Ethiack

Universidade do Porto managed a massive, dynamic digital footprint. Keeping up with shadow IT across a sprawling academic landscape meant dealing with three core problems: hidden assets, outdated annual pentests, and overwhelming vulnerability noise. We solved this by helping Head of InfoSec José Augusto Silva bring 1,000 critical assets under continuous validation within 7 months: Hidden Assets ➡️ Continuous Mapping: Instantly brought blind spots across 5,000 assets into plain view. Annual Snapshots ➡️ 24/7 Security: Replaced slow, periodic testing with continuous, automated assessments. Alert Noise ➡️ Validated Proof: Our agentic AI pentester, Hackian, actively exploits flaws to prove what is actually dangerous, prioritizing real risk. U.Porto stopped hunting for blind spots and started fixing validated threats in real time

You can't protect what you can't see. This is the harsh reality for European businesses right now. One in eight faces a cyberattack annually with large enterprises carrying the highest risk, often completely blind to where the threat is originating. According to reports by Censys, somewhere between 40% to 60% of an organization's attack surface is completely unknown.  True resilience requires shifting away from guesswork and moving toward continuous, autonomous discovery, we can help with that

Organizations that prioritize compliance over security often discover they are losing both. Attackers don't follow compliance frameworks, they are more capable than ever harnessing the power of AI to exploit the gaps between what regulations require and what actually damages your organization. The organizations that truly survive threats are the ones investing in continuous, AI-driven security, with compliance as a natural outcome. Give Ethiack a try and the get best of both worlds.

Broadvoice was tired of firefighting security risks across a massive, fast-moving cloud infrastructure. They faced three main problems: hidden shadow IT, outdated pentest snapshots, and overwhelming alert noise. Ethiack solved this by replacing guesswork with automated validation: #1 Problem: Volatile, hidden AWS resources ➡️ Solution: Continuous attack surface mapping. #2 Problem: Outdated snapshot testing ➡️ Solution: 24/7 event-driven testing. #3 Problem: Alert fatigue and noise ➡️ Solution: Hackian, our agentic AI pentester, actively exploits flaws to provide verified proof of what is actually dangerous. Broadvoice stopped chasing alerts and started fixing validated threats in real time. 👉 See how they did it: https://t.co/86va0Q3tlP

The Verizon 2026 Data Breach Investigations Report highlights a massive shift in how environments are getting compromised. Credential abuse is down to 13%, but vulnerability exploitation has surged to 31%, officially making it the #1 initial access vector for breaches. While attackers are moving faster, defensive remediation is dropping behind: 🟢 Only 26% of critical vulnerabilities (listed in the CISA KEV catalog) were fully remediated in 2025, a steep drop from 38% the previous year. 🟢 On average, organizations faced 50% more critical vulnerabilities to patch compared to the prior year. 🟢 The median time to full resolution jumped to 43 days, adding nearly two weeks to an already dangerous window. When exploitation windows collapse, but remediation backlogs grow, traditional patching cycles become a massive liability. To bridge this gap, organizations must scale their defensive operations.  Deploying autonomous agents like Hackian can help security teams continuously validate exposure, prioritize what actually matters, and outpace threat velocity in real time.

AI in your SOC? Check. AI in your SIEM? Check. AI in your pentesting? If not, you're leaving your biggest blind spot undefended. Your SOC catches known threats. Your SIEM correlates logs. But who's testing your API authentication chains, exploiting privilege escalation paths, or chaining vulnerabilities into actual breaches?  Manual pentests miss 40% of exploitable flaws. Ethiack's Hackian executes real attack chains 24/7, not just vulnerability scanning. They understand context, business logic, and lateral movement. With continuous proof-of-concept, not theoretical risk scores. Don't keep your security stack incomplete. https://t.co/JPPJKjSzxM

Traditional scanners tell you what they found. Ethiack tells you what you're vulnerable to. We cover 200+ vulnerability classes (CWEs) including the complex, real-world flaws traditional tools miss. With Ethiack you're not just getting more coverage. You're getting smarter coverage. So your team spends less time triaging false positives and more time actually fixing security issues. https://t.co/JPPJKjSzxM

Think a relative redirect parameter is inherently safe just because it restricts full external URLs?👀 Think again. In our latest article, Ethiack Security Researcher, Rafael Castilho, reveals how subtle discrepancies between server-side handling and browser navigation behavior can be weaponized. By abusing how Google Chrome processes URL fragments (#) during validation loops, an attacker can intentionally trigger an ERR_TOO_MANY_REDIRECTS crash, leaving sensitive session tokens and OAuth callback secrets completely exposed inside the browser error page. Stop trusting "path-only" limits blindly. Learn how the breakdown happens and how to defend your application pipelines. 👉 Read the full article here: https://t.co/addjqoTHXx

Data breaches are becoming less costly and AI is leading the charge. According to IBM's 2025 Cost of a Data Breach Report, the average cost of a data breach dropped by 9% to $4.44 million from $4.88 million, marking a significant shift in how organizations defend themselves. This decline isn't coincidental. It's the direct result of AI-powered security tools enabling faster vulnerability detection and organizations rapidly adapting to this new reality. So the real question is: What's stopping you from joining them? Stop waiting for the next breach to force your hand. Ethiack gives you continuous visibility, autonomous testing, and only validated findings, all powered by AI agents that never sleep. Check us out 👇 https://t.co/AOOHBa3Ndj

In our recent analysis, The State of Digital Exposure to Cybercrime of European Telecoms, we identified the three main challenges the industry is facing today: 1️⃣ Visibility gaps create undefendable attack surfaces. If security teams don't know what assets exist, they cannot protect them. This mirrors industry research showing 37% of enterprise attack surfaces are unknown, a foundational weakness that makes all other security investments less effective. 2️⃣ Traditional security approaches cannot match threat velocity. With Time-to-Exploit now approaching -1 days (meaning zero-days are exploited before patches exist) and CVE disclosures up 16% in 2025, annual or quarterly penetration tests are fundamentally inadequate. The attack surface changes faster than periodic assessments can capture. 3️⃣ Critical business assets face disproportionate risk. The assets most vital to operations, such as customer portals, network management systems, and administrative access, show security weaknesses that could result in business disruption, regulatory penalties, and reputational damage. Read the full report to learn the solutions to these problems👉https://t.co/E99tlCCpy6

In our latest report, The State of Digital Exposure to Cybercrime of European Telecoms, we uncovered a growing threat: The connections you maintain with third parties and partners are actively increasing the risk of cyberattacks. We saw this recently with TalkTalk, where 2 million records were leaked after a criminal exploited a third-party tool. Terje Jensen, SVP and Head of Global Business Security at Telenor, sums up this complex reality perfectly: "We see insider threats, but both insider threats within ourselves as a Telecom, but also insider threats from Telecom partners." Read the full report to learn more👉 https://t.co/E99tlCCpy6

Your brand took 10 years to build but a breach could destroy it in minutes. The consequences go far beyond immediate financial loss. They can include lost customers, shattered trust, lost talent, and a drop in stock value. Reputation damage can compound rapidly, making recovery feel impossible. Prevention isn't optional. Your brand's survival depends on it. Our platform gives you continuous visibility into your vulnerabilities, so you can fix security gaps before attackers exploit them. Don't let a preventable breach undo a decade’s worth of dedication and effort. Safeguard your legacy today. https://t.co/JPPJKjSzxM

How exposed is the European Telecom sector to modern cybercrime? Our team analyzed 591 domains across the industry, uncovering a staggering 50,283 exposed digital assets. If you are a CISO, CTO, or CFO in the telecom space, our report provides the data you need to understand your true exposure to cybercrime, and how your security posture stacks up against the rest of the market. 👉 Read the full report here:👉 https://t.co/E99tlCCpy6

Research shows 72% of cybersecurity professionals say false alarms severely hinder productivity.  Hackian, our AI agent, eliminates that burden, continuously hunting and validating vulnerabilities and reporting only true positives. Experience a smarter, continuous, and more efficient way to enhance your security.