Transparent — and right-sized for your mandate.

Detection, triage and expert response — AI-native. We operate the SOC layer on top of your SIEM or our stack. Agents triage, analysts decide.

• 24/7 monitoring · AI-driven
• Human-in-the-loop for any production-critical action
• Audit trail in your instance
• Monthly SOC report for board & oversight

Servers, endpoints, identity — operated by an agent fleet under the eye of a few experts. Patch rollouts, account lifecycle, asset inventory.

• Endpoint patching with auto-rollback
• Identity lifecycle (M365, Entra, Google)
• AI-front-line service desk
• Documented escalation paths

Incident response, DR plans, documented runbooks. We build the runbooks together, then the agent fleet executes them.

• Runbook library mapped to your systems
• Semi-annual DR tests with report
• On-call crisis communication
• Emergency escalation to a senior engineer

Strategy and reporting to board and oversight. An experienced CISO as part of your team — without the headcount.

• Quarterly board reports
• ISMS support (ISO 27001, BSI)
• Audit preparation (DORA, NIS2)
• Vendor security reviews

The operating system for your agent fleet. Async message bus, observability, multi-tenant, fully audited.

• Own platform instance (multi-tenant or dedicated)
• Up to 5 agent roles in production
• Full audit trail · logs stay with you
• Optional clone hand-over as VM (surcharge)

Guardrails, budgets, filters, audit — in front of every model. Safe bridge to public LLMs (GPT, Claude, Gemini) or your own.

• Pre/post filters (PII, secrets, policy)
• Token budgets per team / use-case
• Full audit log
• Routing between models (EU/DE/local)

Agents that connect to your business systems — ERP, CRM, M365, ticketing, file systems. Integrated into operations, not in a sandbox.

• One defined use-case (e.g. ticket triage)
• Connection to two business systems
• Human-in-the-loop for writes
• Audit on every action

Autonomous agents on your clients (Windows · macOS · Linux). Local routines, audited remote actions, active even without an open session.

• Self-healing for common problems
• Answer standard requests
• Patch pre-flight checks
• Centralised action audit

Self-service vulnerability scanning and prioritisation. CVE feeds consolidated, contextualised and scored — before you patch.

• Asset inventory with CVE match
• Risk score by business context
• Automated patch order
• Weekly report for ops lead

Zero-trust network access for hybrid teams. Device binding, identity integration, granular policy — without the classic VPN pain.

• ZTNA gateway in EU or DE
• Per-device posture check
• App-level policy instead of network tunnels
• Audit per connection

Web content filtering and protection from malicious sites. Categorisation, opt-in SSL inspection, DLP pre-hooks.

• Categorised filtering (40+ categories)
• Daily threat feeds
• Optional SSL inspection
• Reports for DPO

Phishing, spoofing and malware protection for e-mail. SPF/DKIM/DMARC guidance included.

• Anti-phishing with AI scoring
• Spoofing protection (DMARC enforce)
• External-sender banner
• User reporting workflow

A verified security baseline in 90 days. We bring mail, endpoint, identity and patching to a documented state — with a hand-over report.

• Discovery + gap report in week 1
• Quick wins within the first 30 days
• Identity & endpoint hardening
• Closing report for audit & oversight