CyberSentien assesses once against your real evidence and reports everywhere — deterministic verdicts, honest coverage, tamper-evident lineage on every report. Controls without evidence read “manual assessment required”, never a fabricated pass. Built for assessors, practices, banks and AI providers.
Run a real assessment on sample docs → Book a founder demoOpen the gated demo and run the REAL engine on a synthetic sample library spanning strong evidence through to poor — so you can watch it stay honest no matter what it's fed. Instant sample reports open immediately from cached scenarios — pre-run assessments over the same library — then a live run takes a couple of minutes, because it's real work, not a scripted animation. Output stays watermarked until you subscribe; the trial itself is never gated.
CPS 230 operational resilience and CPS 234 information security posture from live evidence — board and regulator packs, material-supplier registers, no false green. The engine is the evidence layer; it does not replace an APRA-appointed tripartite reviewer.
Consultant-grade depthISM/IRAP assessment at the depth an IRAP assessor documents — the full ISM catalogue with SAR generation, Essential Eight across ML1–ML3, evidence mapped control by control. Australia's real moat.
Depth badged per laneEvery framework live on the engine, one book of work: per-engagement scoping, evidence freshness measured — not asserted — and reports carrying an Evidence Freshness Statement. IRAP-grade on ISM/E8, Tier-A breadth elsewhere.
Tier-A breadthMulti-jurisdiction AI governance from one evidence base — EU AI Act, ISO/IEC 42001, NIST AI RMF, plus every national instrument live on the catalogue, enumerated on the solutions page rather than promised. The one axis where our reach is already genuinely global.
Served via security lensOAIC breach duties and buyer security clauses served through ISO 27001, SOC 2, Essential Eight and third-party risk. Honest position: no dedicated health-sector catalogue on the engine today — we say that plainly rather than badge it green.
Served via existing lanesSOCI risk-management-program obligations served through Essential Eight maturity, ISM depth and third-party risk registers. Honest position: no dedicated SOCI catalogue yet — where an obligation is not covered, the posture says so.
Not a bank, not an agency, not a hospital? The engine is framework-driven, not industry-templated. If your obligations map to the frameworks live on the catalogue, the same machinery serves you — and if they don't, we say so and it goes on the roadmap, not on your report.
Locked founder pricing, a direct line to the founder, and real roadmap input. We build the case studies together — that's the deal.
Every report carries a validation run id and a SHA-256 integrity anchor chained into a tamper-evident ledger — auditors, regulators and your clients can verify a CyberSentien report is genuine and unmodified. No logo proves that.
Coverage is measured against full catalogues; controls without evidence say “manual assessment required”, never a fabricated pass. The same rule governs this website: every number here was read from the engine when the site was built.
A working demo on live machinery — not slides. Tell us where you sit and we'll send a gated, revocable demo link.