Available

  Situational Judgment Test

  Realistic scenarios: 3am production incident, AI-generated PR with a flaw, architecture decision under pressure. The candidate chooses best and worst response. We measure pure human judgment — no tools.

  Profiles evaluated

  • Tech Lead
  • Engineering Manager
  • Senior SRE
  • Architect
• 03Available

  Hybrid Session

  Phase 1 CTF (technical under timer). Phase 2 SJT (judgment on the same incident). Report combines both scores across 26 axes. Ideal for senior profiles where technical skill alone isn't enough.

  Key axis measured

  • AI Mastery
  • SRE Judgment
  • Tech Lead Signal

• MatrixForge

  Generate challenges from predefined or custom objectives. 60 composable bricks, 105 ready-to-deploy packs. No code required.

• 26-axis report

  Detailed radar chart: technical skills (JWT, SQLi, infra) + judgment (SRE, architecture, leadership). Automatic recommendation: SHORTLIST / DISCUSS / REJECT.

• Self-hostable

  Deploy on your server in under one hour with Docker Compose. On-premise, private cloud, or hybrid infra. Candidate data never leaves your perimeter.

• EU AI Act ready

  Objective and auditable score (flag = solved or not). Explainable report. Mandatory human final decision. Designed for Article 14 EU AI Act compliance from August 2026.

• ATS integration

  Configurable outbound webhook to your ATS (Greenhouse, Lever, Workable). Report is automatically pushed to the candidate file at session end.

• Multi-org, multi-space

  Granular RBAC: org_admin, space_admin, recruiter, viewer. Ideal for recruitment agencies managing multiple clients in a single instance.

• Starter

  For small teams with occasional hiring needs.

  149 € / month

  • 20 sessions / month
  • 1 recruitment space
  • Pre-configured CTF packs (105 available)
  • 26-axis report per session
  • PDF report export
  • Docker deployment included
  • Email support
  Get started

• Most popular

  Studio

  For active tech HR teams with regular volume.

  399 € / month

  • 75 sessions / month
  • Unlimited spaces
  • All types (CTF, SJT, Hybrid)
  • Hybrid CTF + SJT sessions
  • 26-axis report + sector benchmark
  • ATS integration (webhook)
  • Priority support
  Choose Studio

• Scale

  For mid-size companies and high-volume recruitment agencies.

  899 € / month

  • Unlimited sessions
  • Multi-organisations
  • Pack Studio (custom challenge creation)
  • Report + quarterly benchmark
  • SSO / SAML
  • Full API
  • Dedicated account manager
  Contact the team

All prices excl. VAT. 14-day free trial on Starter and Studio plans. Extra sessions: €12 / session over quota. Enterprise quote →

Frequently asked questions

Can the candidate use AI during the assessment?

Yes. MatrixAccess does not block AI tools — that would be counterproductive and unrealistic. What we measure is whether the candidate understands what they're doing. The mandatory write-up after each flag, the tool-free SJT, and the coherence of the approach reveal real understanding. A candidate who used AI without understanding will show in the report.

Can we host the platform on our own server?

Yes, that is the default model. We provide a complete Docker Compose setup. Deployment in under one hour on any Linux server. On-premise, private cloud, or hybrid. Your candidate data never leaves your perimeter.

What is the mandatory write-up?

After capturing each flag, the candidate must answer two short questions: 'What did you find?' and 'Why does it work?'. These answers are evaluated in the final report and represent a significant part of the overall score. They reveal whether the candidate understands the vulnerability or just followed a walkthrough without grasping the mechanism.

How is MatrixAccess compliant with the EU AI Act?

The EU AI Act (enforceable from August 2026) classifies candidate assessment systems as 'high-risk AI'. It requires human oversight, explainable scores, and a right to explanation for candidates. MatrixAccess is built for this: binary and auditable score (flag = solved or not), per-challenge explained report, and a final recommendation that remains human — not automated.

Is there a free trial?

Starter and Studio plans include a 14-day no-commitment trial. To get started, request a personalised demo — we configure the platform to your recruitment context in 30 minutes.