CyberAgent

An offensive-security tool with hard boundaries: verified legitimate use, human decision on fixes and traceable evidence are part of the product.

CyberAgent dashboard
Offensive security with clear accountability

Legitimate use by design

Before every scan, CyberAgent verifies domain control. It operates only on assets you have proven you own: an offensive-security tool with hard boundaries.

Human-in-the-loop

The agent watches, validates and prioritizes; it proposes remediation plans. What and when to fix is decided by your team. No changes applied autonomously to your systems.

Traceable evidence

Every risk links to the scan that produced it, the correlation used (EPSS, CISA KEV) and the exploitability validation: ready for board and auditors.

Compliance and data

The answers procurement asks for first

EU data residency

Cloud infrastructure with EU data residency, per-tenant segregation and encryption. Designed for the data-residency requirements of NIS2 and GDPR.

NIS2 / ISO 27001

Reports and checklists aligned to the frameworks, with dedicated sections for NIS2, DORA and ISO 27001. ISO/IEC 27001 and ISO/IEC 27017 certifications currently in progress.

GDPR

CyberAgent acts as data processor (art. 28 GDPR), with a DPA and declared sub-processors. Customer data is not used to train shared models.

Frequently asked questions
Why do I have to verify domain control?

Because CyberAgent runs vulnerability assessment and automated pentest, offensive-security activities that must only be performed on infrastructure you legitimately control. Validation via DNS record or file proves it, like Search Console or an SSL certificate, and ensures no one can launch scans against someone else’s assets.

Does CyberAgent change my systems or apply patches?

No. It watches, validates and prioritizes, and proposes remediation plans. The fix is decided and applied by your team: no autonomous changes to your systems.

Is the automated pentest safe for production?

It is designed to be. Scope and intensity are configurable and agreed on your case, and run only on assets whose control has been verified.

Where does the data live and which models do you use?

Cloud infrastructure with EU data residency, per-tenant segregation and encryption. Customer data is not used to train shared models; model providers are declared in the DPA alongside other sub-processors.

Does CyberAgent replace a red team or a CISO?

No, it complements them. It gives continuous coverage between engagements and validates exploitability automatically. For strategy and governance there is noze’s CISO-as-a-service.

How does it fit into a NIS2 or ISO audit?

With dedicated sections: it maps vulnerabilities and measures to the requirements and produces reports and checklists ready for the board and auditors, with linked evidence.

Is it suitable for an MSP or system integrator?

Yes. Multi-tenant architecture with per-customer isolation, white-label and a hierarchical admin console, with per-client billing.

How much does it cost and how do we start?

From €99/month, three plans (Starter, Business, Enterprise) with optional pay-per-scan. Guided onboarding in about an hour and EU data residency.

Let's talk about your case

Book a demo

Need support?Under attack?Service Status
Need support?Under attack?Service Status