A verified threat model of your system — in 1–2 weeks, from €2,000 fixed price.
Send us your architecture. An AI agent runs a full STRIDE pass against live MITRE ATT&CK, CWE and OWASP LLM Top 10 data; OSCP-, CISSP- and AI-red-team reviewers verify every finding by hand — not a sample. You get a scored, regulation-mapped threat register in PDF, JSON and CSV.
Fixed price · money-back guarantee · scope confirmed in writing before any work starts · we say no if we're not a fit.
The deadlines are already live.
NIS2 is transposed, DORA is in force, the CRA's security requirements land in 2026–2027, and EU AI Act Article 9 risk-management applies to high-risk systems from 2 August 2026. Every finding maps to the obligation it triggers.
- In forceNIS2 risk-management measures (Art. 21), transposed
- In forceDORA ICT risk management (Art. 6), applies since Jan 2025
- Aug 2026EU AI Act Art. 9 risk management for high-risk systems
- 2026–2027Cyber Resilience Act security requirements (Annex I)
Send it, we model it, experts verify it
Four stages from your documents to a verified, regulation-mapped threat register.
You send the system, we scope it together
Share your architecture, data flows, components, and trust boundaries through a secure, EU-hosted upload, then we run an included one-hour scoping call to confirm we have the right information and understand how your system really works. A short checklist tells you what to prepare; missing context is flagged, never guessed.
- Included one-hour scoping call — right information, system understood
- Secure EU-hosted document upload
- Clear minimum and recommended checklist
- Scope confirmed in writing before work starts
A real register row, not a template.
Below is one finding exactly as it ships — scored, mitigated, cited to ATT&CK/CWE/OWASP, and mapped to the article it triggers.
STRIDE was built for monolithic services. We extend Tampering to prompt injection, Elevation of privilege to tool-permission escalation, and Information disclosure to context-window leakage. The model halts on an incomplete data-flow diagram rather than guessing.
- Prompt injection via customer message overrides system instructionsTamperingHigh (Likely)Input/output guardrail + privileged-instruction isolationOWASP LLM01CWE-77EU AI Act Art. 15verified
- Agent calls refund tool beyond intended scope (tool-permission escalation)Elevation of privilegeCritical (Possible)Per-tool RBAC, deny-by-default + human-in-loop on financial actionsATT&CK T1548CWE-269DORA Art. 6verified
- Context-window leakage exposes another tenant's PIIInformation disclosureHigh (Possible)Per-request context isolation + retrieval scopingCWE-200NIS2 Art. 21; GDPR Art. 32flagged —
regulatory_basis_unresolved
A fictional system, run through the same STRIDE walk a real engagement uses. The technique, CWE, and article identifiers are real; only the company and system are invented.
Every threat and mitigation is tagged to the standards and frameworks your team already uses — STRIDE, MITRE ATT&CK, CWE, OWASP and NIST. Your engineers triage, ticket, and fix each finding with references they know, not a one-off taxonomy they have to learn first.
Fixed scope, fixed price — from €2,000 to €8,000.
Fixed scope, fixed price — and every engagement includes a one-hour scoping call. Prices shown excl. VAT; VAT is added at checkout from your billing country.
1 app · 3–5 components · 1 trust zone.
- STRIDE walk over one application
- Threat table with mitigations
- Expert-verified delivery
- PDF, JSON and CSV export
- Remediation implementation
- Penetration testing
2–4 systems · up to ~12 components · 2–3 trust zones.
- Full enrichment (ATT&CK / CWE / OWASP LLM)
- Regulatory mapping per finding
- Expert-verified delivery and walkthrough
- PDF, JSON and CSV export
- Remediation implementation
- Penetration testing
5+ systems · 15+ components · 4+ trust zones.
- Cross-system data-flow and trust-boundary mapping
- Full enrichment + regulatory mapping per finding
- Prioritised remediation roadmap with effort estimates
- Expert-verified delivery and walkthrough
- Remediation implementation
- Penetration testing
Need a custom framework (LINDDUN, ISO 21434)?
Fixed price · money-back guarantee · scope confirmed in writing before any work starts · we say no if we're not a fit.
The questions buyers ask first
NDA, turnaround, who writes it, and what happens if you're not satisfied.
What to prepare
The more you share, the deeper the model. Here is the minimum to begin and what makes it sharper.
A mutual NDA is signed before you upload anything. Documents are EU-hosted, limited to your named review team, deleted within 30 days of delivery, and never used to train any model.
Minimum documentation
- System or architecture overview
- Component list
- Data-flow description
- Technology stack
- Authentication model
- Deployment environment
- Data classification and sensitivity
Recommended documentation
- Architecture diagrams
- Existing data-flow diagrams
- Third-party integrations and APIs
- Network topology
- Prior assessments or threat intel
- Compliance scope (AI Act / NIS2 / DORA / CRA)
- A named contact for the walkthrough
Book a threat model
Pick a tier and start within two working days, or send your system for a fixed-price scope in one. Scope is confirmed in writing before any work begins — and we say no if we're not the right fit.
Fixed price · money-back guarantee · scope confirmed in writing before any work starts · we say no if we're not a fit.