Security as a continuous loop, not a checklist
Serpentine replaces fragmented security stacks with one unified platform. Ten modules on one security graph — autonomous agents that act and a sovereign brain they reason on, in one operational loop that runs continuously.
Foundation
Core principles
The architectural decisions that make unified security possible.
One canonical data model
Every finding, asset, and control lives in a single normalized schema. No translation layers, no import mappings, no data silos.
When Odbrana discovers a vulnerability, Napad can validate it immediately. When Postava hardens a system, Regulativa knows the control is enforced. No manual correlation required.
Shared security graph
All modules read from and write to the same state. Context flows naturally between disciplines without integration overhead.
The security graph connects assets to findings to remediations to evidence. Every action updates the graph. Every module benefits from every other module's work.
Continuous operational loop
Security is not a point-in-time assessment. The platform runs continuously, with each cycle strengthening your security posture.
Harden, discover, validate, prove. Then repeat. Each iteration builds on the last, creating compounding security improvements over time.
Validation before closure
Findings are not closed when tickets are marked done. They are closed when exploitation is no longer possible.
Napad re-validates every remediated finding before it leaves the queue. Closure without validation is a compliance gap waiting to happen.
The Loop
Eight verbs, one continuous cycle
Security operations flow through Detect · Enforce · Challenge · Govern · Investigate · Oversee · Classify · AI-Secure, then repeat.
Detection (ODBRANA)
Detect
Find vulnerabilities across your entire attack surface with unified scanning.
What happens
- Multi-vector scanning initiated
- Web, cloud, code, container, mobile coverage
- Findings normalized to canonical schema
- Cross-correlation applied
- Risk scoring calculated
Output
Unified finding inventory with business context
Writes to graph
Findings, risk scores, affected assets, remediation paths
Hardening (POSTAVA)
Enforce
Establish and maintain your security baseline with continuous hardening.
What happens
- Agent deploys to infrastructure
- Baseline configuration assessed
- CIS/DISA benchmarks applied
- Drift detection activated
- Hardening recommendations generated
Output
Secure baseline with continuous drift monitoring
Writes to graph
Asset inventory, configuration state, compliance posture
Offense (NAPAD)
Challenge
Prove exploitability before prioritizing remediation resources.
What happens
- High-risk findings selected for validation
- AI-guided exploitation attempted
- Proof-of-concept generated
- Business impact assessed
- Validation evidence captured
Output
Validated risk with exploitation proof
Writes to graph
Validation status, PoC artifacts, true risk classification
Governance (REGULATIVA)
Govern
Generate audit evidence automatically from security operations.
What happens
- Control requirements mapped to 35 frameworks
- Evidence collected from operations
- Declared vs observed state compared
- Gaps identified and remediated
- Audit package assembled
Output
Continuous compliance with audit-ready evidence
Writes to graph
Control status, evidence chain, compliance posture
Investigation (ISTRAGA)
Investigate
LLM-guided investigations and corpus-backed reasoning across the security graph.
What happens
- Investigation queries run against substrate
- Adversary emulation scenarios constructed
- Attack paths validated
- Threat actor profiles matched
- Research corpus consulted
Output
Investigation findings with reasoning chain
Writes to graph
Investigation outputs, attack paths, adversary correlations
Oversight (NADZOR)
Oversee
Surface identity intelligence from directory services and code repositories.
What happens
- Entra ID, Okta, GitHub connected
- Identity baseline established
- Access anomalies detected
- Privilege escalation paths mapped
- Identity findings correlated to assets
Output
Identity risk signals on the same register as vulnerabilities
Writes to graph
Identity anomalies, access patterns, privilege context
Classification (PODATOCI)
Classify
Catalogue data assets and apply sensitivity classifications.
What happens
- Data stores discovered and catalogued
- PII/PCI/PHI/secrets classified
- Exposure ranking calculated
- Classification labels attached to assets
- Breach scope pre-calculated
Output
Data classification that drives finding prioritization
Writes to graph
Data classifications, sensitivity labels, exposure rankings
AI-Security (PROTIVAI)
AI-Secure
Protect AI/LLM workloads from prompt injection to supply chain.
What happens
- AI/LLM endpoints inventoried
- Prompt injection detection enabled
- Model supply chain checked
- AI-specific threats monitored
- AI incidents correlated to infrastructure
Output
AI security findings on the unified risk register
Writes to graph
AI incidents, model risks, prompt injection findings
Comparison
Traditional vs. unified approach
The architectural difference that changes everything.
Outcomes
What unified security delivers
The measurable results of a truly integrated approach.
10x
Faster mean time to remediate
No handoffs, no context switching, no waiting for different teams
100%
Finding validation coverage
Every high-risk finding validated before resources are allocated
Zero
Manual evidence collection
Compliance evidence generated automatically from operations