Findings are noise.
Decisions are the work.

Frequently asked questions.

• What is the difference between mindthehack and a vulnerability scanner? +

  A scanner produces a finding list. mindthehack produces a ranked plan. Every output is chained through a real attack path and tied to a named asset, so the next action is the action that actually closes a path, not the one that scores highest.

• Is the platform a replacement for manual penetration testing? +

  Not entirely. The platform handles continuous scale. Our manual engagements handle bespoke depth. The two are designed to feed each other: every manual finding teaches the Decision Engine, every Decision Engine output teaches the next manual engagement.

• How does the Decision Engine decide? +

  It weighs exploitability, attack-path criticality, asset value, and business impact for every validated exposure, then surfaces the single change that removes the most risk this week. The recommendation comes with its reasoning, so the team can audit the why.

• Where is our data hosted? +

  Entirely in the European Union. Our infrastructure is EU-hosted by default. Our trademark is EU-registered. Sovereignty is not a feature toggle. It is the default and the only option.

• Which regulators does mindthehack map to? +

  DORA for financial services, NIS2 for critical infrastructure, energy, telecom, and public sector, PCI DSS for payments and retail, GDPR across the board, and ISO 27001 for information-security management. Reporting is pre-formatted for regulator submission.

• How often does the platform run? +

  Continuously. The 27-day window between when a vulnerability is disclosed and when most teams detect it is the gap we close. The platform re-validates after every remediation, so the decision queue is always current.