No tracking. No cookie wall.·100 % EU-hosted on Hetzner
Sector · Security

IT & cloud security

Threat modelling, product-security law, and live vulnerability context — every finding cited to its source.

Ansvar is a gateway for the AI assistant your team already uses — Claude, Microsoft Copilot, any MCP client. Connect it, and every answer below comes back cited to the provision or marked unresolved.

STRIDEthreat models, source-grounded
CRA · NIS2product-security law, article-level
LiveCVE · CISA KEV · EPSS

Security is where Ansvar runs deepest: STRIDE threat models grounded in OWASP, ATT&CK and CAPEC; the Cyber Resilience Act and NIS2 at article level; control mappings across ISO 27001 Annex A, NIST CSF/800-53 and CIS; and live CVE / CISA KEV / EPSS context for effective-risk decisions. Ask the requirement, get the source; then run the threat model or gap analysis that turns it into evidence.

what we cover

The law and standards we ground on

Regulation

Cyber Resilience Act (Reg (EU) 2024/2847)

Regulation

NIS2 (Dir (EU) 2022/2555)

Regulation

GDPR Art. 32 — security of processing

Standard

Control mapping: OWASP ASVS · NIST CSF/800-53 · ISO 27001 Annex A · CIS · MITRE ATT&CK

requirement mapping + cross-references, not the standard text

Standard

MITRE ATT&CK · CAPEC · CWE · D3FEND

threat & weakness catalogs, cited per technique; CAPEC / CWE / D3FEND on paid tiers

Guidance

CVE · CISA KEV · EPSS — live vulnerability context

for effective-risk rescoring; not a scanner

what you can do

Workflows that turn it into evidence

STRIDE threat model

over your architecture or data-flow diagram, each threat cited to OWASP / ATT&CK / CAPEC patterns

Effective-risk CVE rescoring

re-rank the findings your scanners already produced with CISA KEV, EPSS and NVD context — reproducible and cited, never exploit code

NIS2 gap analysis & ISO 27001 control mapping

Art. 21 measures mapped to the controls you already run

CRA readiness gap analysis

essential requirements (Annex I) for products with digital elements

Document review, paragraph-cited

security policies, ISO 27001 evidence and vendor questionnaires, each finding anchored to a doc:// segment

assembledPremium

Security research as cited answers

free single-jurisdiction search; premium adds CAPEC / CWE / D3FEND and the IETF security RFCs

Workflows run on Team and Company. Free & Premium run the same corpora as cited research inside your own AI client.

Questions buyers ask first

Is this a vulnerability scanner or a SIEM?
No. Ansvar grounds decisions — it re-scores the vulnerabilities your scanners already found (CISA KEV, EPSS, NVD), maps controls, and produces cited threat models and gap registers. It never runs exploit code and never watches your network.
Do you serve the ISO 27001 text?
The control mapping cross-references ISO 27001 Annex A without reproducing the standard. A licensed ISO 27001/27002 module — the standard text itself, cited rather than paraphrased — is live as an add-on; see /standards.

Run it against your own systems

Connect the AI client you already use and ask your first cited question — Free, Premium and Team are self-serve.

Building security compliance? It works today — we take on a few design partners per sector to fine-tune it to your team.