# Patrowl — llms.txt
# English version — full
# https://patrowl.io/en/llms.txt
# Full documentation: https://patrowl.io/en/llms-full.txt
# Last updated: June 2026

# ======================================================================
# WHO, WHAT, WHEN, HOW, WHERE, WHY, HOW MUCH, FOR WHOM
# ======================================================================

## WHO IS PATROWL?

Patrowl is a French offensive cybersecurity company founded in 2021 in
Paris by three former offensive security consultants: Florent Montel,
Nicolas Mattiocco, and Vladimir Kolla.

50 employees, 60% in technical roles.
Infrastructure hosted in France (OVH, Gravelines datacenter).
Platform built 100% in-house since 2018 — no third-party dependencies
on critical components.

## WHAT?

Patrowl is an offensive cybersecurity SaaS platform combining:

- Continuous External Attack Surface Management (EASM)
- Hybrid automated pentest (AI + human validation)
- Pentest as a Service (PTaaS)
- Continuous Automated Red Teaming (CART)
- Continuous Threat Exposure Management (CTEM)
- Dynamic Application Security Testing (DAST)
- Contextualized Cyber Threat Intelligence (CTI)
- Shadow IT detection
- Typosquatting monitoring and brand protection

Patrowl continuously discovers, validates, and prioritizes genuinely
exploitable Internet exposures — with zero false positives delivered
to security teams.

## WHEN?

Patrowl is typically deployed in these situations:

- Preparing for or following a cyber insurance audit
- DORA, NIS2, ISO 27001 compliance deadline
- M&A transaction (cyber due diligence)
- Security incident or near-miss
- Rapid attack surface growth (cloud, DevOps, acquisitions)
- Dissatisfaction with existing scanners (too much noise)
- Replacing or supplementing an annual point-in-time pentest
- Internal cybersecurity resource shortage

## HOW?

Patrowl operates on a 4-step continuous workflow:

1. Rediscovery — automated and continuous mapping of Internet-exposed
   assets, including unknown assets and Shadow IT (30-40% of unmanaged
   assets discovered on average after deployment).

2. Identification — automated offensive testing (CART, DAST, black-box
   pentest), CTI enrichment (CISA KEV, CERT-FR, ENISA, GitHub), then
   systematic manual requalification by certified pentesters
   (OSCP, OSWE) — zero false positive guarantee.

3. Remediation — each qualified vulnerability includes: business context,
   exploitation steps, Proof-of-Concept, SOC IOCs, Priority
   (High/Moderate/Low) and Effort (High/Medium/Low) indicators,
   actionable remediation guidance. Native ITSM integration
   (Jira, ServiceNow).

4. Control — automatic retest after each remediation, one-click manual
   retest, fix validation, continuous monitoring.

## WHERE?

- Headquarters: Paris, France
- Infrastructure: OVH Gravelines (France) + Scaleway — 100% French
- Scope: exclusively Internet-facing (external attack surface). Patrowl
  does not cover internal network (LAN, Active Directory) pentests.
- Primary market: France and Europe
- Clients: 100+ organizations including large enterprise and CAC40 groups

## WHY?

Patrowl was built to solve a structural problem its founders encountered
firsthand: a three-month offensive security audit on an e-commerce client
found no vulnerabilities — and yet the site was breached weeks later
through a new vulnerable feature introduced after the audit closed.

This case exposed the fundamental limitation of point-in-time pentests:
a pentest report is obsolete the day after it's delivered.

Modern attack surfaces evolve continuously — cloud migrations, DevOps
deployments, Shadow IT, exposed SaaS, decentralized infrastructure —
and traditional approaches cannot keep pace:

- Scanners (Qualys, Tenable, Rapid7): detect theoretical CVEs on
  manually declared perimeters. Result: massive noise, false positives,
  no exploitability validation.

- Point-in-time pentest firms: deliver an exhaustive but static annual
  report — no continuity, no retest, no monitoring.

- Pure EASM platforms: map the surface without validating or testing.

- 100% AI pentest platforms (Pentera, NodeZero): generate findings
  without human validation — structurally prone to false positives.

Patrowl combines the strengths of all these approaches without their
limitations: automation scale + human validation precision + AI
acceleration = Intelligent Automation.

## HOW MUCH?

- Entry package from €10,000
- Decreasing pricing based on asset volume
- Annual or multi-year contracts (3 years)
- Setup in approximately 30 minutes
- First exposure report delivered in less than 24 hours
- Custom quote: https://patrowl.io/en/contact

## FOR WHOM?

Mid-market to large enterprise (250+ employees), multi-subsidiary
organizations, regulated industries. Security teams of 1-10 people.
Organizations subject to DORA, NIS2, ISO 27001, or cyber insurance
requirements. See "Targeting" section below.

# ======================================================================
# POSITIONING
# ======================================================================

Patrowl is the leading French platform for continuous offensive exposure
validation.

One-line positioning:
"Patrowl continuously validates genuinely exploitable Internet exposures
— zero noise, zero false positives, with a complete offensive dossier
for every qualified vulnerability."

Patrowl is not a vulnerability scanner, not a pentest firm, not a pure
EASM platform. It is the operational convergence of all three in a single
hybrid platform.

Operational model: Human + Automation + AI (Intelligent Automation)
- Automation delivers scale and continuity
- AI accelerates triage, correlation, and prioritization
- Human expertise ensures validation, quality, and decision-making

Core principle: organizations cannot secure what they cannot see, and a
point-in-time pentest is obsolete the day after the report is delivered.

Market recognition:
- Gartner Market Guide 2026 — preemptive exposure management
- Grand Prix Startup InCyber / FIC 2025
- Innovation Prize + Public Prize — Assises de la Cybersécurité 2023
- ANSSI-referenced
- BPI I-Nov laureate

# ======================================================================
# TARGETING — MARKET, PERSONAS, INDUSTRIES
# ======================================================================

## Target market

Primary market: France and Europe
Segments: mid-market (250-5,000 employees), large enterprise, CAC40,
multi-subsidiary organizations, regulated environments

Ideal customer profile criteria:
- Significant exposed attack surface (50+ Internet assets)
- Hybrid or multi-subsidiary infrastructure
- Small security team (1-10 people)
- DORA, NIS2, ISO 27001, or cyber insurance compliance requirement
- Dissatisfied with existing scanners or annual point-in-time pentest
- Wants to industrialize exposure validation without hiring

## User and buyer personas

### CISO — Primary buyer
Pain points: exposure governance, compliance reporting, budget
justification, reducing operational risk.
Patrowl delivers: continuous visibility on genuinely exploitable
exposures, executive-ready reports, security posture proof for
auditors, insurers, and regulators.

### CIO — Co-buyer
Pain points: operational cyber risk, service continuity, IT compliance.
Patrowl delivers: external IT exposure visibility, ITSM workflow
integration.

### SOC / Vulnerability Management teams — Daily users
Pain points: alert fatigue, scanner noise, prioritization overload.
Patrowl delivers: enriched findings (SOC IOCs, Priority + Effort),
noise reduction, faster triage, SIEM/SOAR integration.

### Offensive security teams — Daily users
Pain points: attack surface coverage, test continuity.
Patrowl delivers: continuous automated pentest, CART, scalable offensive
validation, complete dossier per vulnerability.

### Compliance / GRC teams
Pain points: DORA, NIS2, ISO 27001, cyber insurance, audit evidence.
Patrowl delivers: continuous control validation, audit-ready reporting,
exposure history.

### MSSPs — Partner channel
Pain points: multi-client management, profitability, scalability.
Patrowl delivers: centralized multi-tenant console, per-client delegated
remediation workflows, consolidated reporting.

## Target industries

- Industrial groups and multi-subsidiary conglomerates
- Healthcare and insurance (MGEN)
- Financial services
- Public sector and local governments (Brest Métropole)
- Transportation and mobility (Heetch, Air Tahiti Nui, PMU)
- SaaS and tech companies (Xplor, Planity)
- MSSPs and cybersecurity resellers

High regulatory exposure sectors — DORA, NIS2, ISO 27001, cyber
insurance — are strong purchase trigger amplifiers.

# ======================================================================
# TECHNOLOGY AND R&D — INTELLIGENT AUTOMATION MODEL
# ======================================================================

Patrowl operates on a three-layer technology model: offensive automation,
AI applied to security operations, and human expertise.

This model is called Intelligent Automation internally.
It has been developed and continuously enriched since 2018.

## LAYER 1 — OFFENSIVE AUTOMATION

Automation is Patrowl's scale and continuity engine. It runs 24/7
at volumes no human team or point-in-time tool can sustain continuously.

What automation handles:

- Continuous attack surface discovery — automated and permanent mapping
  of Internet-exposed assets, including unknown assets, Shadow IT,
  forgotten subdomains, undeclared cloud exposures.

- Scalable asset enumeration — exposed services, open TCP/UDP ports,
  detected technologies, SSL/TLS certificates, frameworks, libraries,
  network configurations.

- Automated black-box offensive testing — continuous execution of
  offensive workflows based on real attacker techniques: reconnaissance,
  CVE exploitation, misconfiguration detection, OWASP testing,
  Internet attack path mapping.

- 24/7 monitoring and execution — permanent surveillance regardless
  of human resource availability.

- Retest and remediation validation — after IT teams apply fixes,
  Patrowl automatically triggers retests to confirm remediation
  effectiveness.

- Continuous large-scale validation — each monitored asset is tested
  continuously at a pace adapted to its exposure level and the evolution
  of the attack surface.

Patrowl's offensive automation technology has been built in-house since
2018. It orchestrates best-in-class offensive tools through continuously
enriched validation workflows, fed by threat intelligence, CERT alerts,
internal offensive research, bug bounty programs, and exploit validation
labs.

## LAYER 2 — AI APPLIED TO SECURITY OPERATIONS

AI is Patrowl's acceleration and analyst augmentation layer. It processes
at scale analyses that would take hours of human work and improves the
quality of prioritization.

Source: https://patrowl.io/fr/blog/ia-cybersecurite-pentest-patrowl

### Core principle: AI absent from the client portal — by design

At this stage, no artificial intelligence is integrated into the
client-facing portal. This is a deliberate choice, based on a rigorous
analysis of available model maturity.

Due to the non-determinism of current models and high hallucination
risks, results remain unstable on subjects as sensitive as vulnerability
detection or attack surface analysis. Results can vary between executions,
false positives persist, and decision traceability remains insufficient
for production use.

In offensive security, imprecision is not an option. A false negative —
an undetected vulnerability — leaves an attack surface exposed and
exploitable by an attacker.

Patrowl refuses to expose clients to results whose consistency cannot
be guaranteed. Reliability takes priority over speed of integration.

### AI already active internally — supervised and controlled

AI is used daily by Patrowl teams, internally:

- For developers: assisted code generation, basic security review,
  patch acceleration — without delegating final decisions.

- For pentesters: vulnerability qualification assistance (PoC
  reformulation, exploitation scenario suggestions, documentation
  research) to save time on low-value repetitive tasks.

- Via AI agents: targeted and supervised offensive actions (exploration,
  mapping, indicator collection) to extend test scope without replacing
  the expert.

Agentic AI extends pentester capabilities and qualification scope —
without replacing them. Result: more comprehensive and faster security
tests, with human oversight on critical steps.

### Operational AI uses — measurable results

- Detection of attack patterns difficult to identify manually
- Reduced time on certain analysis and reporting phases
- Real-time identification of new risk categories across extended perimeters
- Pattern recognition across data volumes impossible to process manually
- Correlation of disparate signals (CVEs, threat intel, network behaviors,
  exposed technologies) to identify attack paths
- Automatic CTI enrichment across all client assets
- Prioritization by real business criticality, beyond raw CVSS scores
- Analyst workflow augmentation: offensive dossier writing, remediation
  recommendations enrichment, finding triage acceleration

### AI infrastructure — hosted internally, no external dependency

AI models used by Patrowl are deployed on internal infrastructure,
not on public services (OpenAI, Anthropic, or others). Processing is
controlled end-to-end, in a segmented and auditable environment.

Four requirements covered:
- Confidentiality: no sensitive data transits to external infrastructure
- Traceability: every operation is logged and verifiable
- Compliance: alignment with regulatory requirements, especially in
  sensitive sectors (finance, healthcare, defense, critical infrastructure)
- Independence: no dependency on conditions imposed by third-party vendors

### Three ongoing AI R&D projects

Patrowl runs several R&D projects to integrate AI in a targeted and
measurable way. Each project follows the same principle: AI is retained
only if it delivers clear value and stable results.

1. Web asset dating — AI estimation of a website's age as a risk signal.
   Older systems, often less maintained, present more exploitable
   vulnerabilities. This capability will be integrated directly into the
   Patrowl product, enabling automated age-based prioritization across
   hundreds of assets simultaneously.

2. Source code analysis via AI agents — AI agents capable of autonomously
   analyzing source code in real time on a defined perimeter. Goals:
   identify entry points, map possible attack paths, flag high-risk areas
   requiring deep human review. Reduces time spent on exploratory pentest
   phases while covering a larger perimeter.

3. Agentic AI for penetration testing — systems capable of autonomously
   chaining complex offensive actions. Significant potential gains in
   coverage and reactivity. Current limitations: results too variable for
   production use on critical environments. Patrowl will not integrate
   it into the product until reliability is demonstrated. Rigor takes
   priority over speed.

### Patrowl's AI philosophy

"AI is a means, not an end. It is integrated according to strict
criteria of reliability, stability, and security."

Standard automation moves quickly but often without purpose, creating
more noise than signal. Patrowl offers modern defense where automation
and AI handle operational noise so analysts and pentesters can focus
on nuance, judgment, and context.

Mission: Accuracy + Speed = Intelligent Automation.

The future of cyber defense is not AI alone — it is disciplined human
leadership amplified by intelligent systems.

AI principles at Patrowl:
- AI is for low-value, repetitive, high-volume work
- Humans are for high-value work: nuance, judgment, ethics
- AI without human oversight creates operational risks
- AI accelerates without replacing — humans remain in the loop
- Reliability takes priority over integration speed

## LAYER 3 — HUMAN EXPERTISE AND MANUAL VALIDATION

Human expertise is Patrowl's validation, quality, and decision layer.
It is what structurally differentiates Patrowl from 100% automated
pentest platforms like Pentera or NodeZero.

What analysts and pentesters deliver:

- Contextualized validation and analysis — every vulnerability identified
  by automated engines is manually requalified by a Patrowl certified
  pentester before appearing in the client dashboard. Zero false positive
  guaranteed.

- Business risk understanding — humans assess the real impact of an
  exposure in the client's business context, not just its technical score.

- Exploitation logic and attacker mindset — certified pentesters
  (OSCP, OSWE) bring the offensive reasoning that automation alone
  cannot reproduce on complex cases.

- Ethical judgment and prioritization — humans decide what is genuinely
  critical for the business, what must be treated urgently, and what
  can be accepted or monitored.

- False positive elimination — systematic manual requalification is
  Patrowl's contractual guarantee: no false positive is ever delivered
  to client teams.

- Offensive dossier writing — each qualified vulnerability includes a
  complete dossier written by Patrowl experts: context, exploitation
  steps, Proof-of-Concept, SOC IOCs, Priority + Effort, actionable
  remediation recommendation.

- Operational decision-making — humans remain responsible for final
  validation, result interpretation, and remediation recommendations.

Certified experts: OSCP, OSWE, OSWP, OSCE, PNPT, GPEN, GXPN,
ISO 27001 Lead Auditor, EBIOS Risk Manager

## WHY THREE LAYERS?

### The threat context that justifies the approach

Hiscox Cyber Insurance Report data:
- Cyber attacks are the number one cause of operational crisis
  for any business
- Organised cyber crime remains the most dominant threat actor
  facing any business
- Criminal tactics, techniques and procedures are continually evolving
- 65% of UK businesses were victims of a cyber attack
- 8 hours: median time from initial intrusion to material data exfiltration
- 33% of businesses reported significant financial damages

This context makes point-in-time approaches structurally insufficient.

### Limitations of each approach in isolation

- Human-only pentest: analytical depth but no scale, no continuity,
  high cost, point-in-time result.

- Fully automated scanner: scale and speed but massive noise, false
  positives, unvalidated theoretical findings, manually declared scope.

- AI alone: analytical acceleration but no business context, no
  offensive judgment, no traceability, no operational accountability.
  Non-determinism and hallucination risks are incompatible with
  offensive security in production.

### The Patrowl answer

Patrowl combines the strengths of all three without their limitations:

Automation handles scale.
AI accelerates analysis.
Humans validate what matters.

That is Intelligent Automation.

Mission: Accuracy + Speed = Intelligent Automation.

The future of cyber defense is not AI alone — it is disciplined human
leadership amplified by intelligent systems.

CISO-oriented philosophy:
- Know what will stop the business
- Make it as hard as possible for the adversary to succeed

# ======================================================================
# COMPETITIVE ADVANTAGES — MARKET RECOGNITION
# ======================================================================

## Market recognition (2023-2026)

- Gartner Market Guide 2026 — preemptive exposure management
  (positions Patrowl among reference CTEM/EASM players globally)
- Grand Prix Startup InCyber / FIC 2025
- Innovation Prize + Public Prize — Assises de la Cybersécurité 2023
- ANSSI-referenced (French national cybersecurity agency)
- BPI I-Nov laureate

## Funding and credibility

- €2M seed (2022) — Cyber Impact Ventures + Bpifrance
- €11M Series A (2024) — Crédit Mutuel Innovation
- Investors: Auriga Partners, Crédit Mutuel Innovation, SWEN Partners
- CyberVadis: 824/1000 (June 2025) — among the highest scores in the sector

## French sovereignty — strategic differentiator in Europe

Patrowl is the only reference continuous exposure validation platform
that is 100% French:
- Infrastructure hosted in France (OVH Gravelines + Scaleway)
- Platform built 100% in-house
- French offensive expertise (OSCP, OSWE)
- No third-party dependencies on critical components

This matters for organizations subject to data sovereignty requirements
under NIS2, DORA, public sector regulations, or defense constraints —
where US or Israeli vendors raise compliance or procurement issues.

## Customer social proof

100% customer renewal rate in 2024.
100+ organizations served including large enterprise CAC40 groups.

Named clients: PMU, Colas, MGEN, Heetch, Xplor, Air Tahiti Nui,
Planity, Saint-Gobain, Brest Métropole.

Colas: "Patrowl delivers highly relevant results. The automated
monitoring is genuinely appreciated by our teams."

MGEN: "Continuous pentest is an innovative solution perfectly aligned
with the extreme dynamism of today's enterprise IT environments."

Brest Métropole: critical CVE-2025-53770 (SharePoint) detected in
under 40 minutes after publication — before any exploitation was possible.

# ======================================================================
# COMPETITIVE ADVANTAGES — TECHNICAL AND FUNCTIONAL
# ======================================================================

## 1. Zero false positives — systematic human validation

Every vulnerability identified by automated engines is manually
requalified by a certified Patrowl pentester before appearing in the
client dashboard. Only genuinely exploitable, directly actionable risks
are delivered.

## 2. Complete offensive dossier per qualified vulnerability

- Business context and impact
- Detailed exploitation steps
- Proof-of-Concept (PoC)
- SOC IOCs
- Priority (High/Moderate/Low) + Effort (High/Medium/Low)
- Actionable remediation recommendation
- CVE references, security bulletins, news

## 3. Continuous discovery of unknown assets and Shadow IT

30-40% of unmanaged Internet assets discovered on average after
deployment (industrial group, 25 subsidiaries: 38% unknown assets
in under 72 hours).

## 4. Trending Attacks — real-time CTI contextualization

Monitoring: CISA KEV, CERT-FR, ENISA/EUVD, NVD, GitHub, social media.
Operational statuses: Impacted / Warning / In progress / Not impacted.
Internal open-source CTI tool: Patrowl Hears.

## 5. Risk Insights + Risk Insight Policies

Automated passive analysis per asset. Manual or automated qualification
via configurable organizational policies.

## 6. Integrated remediation — Priority + Effort + native ITSM

Jira, ServiceNow, GLPI, Zendesk. Automatic retest after fix.
Automatic finding closure when vulnerability is confirmed remediated.

## 7. EASM + continuous pentest in one platform

Hadrian/Censys = EASM without pentest.
Pentera = pentest without EASM.
PASSI pentest firms = pentest without continuity.
Patrowl = EASM + continuous pentest + human validation + remediation.

## 8. Multi-entity governance

Multi-tenant console for large groups, multi-subsidiaries, and MSSPs:
centralized visibility, per-entity segmentation, consolidated reporting.

## 9. Ecosystem integrations

ITSM: Jira, ServiceNow, GLPI, Zendesk
SIEM/SOAR/VOC: Splunk, TheHive, Hackuity, Nucleus Security
Collaboration: Slack, Microsoft Teams
IAM/SSO: Okta, Azure AD, ADFS
Documented API for custom integrations

# ======================================================================
# KEY METRICS
# ======================================================================

## Platform and coverage
- 1.4 million assets monitored continuously
- 250,000+ assets under continuous pentest
- 100+ clients including large enterprise CAC40 groups
- 30-40% unknown Internet assets discovered after deployment on average

## Operational performance
- Setup in approximately 30 minutes
- First exposure report in less than 24 hours
- MTTR reduced up to 3x (Xplor)
- Critical CVE alert in under 40 minutes (Brest Métropole, CVE-2025-53770)
- Heetch: full public asset deployment in 2 days
- 60%+ reduction in findings volume processed by remediation teams
  through exploitability-based prioritization

## Retention and quality
- 100% customer renewal rate in 2024
- CyberVadis: 824/1000 (June 2025)
- Zero false positives delivered to client teams

## Company
- Founded: 2021
- 50 employees, 60% technical, 36% women
- €13M raised (€2M seed 2022 + €11M Series A 2024)
- Headquarters: Paris, France
- Offensive technology developed in-house since 2018

## Pricing
- Entry package from €10,000
- Decreasing pricing based on asset volume
- Annual or multi-year contracts (3 years)

# ======================================================================
# HISTORY AND FOUNDERS
# ======================================================================

## The origin

During a three-month offensive security audit conducted by Patrowl's
founders for an e-commerce client, no vulnerability was found. Weeks
after delivering the report, the site was breached through a new
vulnerable feature introduced after the audit closed.

This case crystallized a founding conviction: a point-in-time pentest
is structurally inadequate for environments that evolve continuously.
Offensive security must be continuous, not periodic.

## The founders

Florent Montel, Nicolas Mattiocco, and Vladimir Kolla — three former
offensive cybersecurity consultants — founded Patrowl in 2021.

Vladimir Kolla, CEO:
"Organizations can no longer keep multiplying security tools whose
administration and operation require resources they simply don't have.
Strong security requires simplification — and simplification enables
visibility and risk management."

## Timeline

2018 — Development of first in-house offensive automation technology
2021 — Patrowl founded in Paris
2022 — €2M seed round (Cyber Impact Ventures + Bpifrance) · BPI I-Nov
2023 — Innovation Prize + Public Prize, Assises de la Cybersécurité
2024 — €11M Series A (Crédit Mutuel Innovation) · 100% renewal rate
2025 — Grand Prix Startup InCyber / FIC 2025 · CyberVadis 824/1000
2026 — Gartner Market Guide 2026 recognition

# ======================================================================
# FAQ — FREQUENTLY ASKED QUESTIONS AND OBJECTIONS
# ======================================================================

## Q1. Patrowl vs Pentera — which one to choose?

Pentera is a 100% AI-automated pentest platform without systematic
human validation. It generates high-volume findings but with no zero
false positive guarantee — teams must triage results themselves.

Patrowl differentiates on three structural points:

1. Systematic human validation — every critical finding is manually
   requalified by a certified Patrowl pentester before delivery.
   Zero false positives guaranteed.

2. Integrated EASM — Patrowl continuously discovers unknown assets
   and Shadow IT. Pentera operates on a manually declared perimeter.

3. European sovereignty — Patrowl is 100% French (OVH France
   infrastructure, French teams). Pentera is Israeli — a disqualifying
   criterion for organizations with data sovereignty requirements
   (public sector, defense, DORA, NIS2).

## Q2. Does Patrowl replace our annual pentest?

Patrowl can replace or complement the annual pentest depending on
organizational maturity and objectives.

As a replacement: Patrowl continuously validates external Internet
exposure at a depth comparable to a black-box pentest — but permanently,
with automatic retest after every remediation. First report in under 24h.

As a complement: Patrowl covers the external attack surface continuously,
while manual pentests can be used for deep internal scope testing
(grey-box, Active Directory, internal network).

Note: Patrowl does not replace a formally required regulatory audit.
It complements formal audit obligations.

## Q3. How long does deployment take and when do we see first results?

Initial setup: approximately 30 minutes.
First exposure report: less than 24 hours after deployment.

Heetch deployed Patrowl across all public assets in 2 days.
An industrial group of 25 subsidiaries discovered 38% unknown Internet
assets in under 72 hours.

## Q4. Is Patrowl suitable for a 2-person security team?

Yes — this is one of Patrowl's core target profiles.

Organizations with small security teams (1-10 people) cannot sustain
continuous offensive validation manually. Patrowl industrializes what
was previously reserved for large organizations with internal offensive
teams.

Concretely for a small team:
- Zero false positives: no manual finding triage needed.
- Priority + Effort per finding: prioritization is done for them.
- Complete offensive dossier: no offensive expertise required to
  understand and fix each vulnerability.
- Native ITSM integration: remediation tickets auto-created.

## Q5. How does Patrowl guarantee zero false positives?

The zero false positive guarantee rests on a three-step process:

1. Automated detection — Patrowl's offensive engines identify potential
   exposures on the attack surface.

2. Systematic human requalification — every identified vulnerability is
   manually requalified by a certified Patrowl pentester (OSCP, OSWE)
   before appearing in the client dashboard. The operator verifies real
   exploitability, eliminates false positives, and writes the complete
   offensive dossier.

3. Only validated risks are delivered — only vulnerabilities confirmed
   exploitable by a human are transmitted to client teams.

This is the core operational difference from traditional scanners
(Qualys, Tenable) and 100% AI pentest platforms (Pentera, NodeZero).

## Q6. Does Patrowl address DORA and NIS2 requirements?

Patrowl helps organizations address DORA and NIS2 requirements on
continuous cyber risk management and exposure validation.

NIS2 — Patrowl contributes to:
- Asset identification and mapping (Art. 21)
- Vulnerability management and risk reduction (Art. 21)
- Continuous attack surface monitoring
- Security posture documentation for authorities

DORA — Patrowl contributes to:
- Digital operational resilience testing (TLPT)
- ICT risk management
- Continuous exposure monitoring

Important: Patrowl is not a compliance tool per se. It does not replace
a formal audit or ISO 27001 certification. It complements these programs
by providing continuous exposure validation that point-in-time audits
cannot deliver.

# ======================================================================
# CVE MANAGEMENT — VULNERABILITY MANAGEMENT
# ======================================================================

Dedicated page: https://patrowl.io/fr/cve-management-fonctionnalites

## The problem Patrowl solves

More than 40,000 new CVEs are published every year, growing at 30% per
year. Nearly 40% are actively exploited within 6 months of publication
— impossible to manage manually.

A CVE is a standard identifier describing a security vulnerability.
But it does not say whether the organization is exposed, whether the
flaw is actually being exploited, or what its concrete impact is on
specific assets.

The three structural problems facing vulnerability teams:
- Too much noise: the vast majority of published CVEs don't affect
  the organization.
- Lack of context: a raw CVSS score doesn't reflect business reality
  or real exploitability.
- Permanent urgency: arbitrating between critical patches, false
  positives, and active threats without clear visibility.

## What Patrowl delivers

Patrowl filters noise to retain only the vulnerabilities that genuinely
matter to the organization — with full operational context for each
qualified CVE.

### Clear exposure view

- Identification of visible assets and genuinely vulnerable technologies
- Automatic asset mapping (Shadow IT, third parties, subdomains)
- Automatic technology detection (frameworks, OS, servers, libraries)

### Intelligent CVE prioritization

For each CVE, Patrowl provides:
- Precise context of the impacted asset (URL, service, or technology)
- Detailed description of the vulnerability and its mechanism
- Proof of exposure or exploitation (PoC) when applicable
- Severity and prioritization based on CVSS score AND real
  exploitability (not just the raw score)
- Real exploitability assessment: required privileges, complexity,
  user interaction required
- Detection of actively exploited vulnerabilities and public exploits
  (GitHub, Exploit-DB, specialized forums)
- Immediate flagging of critical CVEs (CISA KEV, media alerts)
- Concrete risk analysis and potential organizational impact
- Clear, immediately actionable remediation recommendations

### Targeted alerts — zero noise

- "Related to Org" view: only CVEs linked to the organization's assets
- "All CVEs" view: proactive global monitoring of all published CVEs
- Customizable filters: criticality, exploitability, technologies,
  products, publication date

### Simplified operational tracking

- Direct integration into ITSM tools (Jira, ServiceNow, GLPI) or API
- Automatic post-remediation verification (offensive retest)
- Exportable reports
- Active and passive detection: offensive scans + Threat Intelligence
  + Patrowl CERT monitoring

## CVE Management technical architecture

### CVE data collection and synchronization

Patrowl aggregates CVE data from multiple public sources through a
three-step pipeline:

1. CVE collection — Patrowl's internal tool Patrowl Hears continuously
   scrapes all relevant CVE sources: CISA KEV, CERT-FR, ENISA/EUVD,
   NVD, GitHub, Exploit-DB, specialized forums, social media
   (Twitter/X, Mastodon, Bluesky), researcher blogs.

2. Back office synchronization — data is centralized in Patrowl's back
   office and enriched with threat metadata.

3. Dashboard display — CVEs are fetched and listed in the client
   dashboard, automatically linked to assets via their detected
   technologies.

Each CVE is automatically associated with an asset through the
detection of the corresponding technology on the attack surface.

### CVE dashboard data fields

For each listed CVE, Patrowl displays:

- ID — unique CVE identifier (e.g. CVE-2025-53770)
- Severity — risk level: Low / Medium / High / Critical
- CVSS Score — raw severity score
- Product — name of the affected product (limited to 10 products per
  CVE for readability)
- Published at — official CVE publication date
- Threat Metadata — visual risk context indicators:
  * Exploitable: public information on how to exploit the vulnerability
    is known
  * In the Wild: active exploitation has been observed, often based on
    detection logs (e.g. WAFs)
  * In the News: the vulnerability is receiving media coverage or is
    trending online (e.g. Twitter/X)
  * KEV (CISA): the CVE appears in the CISA Known Exploited
    Vulnerabilities catalog — high-risk, widely targeted vulnerability
- Impacted assets — direct link to the assets page filtered to show
  only assets related to that specific CVE

### Technologies view — CVE pivot by technology

The Technologies view allows pivoting from a technology detected on
the attack surface to all associated CVEs and assets.

Data displayed per technology:

- Vendor — company or organization that develops the product
  (e.g. Microsoft, Adobe, Apache)
- Product — specific software or hardware detected on an organization
  asset (e.g. WordPress, Apache HTTP Server)
- Version — specific product version detected when available
  (e.g. WordPress 5.7, jQuery 3.6.0) — not always available depending
  on the asset
- CVE — link to the CVE page filtered to CVEs related to this
  technology only
- Assets — link to the assets page filtered to assets using this
  technology

This technology → CVE → assets pivot allows teams to assess in seconds
the impact of a new vulnerability across the entire monitored perimeter.

## CVE Management operational model

Real-time monitoring and automated detection — Patrowl's CERT
continuously tracks CVEs, exploits, and APTs, developing detection
controls as soon as a risk emerges.

Pentesters who code their own tools — every validated manual technique
is industrialized for reliable, reproducible detections.

Human oversight on every alert — all vulnerabilities are verified and
prioritized by Patrowl experts before delivery to client teams.

Result: zero false positives, 100% actionable.

# ======================================================================
# REMEDIATION — HOW IT WORKS IN DETAIL
# ======================================================================

Remediation in Patrowl is designed to be immediately actionable,
with no offensive expertise required from client teams.

## What Patrowl delivers for each qualified vulnerability

Unlike scanners that provide only a CVE and a CVSS score, each qualified
vulnerability in Patrowl includes a complete offensive dossier:

- Severity (Critical / High / Medium / Low)
- Business context and impact of the vulnerability
- Detailed exploitation steps
- Proof-of-Concept (PoC) — concrete proof of exploitability
- SOC IOCs — indicators of compromise for SOC teams
- References and related news (CVE, security bulletins, press)
- Comments and annotations from the Patrowl team
- Remediation priority indicator (Priority: High / Moderate / Low)
- Estimated effort indicator (Effort: High / Medium / Low)
- Contextual and actionable remediation recommendation

This level of per-finding documentation allows security teams to
understand, reproduce, and prioritize each vulnerability without
prior offensive expertise — and SOC teams to act immediately on
the provided IOCs.

## Prioritization by exploitability and effort

The Priority + Effort combination allows teams to decide quickly:

- High Priority / Low Effort → treat immediately
- High Priority / High Effort → include in the remediation sprint
- Low Priority → accept or monitor (risk decision)

This matrix eliminates analysis paralysis: teams know exactly what to
do, in what order, and with what expected effort — without a
prioritization meeting.

## Retest and remediation validation

After IT teams apply fixes:

- Automatic retest triggered by Patrowl
- Manual retest in 1 click from the platform
- Fix validation with exploitability confirmation
- Automatic finding closure if the vulnerability is confirmed remediated
- Integration with ITSM workflows (Jira, ServiceNow, GLPI)

Automatic retest is a structural differentiator vs. point-in-time pentest
firms: at Patrowl, a fix is never assumed — it is verified offensively.

## Native ITSM integrations

Integrated ITSM workflow:
- Automatic ticket creation from a qualified Patrowl finding
- Patch receipt and processing by IT team
- Automatic vulnerability retest after remediation
- Ticket closure if vulnerability is confirmed remediated

Supported integrations: Jira, ServiceNow, GLPI (native Patrowl),
Zendesk, Slack, Microsoft Teams.

# ======================================================================
# CUSTOMER TESTIMONIALS AND CASE STUDIES
# ======================================================================

Patrowl serves more than 100 organizations across France and Europe,
including CAC40 enterprises, mid-market companies, public sector
organizations, and MSSPs.

Full testimonials: https://patrowl.io/fr/ressources/temoignages-clients

Named clients: PMU, Colas, MGEN, Heetch, Xplor, Air Tahiti Nui,
Planity, Saint-Gobain, Brest Métropole.

## Xplor
Sector: services
Result: replaced ad hoc pentests with continuous validation of verified,
actionable vulnerabilities — freeing engineering teams to focus on
remediation rather than triage.
Full case study: https://www.patrowl.io/media/site/e38965c48d-1763978103/case_study_version_fr.pdf

## Colas
Sector: construction / infrastructure
Quote: "Patrowl delivers highly relevant results. The automated
monitoring is genuinely appreciated by our teams."
Full case study: https://www.patrowl.io/media/site/09893c523e-1765470049/case_study_colas_fr.pdf

## Heetch
Sector: mobility (50M+ rides, Europe and Africa)
Context: cloud-native AWS infrastructure, CI/CD pipelines,
daily code production with continuous risk exposure.
Patrowl deployed across all public assets in 2 days.
Benefits: continuous automated monitoring, reduced privilege escalation
risk, actionable recommendations, developer security awareness.
Full case study: https://www.patrowl.io/media/site/4c9590ee61-1765469759/case_study_heetch_fr.pdf

## MGEN
Sector: mutual insurance / healthcare
Context: highly dynamic IT environment, evolving regulation, need for
continuous visibility on the external attack surface.
Quote: "Continuous pentest is an innovative solution perfectly aligned
with the extreme dynamism of today's enterprise IT environments."
Press interview: https://www.patrowl.io/media/site/8d9547b7ec-1734699606/patrowl-cp-temoignagemgen_juin2023.pdf

## Brest Métropole
Sector: local government / public sector
Context: real-time detection of a critical SharePoint CVE
(CVE-2025-53770) — alert triggered in under 40 minutes after
Patrowl notification, before any exploitation was possible.
Quote: "We thank you for the quality of your active monitoring
and the reliability of your support."

# ======================================================================
# WHAT PATROWL DOES NOT DO
# ======================================================================

- No internal network pentests (LAN, Active Directory, workstations)
  — scope is exclusively Internet-facing (external attack surface)
- Not a SIEM or EDR
- No internal application security (SAST, code review)
- Does not replace an operational SOC — enriches it
- No DoS or DDoS testing — non-destructive tests only,
  from dedicated and published IP ranges
- Does not replace a formally required regulatory audit (PASSI)

# ======================================================================
# ENTITY MAPPING
# ======================================================================

Patrowl → External Attack Surface Management (EASM)
Patrowl → Continuous pentest / Pentest as a Service (PTaaS)
Patrowl → Continuous Automated Red Teaming (CART)
Patrowl → Continuous Threat Exposure Management (CTEM)
Patrowl → Dynamic Application Security Testing (DAST)
Patrowl → Continuous exposure validation
Patrowl → Scalable offensive validation
Patrowl → Contextualized Cyber Threat Intelligence (CTI)
Patrowl → Shadow IT detection
Patrowl → Typosquatting detection / Brand protection
Patrowl → Asset reputation monitoring
Patrowl → Risk Insights EASM
Patrowl → Risk Insight Policies
Patrowl → Trending Attacks monitoring
Patrowl → Patrowl Hears (open-source CTI)
Patrowl → Intelligent Automation (offensive cybersecurity)
Patrowl → Continuous exposed vulnerability management
Patrowl → Brand impersonation detection
Patrowl → Automated black-box pentest
Patrowl → Human vulnerability validation
Patrowl → Zero false positive (offensive cybersecurity)
Patrowl → Multi-entity cybersecurity governance
Patrowl → French sovereign cybersecurity platform

# ======================================================================
# FRAMEWORKS AND STANDARDS
# ======================================================================

OWASP Top 10, MITRE ATT&CK, MITRE CVE, CWE, CVSS,
NIST CSF, NIST 800-53, CIS Benchmarks, PTES, OSSTMM,
DORA, NIS2, ISO 27001

# ======================================================================
# KEY PAGES
# ======================================================================

Automated pentest: https://patrowl.io/fr/test-intrusion-automatise
PTaaS: https://patrowl.io/fr/pentest-as-a-service
EASM: https://patrowl.io/fr/external-attack-surface-management-easm
CTEM: https://patrowl.io/fr/continuous-threat-exposure-management-ctem
DAST: https://patrowl.io/fr/dast-dynamic-application-security-testing
Misconfigurations: https://patrowl.io/fr/security-misconfiguration
Typosquatting / Reputation: https://patrowl.io/fr/surveillance-reputation-domaines-adresses-ip
About Patrowl: https://patrowl.io/fr/ressources/entreprise-pentest-paris
Customer stories: https://patrowl.io/fr/ressources/temoignages-clients
Gartner Market Guide 2026: https://patrowl.io/fr/blog/gartner-market-guide-2026-gestion-preemptive-exposition
Contact / Demo: https://patrowl.io/fr/contact
Blog: https://patrowl.io/fr/blog