CyberTwin
Assess tier · Threat intel

Breach Replay — A CVE is trending. Type its ID — see if it reaches you.

Type today’s headline CVE. Does it reach your crown jewels?

Paste the CVE id and Breach Replay replays it against your twin — a verdict, a cited facts card, the routes a foothold could ride, priced. No agent, no live scan.

Everything is labeled proven or modeled. A CVE we can’t resolve gets no guess — that restraint is the point.

No agent · No live scan · No re-upload · Included from the Assess tier up
The verdict

The one line you can forward to the board.

Every replay resolves to one of five honest verdicts. Deliberately conservative — it never says “you are vulnerable”, only whether the modeled path exists, and it shows its work underneath.

EXPOSED(modeled)

A foothold via this technique could ride a route in your twin to a crown jewel. Shown with the modeled dollar exposure across those routes.

DEFENDED(proven)

You have already proven every control that defends the technique, and no modeled route reaches a crown.

NOT APPLICABLE

We don’t see the affected product in your uploaded artifacts — so this CVE likely doesn’t apply to you.

UNKNOWN

There’s nothing to trace to yet — declare a crown jewel (and upload your estate) and we’ll trace whether it reaches anything that matters.

NO-GUESS

The CVE can’t be resolved against the databases. We return a plain refusal instead of a fabricated technique.

The Breach Replay surface — type a CVE ID and replay it against your modeled twin.
Sample environment (seeded demo) · as of upload · point-in-time snapshot, no live scan
1
Type

Paste the CVE id

CVE-2023-27997, straight from the headline — the engine resolves it to affected products and techniques.

2
Replay

The twin takes the exploit

A modeled foothold lands where that product lives in YOUR twin, and the engine walks every route it could ride.

3
Verdict

One honest line, with its work

Reaches a crown: the routes, priced, labeled modeled. Not present: it says so. Unresolvable: no guess.

The worked example

One CVE, replayed end to end.

Paste CVE-2023-27997 (FortiOS, on CISA KEV since 2023-06-13). The facts card, the routes, and the dollar figure below are a modeled example for the fictional Acme Capital estate.

The verdict. If your twin holds a crown jewel behind that firewall, it reads: “Yes — if CVE-2023-27997 gives an attacker a foothold via T1133 (External Remote Services), your twin shows the routes to your crown jewels, with the modeled dollar exposure.” No FortiGate in your uploaded artifacts and it flips to: “We don’t see fortinet fortios in your uploaded artifacts — CVE-2023-27997 likely doesn’t apply. Upload the config to confirm.”
CVE-2023-27997
$1,240,000
T1133 · External Remote ServicesCISA KEV — actively exploited since 2023-06-13EPSS — 30-day exploit probabilityfortinet · fortioscurrent as of today
FortiGate VPN → flat internal segment → unsegmented database (crown) · cross-surface · p50 $420,000

Printed on the card: facts from the authoritative databases, dated; routes are your twin’s modeled and proven paths a foothold could ride — not a claim that your specific box is exploitable.

For T1133, the defending controls are NIST 800-53 AC-17, SOC 2 CC6.6, and ISO 27001 A.8.20. Prove the undefended ones — upload the firewall or identity config that enforces them, and Configuration Review proves them rule-by-rule — and the same CVE stops reaching your crowns. Findings you can prove, not attest.

Why this is defensible

The restraint is the product.

Every other “does this CVE reach you” tool either runs an agent on your boxes or quietly guesses. Breach Replay does neither, and says so on the screen.

CVE facts are cited, never invented.

They come from the authoritative databases or our cited baseline — a CVE we can’t resolve gets a plain refusal, not a fabricated technique.

Applicability is modeled, not scanned.

It’s a product-name match against artifacts you already uploaded. We say “we see the affected product” or “we can’t confirm it” — never “you are vulnerable.”

The blast radius is your twin, not your live box.

The routes are modeled and proven paths a foothold could ride — not a claim the specific device is exploitable.

A defense reads PROVEN only when proof backs it.

A real artifact-tested ledger entry, from a live config parse — not a checkbox in a spreadsheet.

WHAT A NO-GUESS LOOKS LIKE

“That CVE isn’t in our CVE intelligence yet — we won’t guess. We resolve CVEs against the authoritative CVE databases (NVD, CISA KEV, FIRST EPSS) and our curated technique map — never a fabricated mapping.”

That single refusal is the trust signal the rest of the page is built to earn.

Questions

Not a demo skin over a language model.

Do you run an agent or scan my live boxes?
No agent, no live scan. Breach Replay replays the CVE against the twin built from the artifacts you already uploaded — applicability is a modeled product-name match, never a probe of the running device.
What happens when a CVE isn’t in your intelligence?
You get a plain no-guess refusal. We resolve CVEs against the authoritative databases (NVD, CISA KEV, FIRST EPSS) and our curated technique map — never a fabricated mapping to fill the screen.
Does a verdict claim my device is exploitable?
Never “you are vulnerable.” The blast radius is your modeled twin — the routes a foothold could ride if this technique lands — labeled proven or modeled, not a claim the specific box is exploitable.

Everything Breach Replay prints is labeled proven or modeled, and a CVE we can’t resolve gets a plain no-guess — that restraint is the point.

Coverage

A CVE is trending right now. Is it a threat to you?

Included from the Assess tier up — every paid plan can replay a CVE against its twin. No add-on, no separate SKU.

26 distinct MITRE ATT&CK techniques · 15 security tools cross-stitched · 11 threat-actor categories, described by behavior — never a named group · 9,000 automated tests

Full coverage & honesty detail → /features#coverage

Assess
$4,800/yr
or $499/mo — cancel anytime

Decide what to do — architecture design, current-state review, and compliance scoring, board-ready.