CyberTwin
About CyberTwin

Why we built CyberTwin.

CyberTwin is the security decision engine: it reads your real configs, maps the attack paths they open, and proves which findings are real — across 24 frameworks.

What we won't compromise
  • (01)Commission-freeWe sell the engine output, never a vendor referral. No reseller cut, no sponsored ranking.
  • (02)DeterministicSame inputs, same output. A validator rejects any narrative that contradicts the math.
  • (03)Published with its sourceEvery price has a source URL, every score a provenance label, every recommendation its reasoning.
(01)OUR THESIS

What we believe.

Security advice is mostly conflicted. Resellers, commissions, sponsored research — and the buyer sits in the middle.

Most of a security decision is calculable — the products, the prices, the coverage, the exposure. The industry sells that calculable part as six-week, six-figure consulting.

We do the calculable part in a single session — sourced, auditable, refreshable. Your judgment goes where it counts: the politics, the regulator, the board.

The second belief: publish the math. Every price has a source URL, every score a provenance label, every recommendation its reasoning.

If we can't defend it in writing, we don't ship it.

(02)THE TEAM & THE ROAD

One founder. Going deeper.

One founder and a focused engineering practice on a deterministic spine — no invented team page. What ships today is the floor, not the ceiling: more analysis, more vendors, more provable findings.

Want to talk to a human? hello@cybertwin.io or book time at cal.com/cybertwin/intro (15-minute calls).

(03)BY THE NUMBERS

What's actually in the engine, right now.

Every number on this page is derived live from the codebase — not a marketing claim. If we ship a new framework or vendor, the number ticks up automatically. If we drop one, it ticks down.

  1. Compliance frameworksscored simultaneously24
  2. Catalog productswith verified prices99
  3. Configuration audits1917 deterministic checks37
  4. Cross-vendor extractorsfeed the attack-path graph15
  5. MITRE techniquesmapped to edge types26
  6. Threat actor categoriespaths matched by TTP overlap11
  7. Insurance carriersauto-fill questionnaires5
  8. Boardroom-grade reportsfrom one upload12
  9. Automated testsre-counted per release · rounded down9,000
(04)CUSTOMERS & REFERENCES

References, when they're real.

As CISOs sign on and agree to public attribution, their stories land here. We don't run logo walls of unconfirmed customers, and we don't pay for testimonials.

We're early. A logo wall of "pilots" that never signed is the credibility trap — we're not walking into it.

What ships here, when it's real: one customer per story, named and titled, one specific quote, and the metric we moved. Nothing anonymous, nothing paid for.

Want founder-direct access while we're early? Tell us about your environment.

Start the conversation →
The fastest way to evaluate the company

Use the product.

The honest case for whether CyberTwin is real isn't on the About page. It's in the assessment output, the methodology PDF, and the sample report. Spend 10 minutes with those.