Our journey, in the open

Origin Story

Year by year, 2019 onward — from CyberGraph prototype and modular scanner toolchain to the platform today.

1. 2019

   Origins — CyberGraph

   • CyberGraph prototype linking assets, vulnerabilities and vendors in one graph
   • Born from hands-on penetration testing and vCISO practice
2. 2020

   Pivot & practice

   • Focused on penetration-testing services and threat intelligence
   • Sharpened the continuous attack-surface approach
3. 2021

   CISO360 Beta

   • First MVP — vulnerability assessments, pentests and vCISO GRC
   • Validated with select partners
4. 2022

   Research & experimentation

   • Early automation experiments and academic collaboration
   • A self-funded research platform — proving the approach by hand
5. 2023

   Modular toolchain + PRO

   • Published the original CISO360.AI — attack-surface management, dark-web identity checks, NIST CSF, gamification
   • Modular containerised scanner toolchain — web, network, IP and host recon
   • PRO orchestration — vulnerability management, third-party/vendor assessments, internal network scanning
6. 2024

   Ideas & R&D

   • Aspirational concepts for an autonomous vCISO — research and design that shaped today's AI-native platform

What we have shipped

1. Jun 2025

   Foundation

   • Platform scaffold + OIDC sign-in
   • Multi-tenant architecture — every tenant isolated from day one
   • First B2B demo organisations provisioned
2. Jul – Aug 2025

   Scanning & orchestration

   • Attack-surface scan engine wired into the platform
   • Durable workflow engine for scheduled, long-running jobs
   • Cloud infrastructure as code
3. Sep – Oct 2025

   Billing & vulnerability pipeline

   • Subscription billing and plan tiers
   • End-to-end events → vulnerabilities → findings pipeline
   • Model Context Protocol foundation — the genesis of the AI Sidekick
4. Nov 2025 – Jan 2026

   Architecture & redesign

   • Platform re-architecture and design refresh
   • AI model experimentation across providers
   • Hardening the foundations for the next build phase
5. Feb 2026

   Unification & SSO

   • Migration to a single monorepo with full history
   • SSO sign-in + account linking
   • Real-data dashboards with time-bucketed analytics
6. Mar 2026

   Graph data model

   • OCSF-aligned asset / event / finding taxonomy
   • Graph-edge relationships between any entities
   • Discovery provenance persisted in the graph
7. Apr 2026

   Security hardening

   • Identity & access hardening across the platform
   • Parameterised query layer — injection-prevention across every service
   • Live discovery dashboard with real-time scan streaming
8. Apr – May 2026

   AI Sidekick & compliance

   • AI Sidekick with approval-gated tools and chat
   • 15+ seeded compliance frameworks (NIST CSF, ISO 27001, SOC 2, HIPAA, GDPR…)
   • Vulnerability triage with sticky verdicts that survive re-scans
9. May 2026

   Evidence & assurance

   • Penetration and security testing
   • Evidence data plane with secure presigned uploads
   • Manual evidence attachment and posture views
   • Per-tenant AI usage quotas and top-ups
10. Jun 2026

    GRC programme loop

    Just shipped
    • AI onboarding wizard + control ↔ requirement mapping
    • Compliance report renderer with executive summary
    • AI-driven risk register — gaps derive risks, residual scoring, control linkage
    • Onboarding-seeded GRC roadmap — your prioritised plan from minute one

See how features map to plans