Ethiack @ethiack

Most vulnerability scanners provide quantity over quality. A critical RCE lands next to a self-XSS with no exploitability.  Ethiack works differently. We verify actual exploitability across 200+ different vulnerabilities classes (CWEs) continuously using our agentic AI, Hackian. So you get real, prioritized findings that you can act upon immediately

AI in cybersecurity isn't optional anymore, it's literally reshaping how breaches are discovered, how threats are prioritized, and how security teams work. Most organizations are still using outdated scanners that can't leverage any of this. With Ethiack, your team gets the speed and accuracy that AI promises, without the chaos that legacy tools create.

Ethiack only delivers verified vulnerabilities with PoCs.

"VulnOps" is a new buzzword that's getting thrown around... Unlike most buzzwords, this one is actually doing good things for cybersecurity. The shift toward VulnOps is fueled by: 1️⃣ AI-Accelerated Discovery: Autonomous systems are finding complex bugs faster than ever, lowering the cost for attackers and forcing defenders to manage a much higher volume of known issues. 2️⃣ Infrastructure Fragmentation: Vuln data is in multiple places now - CVE/KEV/NVD, etc. teams must now engineer their own pipelines to reconcile data from multiple sources. 3️⃣ Vanishing Exploitation Windows: Attacks are now happening <24hrs after a CVE drops, 24+ hour remediation cycles are suddenly obsolete. 4️⃣ New AI Attack Surfaces: Agentic AI introduces risks like prompt injection and tool-poisoning that traditional taxonomies don't capture. Is your company ready to transition to Vulnops? We can help you lead the way.

Universidade do Porto managed a massive, dynamic digital footprint. Keeping up with shadow IT across a sprawling academic landscape meant dealing with three core problems: hidden assets, outdated annual pentests, and overwhelming vulnerability noise. We solved this by helping Head of InfoSec José Augusto Silva bring 1,000 critical assets under continuous validation within 7 months: Hidden Assets ➡️ Continuous Mapping: Instantly brought blind spots across 5,000 assets into plain view. Annual Snapshots ➡️ 24/7 Security: Replaced slow, periodic testing with continuous, automated assessments. Alert Noise ➡️ Validated Proof: Our agentic AI pentester, Hackian, actively exploits flaws to prove what is actually dangerous, prioritizing real risk. U.Porto stopped hunting for blind spots and started fixing validated threats in real time

You can't protect what you can't see. This is the harsh reality for European businesses right now. One in eight faces a cyberattack annually with large enterprises carrying the highest risk, often completely blind to where the threat is originating. According to reports by Censys, somewhere between 40% to 60% of an organization's attack surface is completely unknown.  True resilience requires shifting away from guesswork and moving toward continuous, autonomous discovery, we can help with that

Managing WordPress security at scale requires data-backed intelligence. That's why we have a new integration with @patchstackapp  This partnership changes the game by bringing world-class WordPress threat intelligence directly into our engine. 🟢Here is how it works: 1. We continuously analyze and map your attack surface, including all WordPress assets. 2. Patchstack tracks CVEs related to WordPress. When a new vulnerability appears on your dashboard, you can learn from it instantly through Patchstack's extensive database. 3. Ethiack immediately ingests that intelligence, utilizing our agentic AI pentesting technology, Hackian, to validate whether the new CVE is actually exploitable against your in-scope assets. No more guessing, no more false positives. Just real-time WordPress threat intelligence powered by autonomous proof.

Active and Continuous Prevention > Passive Threat Posture

Organizations that prioritize compliance over security often discover they are losing both. Attackers don't follow compliance frameworks, they are more capable than ever harnessing the power of AI to exploit the gaps between what regulations require and what actually damages your organization. The organizations that truly survive threats are the ones investing in continuous, AI-driven security, with compliance as a natural outcome. Give Ethiack a try and the get best of both worlds.

Broadvoice was tired of firefighting security risks across a massive, fast-moving cloud infrastructure. They faced three main problems: hidden shadow IT, outdated pentest snapshots, and overwhelming alert noise. Ethiack solved this by replacing guesswork with automated validation: #1 Problem: Volatile, hidden AWS resources ➡️ Solution: Continuous attack surface mapping. #2 Problem: Outdated snapshot testing ➡️ Solution: 24/7 event-driven testing. #3 Problem: Alert fatigue and noise ➡️ Solution: Hackian, our agentic AI pentester, actively exploits flaws to provide verified proof of what is actually dangerous. Broadvoice stopped chasing alerts and started fixing validated threats in real time. 👉 See how they did it: ethiack.com/news/case-stud…

The Verizon 2026 Data Breach Investigations Report highlights a massive shift in how environments are getting compromised. Credential abuse is down to 13%, but vulnerability exploitation has surged to 31%, officially making it the #1 initial access vector for breaches. While attackers are moving faster, defensive remediation is dropping behind: 🟢 Only 26% of critical vulnerabilities (listed in the CISA KEV catalog) were fully remediated in 2025, a steep drop from 38% the previous year. 🟢 On average, organizations faced 50% more critical vulnerabilities to patch compared to the prior year. 🟢 The median time to full resolution jumped to 43 days, adding nearly two weeks to an already dangerous window. When exploitation windows collapse, but remediation backlogs grow, traditional patching cycles become a massive liability. To bridge this gap, organizations must scale their defensive operations.  Deploying autonomous agents like Hackian can help security teams continuously validate exposure, prioritize what actually matters, and outpace threat velocity in real time.

AI in your SOC? Check. AI in your SIEM? Check. AI in your pentesting? If not, you're leaving your biggest blind spot undefended. Your SOC catches known threats. Your SIEM correlates logs. But who's testing your API authentication chains, exploiting privilege escalation paths, or chaining vulnerabilities into actual breaches?  Manual pentests miss 40% of exploitable flaws. Ethiack's Hackian executes real attack chains 24/7, not just vulnerability scanning. They understand context, business logic, and lateral movement. With continuous proof-of-concept, not theoretical risk scores. Don't keep your security stack incomplete. ethiack.com

Nobody cares about annual pentests anymore. AI-driven threats are multiplying daily. Agentic and continuous security is now your only real option.

Traditional scanners tell you what they found. Ethiack tells you what you're vulnerable to. We cover 200+ vulnerability classes (CWEs) including the complex, real-world flaws traditional tools miss. With Ethiack you're not just getting more coverage. You're getting smarter coverage. So your team spends less time triaging false positives and more time actually fixing security issues. ethiack.com

Think a relative redirect parameter is inherently safe just because it restricts full external URLs?👀 Think again. In our latest article, Ethiack Security Researcher, Rafael Castilho, reveals how subtle discrepancies between server-side handling and browser navigation behavior can be weaponized. By abusing how Google Chrome processes URL fragments (#) during validation loops, an attacker can intentionally trigger an ERR_TOO_MANY_REDIRECTS crash, leaving sensitive session tokens and OAuth callback secrets completely exposed inside the browser error page. Stop trusting "path-only" limits blindly. Learn how the breakdown happens and how to defend your application pipelines. 👉 Read the full article here: ethiack.com/news/research/…

Lisbon, see you tomorrow at @rootedcon! Let us know if you are attending.📩

Data breaches are becoming less costly and AI is leading the charge. According to IBM's 2025 Cost of a Data Breach Report, the average cost of a data breach dropped by 9% to $4.44 million from $4.88 million, marking a significant shift in how organizations defend themselves. This decline isn't coincidental. It's the direct result of AI-powered security tools enabling faster vulnerability detection and organizations rapidly adapting to this new reality. So the real question is: What's stopping you from joining them? Stop waiting for the next breach to force your hand. Ethiack gives you continuous visibility, autonomous testing, and only validated findings, all powered by AI agents that never sleep. Check us out 👇 ethiack.com

In our recent analysis, The State of Digital Exposure to Cybercrime of European Telecoms, we identified the three main challenges the industry is facing today: 1️⃣ Visibility gaps create undefendable attack surfaces. If security teams don't know what assets exist, they cannot protect them. This mirrors industry research showing 37% of enterprise attack surfaces are unknown, a foundational weakness that makes all other security investments less effective. 2️⃣ Traditional security approaches cannot match threat velocity. With Time-to-Exploit now approaching -1 days (meaning zero-days are exploited before patches exist) and CVE disclosures up 16% in 2025, annual or quarterly penetration tests are fundamentally inadequate. The attack surface changes faster than periodic assessments can capture. 3️⃣ Critical business assets face disproportionate risk. The assets most vital to operations, such as customer portals, network management systems, and administrative access, show security weaknesses that could result in business disruption, regulatory penalties, and reputational damage. Read the full report to learn the solutions to these problems👉ethiack.com/news/blog/digi…

Ethiack is heading to #RootedCON Portugal 2026 in Lisbon next week! Our team will be taking the stage to share new research and insights into the future of offensive security: 🟢 May 21: Our CTO, André Baptista (@0xacb), will be delivering a keynote on latest of hacking. 🟢 May 22: Martim Ribeiro (Security Researcher) will present: "From Chat to Agent: How Claude Code is Changing Offensive Security." We are looking forward to connecting with the community. 👉 If you are attending, let us know so we can connect

In our latest report, The State of Digital Exposure to Cybercrime of European Telecoms, we uncovered a growing threat: The connections you maintain with third parties and partners are actively increasing the risk of cyberattacks. We saw this recently with TalkTalk, where 2 million records were leaked after a criminal exploited a third-party tool. Terje Jensen, SVP and Head of Global Business Security at Telenor, sums up this complex reality perfectly: "We see insider threats, but both insider threats within ourselves as a Telecom, but also insider threats from Telecom partners." Read the full report to learn more👉 ethiack.com/news/blog/digi…