Top Cybersecurity Products Q1 2026

Unbound Governance Layer provides monitoring and governance capabilities for AI coding agents used in software development environments. The platform operates through OpenAI-compatible API keys that can be substituted into AI coding tools to provide visibility and control. The product offers discovery capabilities that identify AI coding tools, MCP (Model Context Protocol) servers, agents, sub-agents, and agent rules deployed across an organization. This discovery process can be orchestrated through Mobile Device Management systems. Monitoring features track terminal commands, MCP actions, and tool usage across users and applications. The platform identifies risky operations such as database modifications, system folder deletions, production environment changes, and cloud resource provisioning initiated by AI coding agents. The governance layer enforces policies by restricting usage to sanctioned AI coding tools, controlling MCP server access, and implementing best practices from internal centers of excellence. Organizations can configure sub-agents and agent rules at organization, team, and project levels. Additional capabilities include automatic error handling through request routing to alternative models during rate limits or downtime, usage analytics at user, team, and department levels, and identification of files frequently modified by AI agents. The platform includes data masking functionality and provides a customizable chat portal with access to multiple AI models.

Compare side-by-side

Build head-to-head comparisons of any two products.

TestSavant AI Security Assurance Platform provides security testing and protection for generative and agentic AI systems. The platform combines automated red-teaming capabilities with adaptive guardrails and compliance reporting. The red-teaming component runs automated security challenges using curated datasets, synthetic adversaries, and custom incident scenarios to identify vulnerabilities in AI workflows. Results from these tests can be converted into guardrails. The guardrail system offers inline protection with configurable scanner presets, policy-aware routing, and tool gates. Scanners can detect injection attacks, data leakage, bias, and safety issues. Guardrails can be customized by tenant, geography, or sensitivity level, with options to redact, cite, summarize, or block content based on policy decisions. The platform includes telemetry and decision trail logging designed for audit requirements including SOC 2, NIST AI RMF, and EU AI Act. Evidence packs can be generated with mapped controls and lineage documentation. Integration options include API, webhooks, and low-code nodes for connecting to CI/CD pipelines, agent orchestrators, and workflow tools. The platform supports deployment with customer-managed keys and VPC options. The system monitors attack findings, guardrail status, and compliance readiness through a unified dashboard. Guardrails update continuously based on emerging threats and policy changes.

Zscaler SPLX is a platform designed to secure AI systems throughout their lifecycle, from development to deployment. The platform was acquired by Zscaler to enhance enterprise AI security capabilities. The platform provides AI asset management functionality that automatically discovers models, AI workflows, MCP servers, and guardrails across an enterprise. It generates an AI Bill of Materials (AI-BOM) and identifies vulnerabilities while maintaining alignment with compliance frameworks. SPLX includes automated red teaming capabilities that continuously test AI systems for vulnerabilities using an extensive AI attack database and custom datasets. The platform offers runtime protection through input/output guardrails that detect malicious behavior, prevent prompt injections, and stop sensitive data leakage during live deployments. The platform features AI governance and compliance tools that automatically map AI systems to global and custom security standards, ensuring regulatory alignment. It provides dynamic remediation capabilities that convert red teaming insights into actionable system prompt hardening and remediation steps, reducing attack surfaces by up to 95%. Runtime threat inspection functionality detects jailbreaks, prompt injections, and malicious queries in near real-time by scanning LLM logs. The platform also stress-tests commercial and open-source LLMs to expose weaknesses and assist in model selection. SPLX developed Agentic Radar, an open-source SAST tool for agentic workflows that visualizes workflows, surfaces attack patterns and tool-level vulnerabilities, and provides hardening recommendations.

Checkmarx One Application Security Platform is a unified application security solution that combines multiple scanning engines and management capabilities into a single platform. The platform includes Static Application Security Testing (SAST) for custom code analysis, Software Composition Analysis (SCA) for open source dependency scanning, Dynamic Application Security Testing (DAST) for runtime vulnerability detection, Infrastructure as Code (IaC) security scanning, API security testing, container security, and secrets detection. The platform features Application Security Posture Management (ASPM) capabilities that correlate findings across different scanning engines to prioritize exploitable vulnerabilities and reduce false positives. It provides risk-based prioritization to help security teams focus on high-impact issues rather than managing large volumes of findings. Checkmarx One includes AI-powered remediation guidance through Checkmarx One Assist, which provides developers with context-aware fix suggestions directly in their IDE. The platform integrates security into developer workflows to enable early detection and remediation without requiring context switching. The solution offers visibility across the software development lifecycle from code to cloud, supporting multiple programming languages and frameworks. It provides centralized management for security findings, policy enforcement, and compliance reporting. The platform is designed to serve AppSec teams, developers, and security leadership with role-specific views and workflows.

Check Point CloudGuard WAF is a web application and API security solution that monitors HTTP/HTTPS traffic between web applications, APIs, and the internet. The product operates as a reverse proxy, inspecting data packets for destination, port, and protocol information to distinguish legitimate traffic from malicious requests. The solution uses machine learning and contextual AI for threat prevention against known and unknown threats, rather than relying solely on signature-based detection. It provides protection for both web applications and APIs with automated API discovery capabilities. CloudGuard WAF can be deployed in different configurations to match infrastructure requirements, including centralized deployments for hub-and-spoke models or distributed deployments for decentralized environments. The platform offers centralized management across multiple application deployments. The product includes configurable rulesets with both blacklisting and whitelisting approaches. Rule tuning can be performed through the dashboard or via PowerShell and CLI for maintaining custom configurations during updates. The solution generates logs and alerts that can be sent to external systems for centralized monitoring and analysis.

CloudDefense.AI QINA is a cloud-native application protection platform that integrates multiple security testing capabilities into a unified workflow. The platform combines static application security testing (SAST), dynamic application security testing (DAST), API security, software composition analysis (SCA), cloud security posture management (CSPM), cloud workload protection platform (CWPP), and cloud infrastructure entitlement management (CIEM). The platform uses AI-driven analysis to filter false positives and prioritize vulnerabilities based on reachability and exploitability. It provides security scanning that integrates into CI/CD pipelines with scan completion times under 60 seconds. The system performs source code analysis, runtime vulnerability scanning, open source component assessment, and cloud configuration monitoring. QINA includes two main components: QINA Clarity for vulnerability detection and analysis, and QINA Pulse, an AI assistant for security guidance and automation. The platform offers automated remediation suggestions, compliance reporting for frameworks including SOC2, ISO27001, GDPR, HIPAA, and CCPA, and supports container and Kubernetes security. The system provides data security capabilities including sensitive data discovery, classification, and encryption validation. It includes threat intelligence feeds, behavioral anomaly detection, and automated workflow orchestration for ticket creation and assignment across development and security teams.

Oneleet is a cybersecurity and compliance platform designed to help organizations achieve and maintain compliance certifications including SOC 2, ISO 27001, and HIPAA. The platform automates compliance workflows and security controls implementation, reducing the manual effort required for audit preparation and ongoing compliance maintenance. Oneleet provides continuous monitoring of security posture and compliance status, enabling companies to demonstrate their security practices to customers and auditors. The platform integrates with existing technology stacks to collect evidence automatically and track compliance requirements in real-time. Oneleet serves as a comprehensive solution for organizations seeking to streamline their compliance programs while strengthening their overall security posture. The company recently announced a $33M Series A funding round, indicating significant growth and market validation. The platform is particularly suited for startups and growth-stage companies that need to establish compliance frameworks efficiently without dedicating extensive internal resources to manual compliance processes.

Greenbone Web App Scanning is a managed security service that performs black box testing of web applications to identify vulnerabilities and security risks. The service is delivered as a full-service offering where Greenbone experts conduct the security assessments on behalf of clients. The service tests for all OWASP Top 10 vulnerabilities including broken access control, cryptographic failures, injection attacks (SQL, XSS, command injection), insecure design, security misconfigurations, vulnerable and outdated components, authentication failures, software and data integrity failures, security logging and monitoring failures, and server-side request forgery (SSRF). Testing includes manual validation of findings and proof-of-concept demonstrations for identified vulnerabilities. The service supports modern web applications including single-page applications. Testing is conducted using a black box approach, meaning testers have no knowledge of the application's internal architecture or source code, simulating the perspective of an external attacker. The service is updated daily with the latest security information. Clients receive detailed reports on their security status with prioritized findings and actionable recommendations for remediation. The service includes optional software composition analysis integration for checking known CVEs in components. Greenbone is ISO 27001/9001 certified and GDPR compliant.

PII Crawler is a locally-run PII scanner that identifies Personally Identifiable Information across various file types and databases. The tool scans for PII including social security numbers, names, addresses, email addresses, city, state, and zip codes. It can detect PII embedded in images within PDFs, Word documents, Excel spreadsheets, CSV files, and databases. The scanner uses NER/FSM and AI techniques to minimize false positives. The tool operates air-gapped and runs locally without transmitting data outside the network during file scanning. For database scanning, it connects to the target database and samples data in memory on the local machine. PII Crawler provides a web interface for browsing results and supports CSV export of findings. Designed to support compliance with GDPR and CCPA regulations, the tool helps organizations identify where PII is stored and assess security posture. It can be used for continuous scanning of laptops, shared drives, and databases to detect accidentally exposed PII. The scanner is particularly useful for incident response scenarios where organizations need to identify leaked PII and determine reporting requirements by state or country. PII Crawler is available as standalone binaries for macOS, Windows, and Linux with no server setup or dependencies required. The pricing model is a one-time payment with unlimited users and machines.

Red Hand Analyzer is an online PCAP (Packet Capture) file analysis tool that provides automated security analysis of network traffic data. The tool performs behavioral analysis to identify network patterns associated with malicious activities, focusing on techniques used for breaches, reconnaissance, remote malware control, and data theft rather than relying solely on signature-based detection. The analyzer integrates threat intelligence capabilities by checking IP addresses and domains found in PCAP files, including those within DNS requests, against a database of known malicious addresses. It maintains data privacy by analyzing network traffic without decrypting packet contents, ensuring sensitive data remains secure during the analysis process. Key features include automated behavior analysis models that detect professional hacking techniques often missed by traditional signature-based engines, comprehensive threat intelligence integration for IP and domain reputation checking, and privacy-preserving analysis that does not require decryption of network traffic. The tool accepts PCAP file uploads through a web interface and provides detailed analysis reports identifying potential security vulnerabilities and malicious activities within the captured network traffic. It supports analysis of standard PCAP and PcapNG file formats commonly generated by network monitoring tools across different operating systems.

AnySecura is an enterprise security platform that combines Data Loss Prevention (DLP), endpoint security, and user activity monitoring into a unified solution. Core capabilities include: - Data Loss Prevention: Monitors and blocks unauthorized data transfers via email, USB drives, cloud storage, and other channels to prevent data leakage. - Endpoint Device Control: Manages and restricts access to external devices such as USB drives, printers, and Bluetooth peripherals across desktops and laptops. - User Activity Monitoring: Tracks application usage, file operations, and online activity across endpoints to identify risky or anomalous user behavior. - Screen Recording & Audit: Captures screen activity and maintains audit logs for compliance and incident investigation purposes. - Document Encryption & Watermarking: Protects sensitive documents through encryption and applies watermarks for tracing and accountability. - Behavior Anomaly Detection: Analyzes user behavior patterns to detect deviations that may indicate insider threats or policy violations. - Network & Application Control: Controls access to websites and applications, and monitors network traffic for potential vulnerabilities. - Centralized Policy Management: Enforces security policies across all managed endpoints from a single administrative console, with compliance reporting. - IT Asset Management: Tracks hardware and software assets, monitors device and application usage, and supports remote patch management. - AI Workflow Data Protection: Monitors and restricts sensitive data exposure within AI and generative AI tool usage. The platform targets industries including finance, healthcare, education, and IT services, with compliance support for regulations such as GDPR and SOX.

Dark Web Exposure Test by ImmuniWeb is a free online service that allows organizations and individuals to check if their sensitive data has been exposed on the dark web. The tool scans dark web marketplaces, forums, and other hidden resources to identify leaked credentials, personal information, and other sensitive data associated with a specific domain or email address. When users submit their domain or email for scanning, the service searches through databases of known breaches and dark web sources to identify potential exposures. Results typically include information about: - Compromised email accounts and passwords - Data breach incidents affecting the domain - Exposed credentials on dark web forums and marketplaces - Potential corporate data leaks The service helps organizations understand their exposure risk and take appropriate remediation steps to secure compromised accounts, reset passwords, and improve their overall security posture. As a reconnaissance tool, it provides valuable threat intelligence that can be used as part of a broader security strategy to identify and address potential security vulnerabilities before they can be exploited by malicious actors.

Lepide Data Security Platform provides visibility and control across Active Directory, Entra ID, file servers, and Microsoft 365 environments from a single console. The platform monitors and audits changes, user activities, and configurations across directories and data stores. The solution includes real-time auditing and reporting capabilities that track events and changes across the environment. Reports are customizable, filterable, searchable, and sortable, providing information about who performed actions, what was changed, when it occurred, and where it happened. AI-based behavioral analysis learns normal user patterns and generates real-time alerts when threats are detected. Pre-defined threat models and workflows enable detection of threat symptoms and can trigger automated responses. The platform includes automated remediation capabilities for managing excessive permissions. Custom policies can be applied to files and folders to automatically revoke permissions when they are no longer required. Permissions analysis functionality provides visibility into current permissions and permission changes. Users can view effective permissions and identify excessive access across the environment. Real-time data classification discovers and classifies sensitive data at the point of creation across on-premises and cloud data stores. Persistent classification adds context to data security efforts. The platform supports both on-premises and cloud environments, providing unified security controls across hybrid infrastructures.

Virtru Email Encryption provides end-to-end encryption for email messages and attachments within Gmail and Microsoft Outlook environments. The solution integrates as a client-side plugin for both Gmail and Outlook desktop applications, as well as Microsoft 365, enabling users to encrypt emails with one-click functionality. The product includes granular access controls that allow senders to disable forwarding, set expiration dates, and revoke access to shared data after transmission. The Data Protection Gateway component operates server-side to automatically detect and encrypt sensitive data before it leaves the organization's perimeter based on configured DLP rules and policies. Virtru Private Keystore enables organizations to host their own encryption keys in their chosen location, providing data sovereignty and shielding sensitive information from cloud providers and third parties. The solution works with Google CSE for Workspace and Gmail. The platform provides audit trails that track where sensitive content is shared, who has accessed or forwarded emails, and includes SIEM integrations for threat remediation. The solution supports compliance requirements including HIPAA, FERPA, GDPR, CCPA, CMMC, ITAR, CJIS, GLBA, FTC Safeguards, and NIST standards. Virtru is FedRAMP-authorized and designed for cloud-native environments, protecting data as it moves through SaaS applications. The solution can protect email and files sent from any connected device, including scenarios where users have not installed the Virtru client.

Suped is an email deliverability and authentication platform that provides DMARC monitoring and management capabilities. The platform translates DMARC reports into actionable recommendations to help organizations protect their domains from spoofing attacks and improve email deliverability rates. The tool offers unified monitoring of email authentication protocols including DMARC, SPF, DKIM, MTA-STS, and BIMI implementation. It consolidates data from various email security and deliverability tools into a single dashboard for comprehensive visibility. Key features include: - DMARC report analysis and policy recommendations - Email deliverability testing and inbox placement monitoring - Domain and IP reputation tracking - Blocklist monitoring with real-time alerts - Spam complaint tracking and list health monitoring - Integration with major email service providers and marketing platforms The platform provides automated recommendations based on sending behavior patterns and delivers alerts within 5 seconds of issue detection. It supports integration with popular email infrastructure tools including Google Postmaster Tools, Outlook SNDS, Mailchimp, HubSpot, Salesforce Marketing Cloud, and others through direct connections and Zapier.

ImmuniWeb Discovery is an attack surface management platform that provides continuous monitoring of an organization's external digital assets and potential security threats. The platform offers automated discovery and classification of IT assets including domains, web applications, APIs, mobile applications, cloud resources, and network services. It monitors these assets for security vulnerabilities, misconfigurations, compliance issues, and privacy concerns. Key capabilities include: - Domain security monitoring: DNS misconfiguration detection, domain expiration tracking, and domain takeover monitoring - Web and API security: Discovery and security monitoring of web applications and APIs, including compliance and privacy checks - Mobile application security: Discovery and monitoring of mobile apps and their backends - Network and cloud infrastructure security: Detection of cloud resources, misconfigurations, and network service vulnerabilities - Digital threat protection: Dark web monitoring, cyber threat intelligence, phishing detection, and domain squatting monitoring - Third-party risk monitoring: Tracking of third parties that may expose or leak organizational data The solution operates without requiring on-premise agents or software installation, using OSINT methodologies and network reconnaissance to detect externally visible IT assets. It provides risk prioritization and classification to help organizations focus on the most critical threats. ImmuniWeb Discovery is designed to help organizations meet regulatory requirements including EU DORA, NIS 2, GDPR, HIPAA, PCI DSS, ISO 27001, and SOC 2.

Trapster Community is a low-interaction honeypot designed for internal network deployment. The tool operates by simulating network services to detect and monitor suspicious activities, utilizing Python's asyncio for non-blocking operations. Key functionalities include: - Service simulation for intrusion detection - Configurable service deployment through trapster.conf - HTTP honeypot engine with AI response capabilities - Website cloning functionality using YAML configuration - Multiple logging options including file-based and API-based logging - Docker deployment support - Customizable logging formats for connection, data, login, and query events The system supports various deployment methods including manual installation, system service configuration, and containerized deployment through Docker.

ObserveID IGA (Identity Governance and Automation) is an identity governance and administration platform designed to help organizations manage user access, enforce compliance, and automate certification workflows. Key capabilities include: **Automated Certifications:** AI-driven access review processes covering managers, application owners, and role owners, reducing manual effort in certification campaigns. **Granular Access Reviews:** Enables certification of entitlements broken down by role, team, and application, providing fine-grained visibility into who has access to what. **Compliance Mapping:** Pre-aligned with established security frameworks including NIST, CIS, and CSA, supporting organizations in meeting regulatory and industry compliance requirements. **Instant Reports:** Provides audit-ready dashboards with custom filtering options to support internal and external audit processes. **Built-in Remediation:** Automatically revokes or adjusts access identified as risky, enabling a closed-loop governance process without manual intervention. **Policy Library:** Includes pre-defined governance rules that accelerate decision-making and reduce the time required to establish access policies. The platform is positioned to reduce access-related risks, streamline compliance efforts, and eliminate manual overhead associated with identity governance.

Interactive malware hunting service with live access to the heart of an incident, providing real-time interaction, network tracking, process monitoring, MITRE ATT&CK™ mapping, behavior graph, and more. Trusted by over 440,000 individual researchers, it offers an innovative cloud-based sandbox with full interactive access for in-depth analysis.

Safing Portmaster is an open-source application firewall that monitors and controls network traffic on Windows and Linux systems. The tool provides visibility into all network connections made by applications on a device, allowing users to identify and block unwanted connections. It features system-wide tracker blocking that extends beyond browser protection to all applications. Portmaster enables users to create custom filtering rules at both global and per-application levels. Users can completely block internet access for specific applications, filter connections based on geographical regions, or block peer-to-peer connections selectively. The application includes a monitoring dashboard that displays real-time network activity, showing which applications are connecting to which domains. This helps users detect potentially malicious connections and take appropriate action. Portmaster operates locally on the device and doesn't require cloud processing of network data. It's designed to enhance privacy by giving users control over their device's network communications. The software is available for Windows, Debian/Ubuntu, and Fedora operating systems.

CAI (Cybersecurity AI) is an open-source framework for building and deploying AI-powered security automation tools for offensive and defensive cybersecurity operations. The framework supports over 300 AI models from providers including OpenAI, Anthropic, DeepSeek, and Ollama, enabling users to create specialized AI agents for various security tasks. CAI includes built-in security tools for reconnaissance, exploitation, and privilege escalation activities. The system uses an agent-based architecture with modular design, allowing users to create specialized agents for different security functions such as vulnerability discovery, exploitation, and security assessment. The framework integrates with existing security tools and allows custom tool integration. CAI includes logging and tracing capabilities through Phoenix integration, providing detailed execution tracking for agents and their operations. The framework has been tested in various environments including HackTheBox CTFs, bug bounty programs, and real-world security assessments. The tool is designed for security professionals, researchers, ethical hackers, and organizations looking to enhance their security testing capabilities through AI automation. It supports multiple deployment scenarios and can be used for both research and professional security testing activities.

Whiteswan Platform is an identity-first security solution that consolidates identity management and access control using Zero Trust principles. The platform provides privileged access management for both endpoints and servers, implementing just-in-time access controls with time-bound permissions to reduce standing privileges. The platform includes Identity Threat Detection and Response (ITDR) capabilities that use analytics to detect and respond to identity-based attacks in real-time. It implements identity segmentation through micro-perimeters around users and devices to prevent lateral movement and unauthorized access across infrastructure. Whiteswan offers Zero Trust Network Access functionality that eliminates traditional VPN dependencies, enforcing identity-based policies for remote access. The platform supports passwordless authentication and implements least-privilege principles through granular access policies and automated approval workflows. The solution provides session monitoring and recording capabilities, along with detailed audit logs for compliance and visibility into access events. It integrates with existing IT infrastructure across on-premises, cloud, and hybrid environments. Apart from providing zero-trust PAM for human identities, the platform also secures AI agents and non-human identities/service accounts. Whiteswan has built a MCP gateway which gets deployed either on endpoints to secure Openclaw type of agentic access or as a gateway pattern to secure against inadvertent misuse of corporate tools. The platform is designed for enterprise use cases across financial services, healthcare, technology, manufacturing, and retail sectors, addressing requirements for regulatory compliance, data protection, and secure access management for employees, contractors, and vendors.

Securden Unified PAM is a privileged access management platform that provides centralized management of privileged accounts, credentials, and access across IT infrastructure. The solution offers discovery capabilities for privileged accounts on Windows, Linux, Mac systems, databases, and applications. The platform includes enterprise password management with automated rotation for administrator passwords, service accounts, and SSH keys. It manages shared administrative accounts with granular access controls and audit trails. The solution provides secure remote access through RDP, SSH, and SQL connections with session recording and playback capabilities. Endpoint Privilege Management (EPM) functionality removes local admin rights from endpoints while enabling just-in-time privilege elevation for specific applications and users. The platform enforces Zero Standing Privileges and granular application controls on workstations. Vendor Access Management (VPAM) provides zero trust remote access for third parties without requiring VPN, agents, or firewall modifications. All vendor sessions are recorded with complete audit trails. Additional capabilities include Self-Service Password Reset for Active Directory and Azure AD accounts, management of machine and AI identities including API keys and tokens, elimination of hard-coded credentials through APIs, and DevOps secrets management for CI/CD pipelines. The platform integrates with Active Directory for authentication and user management. It supports Cloud Infrastructure Entitlement Management (CIEM) for AWS environments, including discovery of privileged policies and permission management. The solution offers both on-premises and SaaS deployment options.

1Password Passkeys is a password management solution that supports passkey authentication technology. The product allows users to create, store, and manage passkeys as an alternative to traditional passwords. Passkeys consist of a public-private key pair where the public key is shared with websites and apps while the private key remains on user devices. The solution provides passkey synchronization across Mac, iOS, Windows, and Android devices. Users can sign in to accounts using biometric authentication or device PINs instead of typing passwords. The product includes Watchtower functionality that identifies existing accounts that can be upgraded to use passkeys. 1Password Passkeys supports secure sharing of passkeys through shared vaults for team members and family members, as well as temporary item sharing. Users can organize passkeys alongside passwords and other sensitive information within the same platform. The product offers the ability to unlock the 1Password account itself using a passkey, eliminating the need for an account password and Secret Key. This feature is available in public beta for new Individual accounts and coming soon for existing accounts. Passkeys created through 1Password include built-in multi-factor authentication and are resistant to phishing attacks since the private key never leaves user devices. Each passkey is unique to a specific website or application.

Burp Suite Professional is a comprehensive web application security testing platform designed for penetration testers and security professionals. The toolkit includes multiple integrated components for conducting thorough web application security assessments: - An intercepting proxy for capturing, inspecting, and modifying HTTP/HTTPS traffic - Advanced scanning capabilities for automated vulnerability detection - API security testing features with support for authenticated scanning - Intruder tool for customized attack payload testing - Extension support through BApp store with over 300 community-created plugins - Custom scripting capabilities via Bambdas and BChecks - Built-in reporting and logging functionality for documentation - Intelligence gathering and attack surface mapping tools - Integration capabilities with existing security tools and workflows The platform supports various testing methodologies including manual penetration testing, automated scanning, and API security assessment. It provides functionality for testing common web vulnerabilities such as XSS, SQL injection, CSRF, and SSRF. Burp Suite Professional includes features for both automated and manual testing approaches, allowing security professionals to combine systematic scanning with targeted manual assessment techniques.

DryRun Security AppSec Agents is a static application security testing tool that uses AI-driven contextual security analysis to review code changes in pull requests. The platform analyzes data flow across files and services to identify security vulnerabilities without relying on traditional pattern-matching or rule-based approaches. The tool performs contextual security analysis by examining real code context including data flow, architecture, and change history to assess risk in real time. This approach enables detection of logic flaws and authentication issues that pattern-matching scanners typically miss. The platform provides security feedback directly in pull requests with low false positive rates. DryRun Security supports multiple programming languages including Python, Ruby, TypeScript, JavaScript, Java, Golang, C#, C++, PHP, HTML, Elixir, Kotlin, Swift, and Scala. The tool integrates with source code management platforms and provides notifications through collaboration tools. The platform operates without requiring manual rule creation or maintenance, using AI to generate custom policy checks automatically. It analyzes code changes as developers work and provides near real-time security reviews. The tool is designed to reduce noise in security findings by reasoning about exploitability and impact rather than just pattern presence.

Heeler is an AI-native AppSec platform built for software engineers, enabling security to move at the speed of AI-generated code. From code scanning to guardrails and AI-powered remediation, Heeler replaces brittle, noisy tools with deterministic security automation that is explainable, verifiable, and safe to operate at scale. At the core of Heeler is ProductDNA, our context engine, that indexes and maps your entire software ecosystem—codebases, artifact registries, dependencies (first-party, direct, transitive, and bundled), teams, and deployed workloads. This deep, real-world context powers AI remediation agents that can debug and fix complex vulnerabilities end to end. Before making changes, Heeler performs deterministic analysis, detects breaking changes, apply validated fixes, and automatically verify that updates don’t introduce breaking changes. Developers receive production-ready pull requests with full context, validation results, and clear explanations. Heeler also helps teams prevent future security and tech debt by enforcing standards through configurable guardrails at the org, app, repo, or team level. Policies can run in observe, warn, or block mode, and developers can ask the agent to automatically update PRs to meet requirements. By incorporating runtime, business, and exploit context, Heeler prioritizes the small set of issues that truly matter—so teams focus on real risk instead of noise. Security fixes happen directly in existing developer workflows, with PR comments, tickets, and validated remediation handled automatically. Built-in analytics show impact across the organization, from issues found to fixes delivered.

Hacksplaining is a comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code. The platform covers every major security vulnerability, including the OWASP Top 10, and helps developers become security experts. With over 523,000 users and 500+ paying customers, Hacksplaining is a trusted resource for web development teams. The platform provides a unique approach to security training, allowing developers to hack real applications in the browser and then learn how to secure the code. This hands-on approach helps developers gain practical experience and expertise in security. Hacksplaining also offers enterprise licensing and helps organizations meet compliance goals, including PCI compliance.

Push Security Browser Extension is a browser-based security tool deployed as an extension that provides security teams with visibility, detection, and response capabilities for threats occurring within browser sessions. The extension operates directly in the browser to capture page structure, user behavior, and attacker actions — information not visible to network-layer tools such as SSE, SWG, or CASB proxies. It is deployed via MDM to managed endpoints and integrates with existing IdP and SIEM platforms. Key capabilities include: - Real-time detection of phishing kits, cloned login pages, and malicious scripts by inspecting page content and structure - Detection of token theft, session hijacking, and credential misuse as activity occurs in the browser - Construction of user/session timelines capturing page loads, click paths, credential use, and token activity to support incident investigation - Discovery of shadow SaaS applications, unmanaged accounts, and duplicate logins across the organization - Identification and blocking of risky or malicious browser extensions - Detection of account takeover (ATO) via stolen credential and compromised token monitoring - Enforcement of security policy for missing MFA, password reuse, and non-SSO logins - Mapping and classification of AI applications used across the environment to enforce AI usage policies The extension is positioned as complementary to EDR, CNAPP, ITDR, and network security tools, covering the browser session layer that those tools do not inspect.

Fabric Platform is a cybersecurity reporting solution that aims to streamline and automate the report generation process. It offers: 1. A private-cloud platform for advanced cybersecurity reporting and collaboration. 2. An open-source command-line tool for reporting workflow automation. 3. A configuration language for creating reusable templates. 4. Integration with OpenAI's language models for content generation. 5. A collection of community-supported templates for various security use cases, including security operations, threat intelligence analysis, penetration testing, and certifications. The platform is designed to improve consistency in reporting, enhance collaboration among team members, and reduce threat response time through automation.

Perisai Web Scanner is an automated security scanning tool that analyzes websites for known vulnerabilities and security misconfigurations. The scanner examines web applications to identify vulnerable versions of JavaScript libraries and third-party open-source dependencies that could pose cybersecurity threats. It performs in-depth analysis of each file found on the website and assigns risk scores based on detected vulnerabilities. The tool evaluates security based on two core metrics: 1) Detection of vulnerable JavaScript library versions that pose potential security threats, and 2) Analysis of HTTP security headers to identify which headers are properly configured and which recommended headers are missing. The scanner provides a grading system with A+ being the highest achievable security score. The web scanner operates as an early warning system for website security, allowing organizations to identify and address security weaknesses before they can be exploited. It searches for software vulnerabilities, misconfigurations, and dependency issues across the entire website infrastructure. The tool is accessible through a web interface where users can input their domain (supporting both HTTP and HTTPS protocols) to initiate security checks.

AttackRuleMap (ARM) is a mapping tool that correlates open-source detection rules and atomic tests to help security teams understand detection coverage. The tool provides a comprehensive mapping between: - MITRE ATT&CK techniques and tactics - Atomic Red Team test cases - Sigma detection rules - Splunk detection rules Key capabilities include: - Mapping of atomic test cases to corresponding detection rules - Cross-referencing between different detection rule formats - Platform-specific detection coverage analysis - Identification of gaps in detection capabilities - Support for Windows, Linux and ESXi platforms The mapping data is organized in a tabular format containing: - Technique IDs - Atomic attack names and GUIDs - Platform information - Associated Sigma rules - Corresponding Splunk detection rules This correlation helps security teams: - Validate detection coverage against known attack techniques - Identify areas requiring additional detection rules - Plan and prioritize detection engineering efforts - Test detection capabilities using mapped atomic tests

OSINTLeak is a threat intelligence platform that monitors for compromised credentials, exposed infrastructure, and sensitive data leaks across surface, deep, and dark web sources. The platform provides search capabilities across multiple data fields including emails, usernames, phone numbers, domains, and IP addresses. The service offers 17+ search selectors for querying breach databases and exposed data sources. Users can conduct searches to identify leaked credentials, analyze domain WHOIS information, and perform IP intelligence lookups. The platform includes AI-powered reverse image search functionality for visual intelligence gathering. OSINTLeak provides real-time monitoring capabilities to detect when sensitive information appears in breach data or threat feeds. The platform continuously scans open sources, dark web forums, and exposed databases to identify data leaks before they can be exploited. Search results can be exported for analysis and integration with existing security workflows. The platform offers different service tiers with varying search limits, ranging from 20 daily searches in the free tier to 500 daily searches in paid plans. Enterprise plans include API access for automation, data monitoring and alerting capabilities, and support for multiple users and teams. The platform is designed for use by law enforcement agencies, government CERT teams, and enterprise security and threat intelligence teams conducting investigations, security assessments, and digital footprint analysis.

RoboShadow is a UK-based, NCSC for Startups backed vulnerability assessment platform that performs daily internal and external security scans for organizations. The platform includes an External Scanner that monitors IP addresses and websites for vulnerable ports, CVEs, and website vulnerabilities, with automated daily scanning and email reporting. The LAN Scanner performs device discovery and vulnerability assessment across local network subnets to identify vulnerable IoT devices, network equipment, and assess network segmentation. The Cyber Heal AutoFix functionality automatically remediates identified vulnerabilities by updating over 7,000 applications from the Microsoft Winget Repository, uninstalling insecure applications, updating firewall and anti-ransomware settings, and modifying security benchmark configurations. The platform monitors device vulnerabilities, antivirus status, OS updates, encryption status, hardware information, and software patching. RoboShadow provides security benchmark management for configuration hardening and integrates with multiple antivirus solutions for centralized management. The platform syncs with Microsoft 365, Intune, and Windows Defender to pull MFA authentication data, device insights, and vulnerability information. Compliance reporting is available through customizable PDF reports, CSV exports, and API access. The platform can log remediation failures to PSA and ticketing systems for follow-up.

Alkira Zero Trust Network Access (ZTNA) is a cloud-native solution that provides dynamic, identity-based access to networks, applications, and resources. Unlike traditional ZTNA solutions that focus solely on user-to-app connections, Alkira provides a unified zero-trust security exchange for app-to-app, user-to-app, and user-to-internet communications. The platform enables secure workforce access from anywhere with continuous identity and posture verification, protects internal application communications with granular Zero Trust policies to prevent unauthorized lateral movement, and enforces Zero Trust principles for internet-bound traffic. It extends consistent security policies across cloud and on-premises environments without complex configurations, supporting hybrid and multi-cloud connectivity. The solution provides adaptive security that continuously authenticates and authorizes users based on real-time user behavior, location, and device health. It implements least privilege access by granting only the minimum necessary permissions to applications and users, and offers centralized management for monitoring, troubleshooting, and enforcing policies. The platform consolidates network and security functions to deliver zero-trust security without compromising network performance and efficiency, while helping organizations adhere to regulatory requirements like GDPR, HIPAA, and PCI.