The Blog
Our place for thought sharing, question answering and news announcing.
Why Do You Need a Penetration Test for LLM-Enabled Applications?
From a hacker’s perspective, an LLM-powered app can look like a cooperative insider. In this blog post, we explain why LLM integrations are inherently risky, the real-world attacks they face, and why specialised penetration testing is essential.
See more
Why It's Not Possible to Map DORA vs ISO 27001 vs NIST CSF
DORA, ISO 27001, and NIST CSF may look similar on the surface, and plenty of gap analysis templates promise to align them. But here’s why that might not be the best idea.
See more
DORA Microenterprise Requirements: Everything You Need to Know
Thanks to DORA's principle of proportionality, smaller organisations face lighter requirements than larger financial entities in many areas and are fully exempt from others. Here's what microenterprises need to know.
See more
Expert Advice on DORA Penetration Testing
All DORA-covered entities must test their systems using what DORA refers to as "appropriate tests” to ensure they are resilient. So, what is an “appropriate test”?
See more
What Does a Red Teamer Do? We Asked a Full-Time Red Teamer
What does a red teamer actually do in real life? To give you the full story and a realistic look at what it means to be a red teamer, we asked a full-time SECFORCE red teamer about his day-to-day job.
See more
DORA Major Incident Reporting In 15 Steps
Most of the work involved in DORA incident reporting happens well before an incident occurs across these 15 steps. Organisations must follow this process to prepare for DORA incident reporting.
See more