One chain from report to hardened resilience. Instead of scattered alerts — a single joined-up process: evidence, classification, risk, playbook, action, validation, report. Built for the security teams of banks and essential entities (NIS2 / national cybersecurity law).
The portal never raises an alarm without backing. Every incident carries an evidence status, and every closure requires proof of remediation. This is a GRC/SOC console, not a rumour board of threats.
The system carries one currency of trust: evidence. An alert without evidence is a hypothesis (status GAP), not a fact. Every factual statement is bound to an evidence status, and no incident is closed without proof of repair. This is the rule that separates a GRC console from a fear board. See the full doctrine on Evidence-first.
The system does not artificially split "cyber" from "AI" — it treats AI incidents as a first-class class of security events, with their own legal flags and playbooks.
Phishing, ransomware, DDoS, malware, vulnerabilities (CVE), credential theft, supply chain, misconfiguration.
Prompt injection, agent hijack, data poisoning, model extraction, consequential hallucination, spoofed agent identity, missing human-in-the-loop oversight.
AI Act (art. 73 — serious incident), NIS2 (24h / 72h / final report), national cybersecurity law, GDPR (art. 33/34). Automatic reporting-duty flags.
Backup, DR, "Point Zero", network segmentation, PQC (post-quantum cryptography). Closing the loop: incident → strengthened resilience.
Registration of reports: form, OSINT, SIEM log, CERT bulletin. Assigns a public_id and an intake status.
Evidence layer: URL, screenshot, SHA-256 hash, log, IoC, CVE, chain of custody. Confidence level 0–100.
Type, level (L1–L4), severity, legal flags, priority P0–P3. Deterministic rules + analyst verification.
Visualisation of incidents over time and sectoral space. Cyber Map and AI Risk Map.
Playbook selection by type and priority. Response steps, validation criteria, human-in-the-loop for P0/P1.
Mapping to duties: AI Act, NIS2, national cybersecurity law, GDPR. Reporting clocks, export of the report to the authority.
The values below are demonstration data — they illustrate the console format, not the state of any real infrastructure.
Essential entities under NIS2 / national law. Mapping incidents to DORA-adjacent duties, 24h/72h clocks, final report. An audit trail for the financial supervisor and national CSIRT.
Intake → classification → playbook in one chain. P0–P3 priorities with SLA. A Response Board as the duty console.
A Legal Board with reporting-duty flags. Evidence-first as the basis of credibility before the supervisory authority (GDPR art. 33/34, AI Act art. 73).
Coders, red/blue teams and researchers worldwide. Methodology-level attack/defense modelling (MITRE ATT&CK, kill chain, PTES, OWASP) — proof over spectacle.
The doctrine applies to our own claims too. We label maturity honestly:
| Claim | Status | What it really means |
|---|---|---|
| Roster of ~50,000 specialists | DATA | Modeled roster in a ledger (52,549 records) — data, not live agents. |
| Executable swarm running | LIVE | Real infrastructure: ~16 parallel / up to 1000 per workflow. Swarm ≠ registry. |
| ~50 partner pentesters (instytucji finansowej) | PLANNED | Anonymous, invited; confirmed only after a signed RoE. No bank name until then. |
| 5k/10k agents per cycle, 15× metaGO | ROADMAP | Orchestration doctrine, not current state. |