We model your environment. Then we hack it.

CYBRET AI is the autonomous security lab. Reasoning engine for security: exposure intelligence, validation, runtime detection — one platform, one graph.

Products · Research · Pricing · Contact · Trust

JavaScript is required for the full CYBRET AI experience.

Trust Center

Built by people who
read other people's audits.

Security tooling earns the right to ingest your most sensitive telemetry. We treat that bar as the floor, not a marketing line. Below: every certification, every architectural decision, every document available on request, in one place.

SOC 2 — audit underwayISO 27001 — Stage 2 scheduledGDPR DPA availablePen-tested quarterlyBug bounty live

Posture

Architecture choices,
made out loud.

Data handling

◇Metadata-only by default, no source code or PII leaves your tenant unless you opt in.
◇BYOK & customer-managed keys on Enterprise.
◇Single-tenant, BYO-VPC, and air-gapped deployment options.

Identity & access

◇SSO via SAML / OIDC. SCIM provisioning. MFA required for all staff.
◇Read-only by default on every connector. Write actions require an explicit, signed scope contract.
◇Quarterly access reviews, public summary in the audit pack.

Operational security

◇Production access via short-lived, JIT credentials. No standing prod creds.
◇Continuous validation of our own platform, yes, we eat the dog food.
◇Disclosed bug bounty via HackerOne since 2025-Q4.

Resilience

◇99.95% uptime SLA on Enterprise · 99.9% on Pro.
◇Multi-region active-active in US-East, EU-Central, and AP-Southeast.
◇Quarterly DR drills with public post-mortems for any incident > Sev-3.

Compliance

Frameworks, status,
and the receipts.

Request audit pack

Framework

Status

Notes

SOC 2 Type II

In Progress

AICPA audit underway · report available post-attestation

ISO 27001

In Progress

Stage-2 audit scheduled · management system in place

GDPR

In Progress

Article 28 DPA · EU SCCs · data residency controls rolling out

Documents

The audit pack, at a glance.

SOC 2 Type II Report

12 pages · NDA required

Penetration Test Summary · 2026 H1

8 pages · third-party

Architecture & Data Flow Diagram

4 pages · public

Sub-processors List

Updated monthly

Data Processing Agreement (DPA)

Article 28 GDPR

Standard Contractual Clauses (EU)

Vulnerability Disclosure Policy

Public · HackerOne

Incident Response Playbook (summary)

Public · 6 pages

NDA-gated artifacts ship within 24 business hours of a request to trust@cybret.ai.

Sub-processors

Everyone who could,
theoretically, see your data.

Last updated · 2026-02-14

Vendor

Purpose

Region

AWS

Cloud infrastructure

us-east-1, eu-central-1, ap-southeast-2

Cloudflare

Edge, WAF, DDoS

Global · enterprise

Okta

Workforce identity

us-west-2

Datadog

Internal observability

us1.datadoghq.com

HubSpot

CRM · marketing only

us-east

Stripe

Billing & invoicing

us-west

Linear

Internal eng tracking

us-east

Start today

Connect a repo.
See your first proven path.

Read access. 30 minutes. No credit card.

Book a Demo Talk to sales