Legitimate use by design
Before every scan, CyberAgent verifies domain control. It operates only on assets you have proven you own: an offensive-security tool with hard boundaries.
An offensive-security tool with hard boundaries: verified legitimate use, human decision on fixes and traceable evidence are part of the product.
Before every scan, CyberAgent verifies domain control. It operates only on assets you have proven you own: an offensive-security tool with hard boundaries.
The agent watches, validates and prioritizes; it proposes remediation plans. What and when to fix is decided by your team. No changes applied autonomously to your systems.
Every risk links to the scan that produced it, the correlation used (EPSS, CISA KEV) and the exploitability validation: ready for board and auditors.
Cloud infrastructure with EU data residency, per-tenant segregation and encryption. Designed for the data-residency requirements of NIS2 and GDPR.
Reports and checklists aligned to the frameworks, with dedicated sections for NIS2, DORA and ISO 27001. ISO/IEC 27001 and ISO/IEC 27017 certifications currently in progress.
CyberAgent acts as data processor (art. 28 GDPR), with a DPA and declared sub-processors. Customer data is not used to train shared models.
Because CyberAgent runs vulnerability assessment and automated pentest, offensive-security activities that must only be performed on infrastructure you legitimately control. Validation via DNS record or file proves it, like Search Console or an SSL certificate, and ensures no one can launch scans against someone else’s assets.
No. It watches, validates and prioritizes, and proposes remediation plans. The fix is decided and applied by your team: no autonomous changes to your systems.
It is designed to be. Scope and intensity are configurable and agreed on your case, and run only on assets whose control has been verified.
Cloud infrastructure with EU data residency, per-tenant segregation and encryption. Customer data is not used to train shared models; model providers are declared in the DPA alongside other sub-processors.
No, it complements them. It gives continuous coverage between engagements and validates exploitability automatically. For strategy and governance there is noze’s CISO-as-a-service.
With dedicated sections: it maps vulnerabilities and measures to the requirements and produces reports and checklists ready for the board and auditors, with linked evidence.
Yes. Multi-tenant architecture with per-customer isolation, white-label and a hierarchical admin console, with per-client billing.
From €99/month, three plans (Starter, Business, Enterprise) with optional pay-per-scan. Guided onboarding in about an hour and EU data residency.