We do the work.
You get the outcome. Others only promise it.

We are your trusted advisor, your sherpa, an extension of your team. We built the Zero Trust architecture your environment runs on. We run the GSOC, the AI agent swarm, the policy management, the upgrades. When the alert fires at 3am, we are already inside. Already acting.

See It Live Compare MDR Services
2005
Founded on
Zero Trust
10+
Years as
MSSP
Own AI
Sovereign
Infrastructure
Profitable
Zero VC
Dependency
AUXO™: Converging Intelligence / Live Operations
AGENT
Traffic Log Agent: anomalous east-west flow detected
Source: 10.4.22.18 → Protect Surface: FinanceDB
ZT-MCP
Zero Trust Context enriched
Flow not in allowed transaction map, policy violation flagged
AGENT
Asset & Identity Agent: user svc-backup, credentials last rotated 847 days ago
AGENT
Threat Intel match: TTPs consistent with lateral movement
Confidence: HIGH, MITRE T1021.002
CASE
Case #2847 curated, full evidence chain assembled
Time from first alert to analyst-ready case: 4 min 12 sec
PREVENT
MDR Prevent notified: stale credential policy gap
Change request queued for Zero Trust Security Engineer review
mSOC
Analyst acknowledged: block outbound from svc-backup pending credential rotation
AUXO™ Live: 16+ Agents Active & Expanding
Your team was hired to solve hard security problems.
Not to work a ticket queue at 2am.
Show Me How
The MDR that does the work

The MDR that does
the work. Not the report.

Every security vendor promises outcomes. Most deliver alerts, dashboards, and advice. We run the GSOC. We manage the Zero Trust architecture. We handle the policies, upgrades, config, and incident response.

When the alert fires, our analysts are not learning your environment. They built it. They configured the Zero Trust policies. They ran the last upgrade. There is no handoff. No cold start. No remediation report in the morning.
This is what separates a managed cybersecurity partner from a detection service. Most vendors sell the latter and call it the former.
03:17
Proof point · Industrial
Damen Shipyards

One of the world’s largest shipbuilding groups. Complex IT and OT across continents. ON2IT manages the architecture, the GSOC, and the Zero Trust policies, built for this environment, not borrowed from a template.

Proof point · Healthcare
Hack the Hospital

Medical devices that cannot be patched. Systems that cannot go offline. Our live demonstration shows exactly how a clinical network is compromised, and exactly where Zero Trust stops it.

Proof point · Platform
AUXO™

Built from 14 years of doing the work, not from a product roadmap. Real-time controls health, policy validation, and event telemetry in one governed environment.

MDR Detect™
The MDR you need to have.
Entry level detection at a fraction of the cost
MDR Prevent™
The MDR you wish you had.
Full prevention and resilience
We are not a
detection service.
We own the outcome.

We hold an unyielding commitment to anti-fragile cybersecurity. We have embedded AI agents across our entire operation, not as a product claim, but as the way our GSOC, our platform, and our threat intelligence actually work.

  • MDR Detect
    Converging Intelligence: AI swarm, curated GSOCWhen a threat emerges, a swarm of autonomous AI agents mobilises instantly, enriching signals, correlating across protect surfaces, converging on one authoritative conclusion.
  • MDR Prevent
    Zero Trust as a Service: unlimited managed operationsArchitecture management, policy enforcement, config changes, upgrades, new feature activation. All handled by our team. AI-assisted engineers who never stop hardening your environment.
  • Platform
    AUXO™: Zero Trust operationalisedEvery new agent and capability delivered automatically. Built from 14 years of operational experience, not from a product roadmap.
  • Incident R.
    Already inside when it matters mostNo cold-start retainer. The team that responds built the architecture and monitors it every single day.
AUXO™ Zero Trust Platform
One Platform. Everything It Takes.

The only platform built on Zero Trust from the ground up.

AUXO™ is not a SIEM with AI bolted on. It is the operational center of ON2IT’s managed service, combining AI agents, Zero Trust context, and human expertise into a single, coherent system.

Every alert that flows into AUXO™ is enriched with the full Zero Trust context of your environment: your protect surfaces, your transaction flows, your policies. That context is what makes the difference between a noisy alert and a curated, actionable case.

It runs on our own AI infrastructure. Every large language model, every agent, every inference. Sovereign. Your security data never touches a third-party AI provider.

AUXO™ Platform ArchitectureLive in Production
MDR Detect: Converging Intelligence
16+ autonomous AI agents. Triage, enrich, investigate and curate cases at machine speed.
AI Agents
ZT Contextualization MCP Server
Every agent call enriched with live Zero Trust context: protect surfaces, transaction flows, policy state.
Unique
Zero Trust Architecture Engine
Protect surface definitions, transaction flow mapping, five-step methodology embedded in every decision.
Foundation
MDR Prevent: Zero Trust as a Service
Human engineers + AI continuously manage, harden and evolve your Zero Trust environment.
Managed

Delivered as a fully managed service since 2013

The team behind the work
While others send reports,
we are already inside.
Every environment. Every night.
Both MDR Services. One AI Swarm.

Two services.
Both run the AI swarm.

Both MDR services run the same AI swarm. The agents that detect, enrich and escalate are active in MDR Detect. The full swarm, including the ZT-specific agents that depend on your live protect surfaces and transaction flows, reaches its full potential in MDR Prevent.

The swarm handles the volume. Your team handles what matters. And it keeps growing.

Continuously expanding. New agents are added as ON2IT’s engineering team extends coverage across new threat vectors and use cases. Every existing client receives every new agent automatically, no upgrade required, no project plan needed.
ZT Contextualization MCP Server
Proprietary to ON2IT
Zero Trust
ZT Contextualization
Enriches every alert with protect surface ownership, allowed flows, policy state and architectural position.
Zero Trust
Policy Violation
Detects unauthorized flows, access outside conduits and micro-segmentation breaches.
Zero Trust
Flow Validator
Validates live communication against defined transaction flows. Flags anything outside approved architecture.
Traffic
Traffic Log Agent
Analyzes network flows against your protect surfaces. Flags every unauthorized cross-boundary movement.
Traffic
DNS Analysis Agent
Detects DGA activity, DNS tunneling and communication with malicious domains.
Detection
Anomaly Detection
Identifies behavioral anomalies using baselines derived from your protect surface model.
Detection
Canary Agent
Monitors decoy assets across protect surfaces. High-confidence alert the moment an attacker touches them.
Context
Asset & Identity
Delivers the who, what and where: asset ownership, user identity, role context, protect surface membership.
Context
User Behavior Analysis
Profiles activity patterns. Detects credential compromise, insider threats and access anomalies.
Threat Intel
Threat Intel Agent
Cross-references alerts with live intelligence feeds, IOC databases and ON2IT’s curated threat landscape.
Threat Intel
Vulnerability Context
Correlates alerts with known vulnerabilities and assesses exploit likelihood in protect surface context.
Case Mgmt
Recent Cases Agent
Correlates current alerts with historical case data to surface recurring patterns and known attack chains.
Case Mgmt
Case Deduplication
Merges duplicate and related cases to eliminate noise and consolidate findings into unified threads.
Compliance
Compliance Mapping
Maps every curated finding to NIS2, DORA, ISO 27001, CISA ZT Maturity. Every case arrives compliance-tagged.
Response
Automated Response
Executes pre-approved containment: isolate endpoints, block IPs, disable accounts. Bounded by your policies.
Response
Escalation Decision
Evaluates curated severity against protect surface criticality and SLA thresholds. Routes the right cases.
MDR Services

Two services.
Both run the AI swarm.
The difference is how much human operations we take from you.

MDR Detect™
The MDR you need to have.
Converging Intelligence
AI Swarm Active: 16+ Agents
AI Swarm
  • 16+ autonomous AI agents: triage, enrich, investigate at machine speed
  • Zero Trust context via ZT-MCP Server enriches every agent call
  • Traffic, DNS, anomaly, canary and behavioral detection
  • Threat intel cross-referencing: ON2IT research + live feeds
Case Management
  • Automated curation: full evidence chain assembled, analyst-ready
  • MITRE ATT&CK mapping on every case
  • NIS2, DORA and ISO 27001 compliance tagging per finding
  • Deduplication and correlation across protect surfaces
Human Operations
  • ~20 expert interactions / month, reserved for escalations and tuning
  • 24/7 GSOC coverage, with analysts who built your architecture
  • No cold-start: the team that responds knows your environment
MDR Prevent™ is not a security purchase.
It is the decision that frees your best people to lead your organization into the AI era.
MDR Prevent™
The MDR you wish you had.
Zero Trust as a Service
Unlimited Human Operations
Everything in MDR Detect, plus
  • Full ZT-MCP agent swarm: ZT-specific agents reach their full potential
  • Unlimited expert interactions, no cap on managed operations
Zero Trust as a Service
  • Architecture management and governance. We own the environment.
  • Policy and config changes, client-approved, fully documented
  • Continuous change management, engineers who never stop hardening
  • Platform upgrades and new feature activation, automatic for all clients
Prevention Loop
  • Every Detect finding feeds a prevention action, the loop tightens continuously
  • AI-assisted Zero Trust Security Engineers working your environment daily
  • 20 years of tested operational playbooks from hundreds of deployments
MDR Prevent™ is Pre-emptive Protection.
Without preemptive cybersecurity, no organization is safe. Gartner predictions 2026
~20
Expert interactions / monthReserved for escalations and strategic tuning. AI swarm handles all volume. Keeps MDR Detect accessible without reducing protection quality.
+
Extended capacity, on your termsBeyond your MDR Prevent scope, we have the capacity to take on additional managed operations: GSOC, architecture, policy, config, upgrades, ZT enforcement. Scoped separately. You approve; we execute.
AUXO™ Zero Trust Contextualization MCP Server
AI

Curator Agent fires

An agent detects anomalous traffic. It calls the ZT Contextualization MCP server before forming any conclusion.

MCP

MCP Server responds

Returns live Zero Trust context: protect surface ownership, allowed flows, policy state, user role, asset criticality, all in a single call.

ZT

Context-aware conclusion

The agent now knows whether this traffic is expected, the identity is authorized, and which protect surface is at risk. Noise eliminated instantly.

OUT

Analyst-ready curated case

A complete, evidence-backed case delivered to your analyst, Zero Trust context baked in. No manual lookup. No guesswork.

The ZT Contextualization MCP Server is proprietary to ON2IT. No other MDR provider has it.

The Secret Ingredient

Context changes everything.

Every AI agent in AUXO™ calls our Zero Trust Contextualization MCP Server before it forms a conclusion. This is what separates a generic security AI from one that actually knows your environment.

Without Zero Trust context, an AI agent sees an event. With our MCP server, it sees that event in the full context of your protect surfaces, your allowed transaction flows, your organizational policies, in real time.

The result: dramatically fewer false positives. Cases that arrive at your analysts have already been filtered through the lens of your specific Zero Trust architecture. No other MDR provider has this.

See the MCP Server in Action
MDR Prevent: Zero Trust as a Service

Stop the threats that haven’t happened yet.

MDR Detect triages and curates open alerts into analyst-ready cases. MDR Prevent closes the gaps that create them.

A dedicated team of Zero Trust Security Engineers, working with AI, performs continuous change management across your entire Zero Trust environment. They identify drift, implement improvements, deploy upgrades and activate new security features. All with your approval. All documented.

This is what ON2IT has delivered as a managed service for over a decade. Not a roadmap. Not a concept. Operations.

Continuous Change Mgmt

Engineers actively manage your environment, not just monitor it. Policies, rules, and architecture evolve as threats evolve.

20 Years of Procedures

Every action is backed by tested, refined operational playbooks. Built from hundreds of enterprise deployments since 2005.

Detect Feeds Prevent

Every curated case from The Curator informs a prevention action. The loop tightens continuously.

Client Approval Always

Nothing changes in your environment without your sign-off. Full transparency, full control. Every action logged.

The Prevention LoopContinuous
01
AIEngineer

Monitor Every Protect Surface

AI-assisted engineers watch for drift, misconfiguration and emerging risk across your entire Zero Trust architecture, continuously rather than periodically.

02
Engineer

Identify Improvement Opportunities

Proactively surface gaps in policy, architecture and coverage. Every finding is prioritized against your protect surface risk profile.

03
AIEngineer

Prepare Changes & Upgrades

Changes are prepared, tested and documented, from policy updates to new security feature activation to platform upgrades.

04
Your Approval

Client Sign-Off

Every change is presented to you before execution. You understand what changes and why. No surprises, ever.

05
AIEngineer

Execute & Feed Back to Detect

Changes are implemented. Findings feed back into AUXO™, tightening agent context and reducing future alert volumes.

AI in production · Not on a roadmap
Machine speed where it helps.
Human judgment where it counts.
That is not a balance. It is a discipline.
2005
Founded
Zero Trust before it was a category
10+
Years Managed
AUXO™ as a live service since 2013
100%
Profitable
Every year. Zero VC dependency.
Own AI
Sovereign Infra
No third-party LLM providers
Our Track Record

When others were still writing pitch decks, we were already in production.

Zero Trust Founding
ON2IT established with Zero Trust as its sole operating model, years before the industry adopted the term.
2005
AUXO™ Goes Live
The AUXO™ platform launches as the operational backbone of a fully managed Zero Trust service. Real clients. Real production.
2013
AI Agents Deployed
The Curator’s autonomous AI agents are embedded into AUXO™, running on ON2IT-owned sovereign AI infrastructure.
2023
ZT-MCP Server
The Zero Trust Contextualization MCP Server, making every agent context-aware in real time. Only ON2IT has this.
2024
Threat Intelligence
Threat Intelligence · threat-talks.com

The intelligence
behind the agents.

Threat Talks is ON2IT’s curated threat intelligence platform, with published analysis, deep-dive episodes, and infographics that feed directly into MDR Detect and MDR Prevent. When our agents flag a TTP, the intelligence behind that flag was researched by the same team running your GSOC. Not a vendor feed. Our own work.

Explore Threat Talks →
  • Agentic AI changes the security model. Rob Maas and Yuri Wit dissect OpenClaw, exposing AI agent security risks and the gap between autonomy and control
  • China is already inside your infrastructure, and the EU is done ignoring it. What this means for Zero Trust posture today
  • MongoBleed (CVE-2025-14847), an unauthenticated MongoDB memory leak and what it means for database exposure in practice
  • OT environments are no longer isolated. The IT/OT convergence threat model and what Zero Trust 2.0 changes about it
Hacker Talent
Talent · Hacker Talent Events

The people
behind the platform.

We do not hire from job boards. We run Hacker Talent Events: hands-on, no-slides, Capture the Flag experiences where candidates prove they think like attackers before we discuss careers. The analysts running your GSOC earned their place. No CVs. No credentials theater. Just proven capability.

See Hacker Talent Events →
  • Capture the Flag: candidates work live attack scenarios before we talk about anything else
  • SOC tour + CTO session, where candidates see exactly where they’d work and who with
  • Unlimited development budget and top 10% peer group, the culture that keeps the best analysts here
  • “No slides, no jargon, just hands-on challenges. A clear view of what it’s like inside a top-tier cybersecurity company.” Former participant, now ON2IT SOC team
Top 10%
Only hire standard
7 mo
Traineeship fast-track
Development budget
Integrations

AUXO™ connects to the stack you already run.

SIEM & Analytics
Splunk
Elastic
Microsoft Sentinel
Google SecOps
Chronicle
Sumo Logic
Databricks
Endpoint & EDR
Cortex XDR
CrowdStrike
SentinelOne
Microsoft Defender
XSIAM
Identity
Okta
Microsoft Entra ID
Azure AD
Google Workspace
Cloud
AWS Security
Microsoft Azure
Google Cloud
Wiz
Prisma Cloud
Network
Palo Alto Networks
Cisco Secure
Prisma Access
Strata Cloud Manager
Threat Intel
VirusTotal
AbuseIPDB
AlienVault OTX
URLScan
Hybrid Analysis
Ticketing
ServiceNow
Jira
Slack
Microsoft Teams
PagerDuty

Zero Trust leadership.
Documented. Researched. Published.

ON2IT has been building the intellectual foundation of Zero Trust since 2005, co-developed with John Kindervag and contributed to NSTAC and the U.S. Zero Trust Executive Order. Our executive brief series translates 14 years of operational depth into the board, CISO, and architect conversations that drive decisions. McKinsey-style structure. ON2IT operational proof throughout.

3
Audience Tiers
11
Executive Papers
1
Handbook
Strategic
C-suite · Board · Audit committee · Risk committees

For the conversations your board is already having. Resilience, AI risk, regulatory exposure, supply chain, and insurance. Zero Trust as the answer to the questions McKinsey is asking, structured in the Situation / Complication / Resolution logic boards expect. Every brief closes with board-signal one-liners designed to survive the boardroom.

Board Pre-Read · Handbook Brief · 9 Acts
You Will Be Breached. The Question Is Whether You Survive It.
Gartner’s #1 CISO priority 2025: Cyber Resilience. Two mandates: resist and recover. This brief runs nine acts from the eight structural forces breaking security today through the seven governance questions every board must answer. Board one-liner: “The organisations that treat Zero Trust as a technology project will fall into the 90% who carry unpriced liability into the next breach.”
Timmermans & Bobbert · Handbook DRAFT 0.99
Read →
Strategic Brief · Geopolitics
Geopolitics Has a New Attack Surface.
Nation-state actors, supply chain interdependence, and Europe’s structural dependence on US technology infrastructure have permanently changed the threat calculus. The EU’s new cybersecurity package is a response to daily hybrid attacks on essential services. What this means for your Zero Trust architecture, your data sovereignty posture, and your board’s risk framing today.
ON2IT Research · Threat Talks · EU Cybersecurity Package
Read →
Strategic Brief · AI Risk
AI Doesn’t Create Your Problem. It Multiplies It.
AI adoption expands both capability and attack surface simultaneously. Agentic AI changes the security model. OpenClaw exposes the gap between autonomy and control that no perimeter security catches. Zero Trust’s continuous verification and Protect Surface methodology is the architectural response your board needs before the AI strategy scales past your control plane.
ON2IT Research · Rob Maas · Yuri Wit
Read →
Strategic Brief · Supply Chain
When the Supply Chain Is the Weapon.
SolarWinds. MOVEit. XZ Utils. Supply chain attacks are now the primary nation-state intrusion vector. The attacker enters through a trusted vendor, and implicit trust propagates the breach network-wide. This brief maps the attack pattern and shows how Zero Trust’s Protect Surface methodology and microsegmentation limit blast radius when the perimeter is the supplier.
ON2IT Research · CSIRT Case Studies
Read →
Strategic Brief · Insurance & Financial Risk
What Your Cyber Insurance Won’t Cover.
Average breach cost: $4.45M (IBM 2023), up 15% in three years. Most cyber insurance policies exclude the scenarios generating the largest losses: third-party vendor breaches, nation-state attribution, legacy system failures. Board one-liner: “We are spending more on breach recovery than we would spend on breach prevention, and the gap is widening every quarter.”
IBM Cost of a Data Breach 2023 · ON2IT
Read →
Managerial
CISO · CIO · Security directors · VP IT

For the CISO translating board pressure into architecture decisions. Applied through Kahneman’s Dual-Process Theory and Christensen’s Jobs-to-be-Done framework, covering the governance decisions that separate the 10% who treat Zero Trust as an operating model from the 90% who carry unpriced liability into the next breach.

CISO Brief · Governance · Kahneman + JTBD · 5 Acts
Zero Trust Is Not a Technology Decision. It Is a Risk Governance Decision.
What every executive is really hiring security to do: CEO hires ZTaaS to protect brand equity from one bad morning. CRO hires it to close the Knowing-Doing Gap before regulators do. CIO hires it to stop lateral movement without rebuilding everything. CFO hires it to convert a cost center into a value signal. Kahneman’s System 1 and System 2 applied to board decision-making. The three maturity gap patterns: Tools without Architecture · Policy without Enforcement · Awareness without Action. Board one-liner: “Having Zero Trust tools is not the same as having Zero Trust posture, and auditors, insurers, and regulators are beginning to know the difference.”
Kahneman · Christensen · Gartner · ON2IT
Read →
CISO Brief · SOC Transformation
Your SOC Is Drowning. More Analysts Won’t Save It.
Alert volume grows faster than analyst capacity, and 277 days average attacker dwell time proves detection speed is not the bottleneck. The structural problem is signal quality. Zero Trust architecture provides the clean, contextual signal AI-assisted SOC operations require. AUXO™’s Converging Intelligence and the ZT-MCP Server are built precisely for this gap. Board one-liner: “This is not a staffing problem. It is an architecture problem.”
IBM 2023 · ON2IT GSOC Data · AUXO™
Read →
CISO Brief · AI Adversarial
AI Gave Attackers a Co-pilot. What Did It Give You?
Adversaries are using AI to compress reconnaissance from weeks to hours, craft targeted spear-phishing at industrial scale, and automate lateral movement. ON2IT’s AI agent swarm, with 16+ autonomous specialists each grounded in Zero Trust context via the proprietary ZT-MCP Server, operates at the same speed on the defensive side. This brief makes the case for matching force with force. Board one-liner: “The governance design for a major breach must be decided in the boardroom today, not in the war room tomorrow.”
ON2IT Research · AUXO™ Agents · CSIRT
Read →
CISO Brief · Tool Sprawl
The Security Tool Sprawl Problem.
45 cybersecurity tools per large enterprise on average (Gartner 2024). Each solving a fragment. None orchestrated. The result is noise, redundancy, and operational exhaustion, not protection. Zero Trust as an operating model, delivered through AUXO™ and ZTaaS, replaces fragmented point solutions with a coherent control environment governed across six management layers: Identify · Protect · Detect · Respond · Recover · Govern.
Gartner SRM Survey 2024 · ON2IT AUXO™
Read →
Operational
Architects · Heads of IT · Security leads · SOC engineers

For the people who build and run the architecture. Derived from the Zero Trust Cybersecurity Handbook by Timmermans & Bobbert, Professor at Antwerp Management School. Four principles, five implementation steps, six CSIRT response phases. 14 years of ON2IT implementation proof embedded throughout. Open-source tooling. Real GSOC data.

Implementation Brief · Handbook · 9 Acts
Redefining Trust in a Digital Era: The Implementation Brief
The complete Zero Trust implementation framework derived exclusively from Timmermans & Bobbert. Four principles: Redefine Trust · Verify Everything · Limit Access · Assume Breach. Five steps: DAAS Inventory → Protect Surface → Transaction Flow Map → Zero Trust Architecture → Zero Trust Policy → Zero Trust SOC. Seven governance questions. Three organisational levels. Eight structural failure modes resolved. Board one-liner: “Zero Trust is not just an IT strategy. It is a business imperative.”
Handbook DRAFT 0.99 · Timmermans & Bobbert · ON2IT
Read →
Operational Brief · Cloud Security
What Your Azure Environment Is Telling You.
Azure is the most common enterprise cloud environment ON2IT operates in. The ENTRA Agent and Azure Agent surface specific patterns: implicit trust in legacy identity configurations, over-provisioned service accounts, misconfigured conditional access policies, and Defender alert gaps. This brief maps each finding to its Zero Trust remediation, with real GSOC data and the AUXO™ playbook that closes each gap without a rip-and-replace.
ON2IT GSOC · Azure Defender · ENTRA Agent Data
Read →
Operational Brief · CSIRT · IR Governance
How to Define Your Protect Surface in a Day.
The Protect Surface is the fundamental unit of Zero Trust architecture. Not the network perimeter, but the specific data, application, asset, or service (DAAS) that must be protected. This operational guide walks through the identification process, transaction flow mapping, and the Kipling Method policy framework (who/what/when/where/why/how) that turns a defined Protect Surface into an enforceable Zero Trust policy inside AUXO™.
ON2IT Five-Step Methodology · Handbook Section 2
Read →
Operational Brief · CSIRT · Three IR Scenarios
IR Inside a Zero Trust Architecture: The Six Phases.
Three scenarios the board must pre-assign authority for: Prevention (AUXO™ microsegmentation limits blast radius, investment vs. residual risk), Active Response (mSOC™ + CSIRT live containment, operational disruption vs. threat spread velocity), Major Breach (forensic integrity, regulatory clock, internal control vs. capability delegation). Six CSIRT phases with chain-of-custody governance at each stage. Board one-liner: “The governance design for a major breach must be decided in the boardroom today, not in the war room tomorrow.”
ON2IT CSIRT · Handbook Section 3 · mSOC™
Read →

Key Metrics: Board-Level Scorecard

IBM · Gartner · McKinsey · ON2IT
IBM 2023
$4.45M
Average cost of a data breach, up 15% in three years
IBM 2023
277
Days average attacker dwell time before detection
McKinsey 2023
42%
Developer capacity lost to technical debt, security unguarded
Gartner
10%
Enterprises with mature ZT programs by 2026, yet 90% carry unpriced liability
Gartner SRM 2024
45
Average security tools per enterprise, sprawl not protection
Gartner CTEM
Breach reduction for orgs with continuous exposure management by 2026

Research & Actualities: threat-talks.com

All episodes →
Agentic AI · Rob Maas & Yuri Wit
OpenClaw: When AI Agents Become the Attack Surface
Dissecting the OpenClaw vulnerability: AI agent security risks, the growing gap between autonomy and control, and how ON2IT’s ZT-MCP Server enriches every agent call with Zero Trust context before it forms a conclusion, closing the gap defensively.
Threat Talks · threat-talks.com
Geopolitics · Nation-State
China Is Already Inside Your Infrastructure
The EU has announced a new cybersecurity package in response to daily cyber and hybrid attacks on essential services. What this means for Zero Trust posture, infrastructure sovereignty, and the board conversations that can no longer be deferred into the next fiscal year.
Threat Talks · ON2IT Research
Vulnerability · CVE-2025-14847
MongoBleed: Database Exposure at Scale
Unauthenticated MongoDB memory leak. Rob Maas and Luca Cipriano break down what it means for database exposure in practice and how Zero Trust Protect Surface segmentation limits blast radius when the datastore itself is the vulnerability.
Threat Talks · Rob Maas & Luca Cipriano
OT Security · Zero Trust 2.0
Breached OT Kills. Zero Trust 2.0 Doesn’t.
OT environments are no longer isolated. The IT/OT convergence threat model, what changes about the Protect Surface methodology in operational technology environments, and what Zero Trust 2.0 delivers at the boundary where factory floor meets corporate network.
Threat Talks · ON2IT OT Research
Ready When You Are

See AUXO™ working on your environment.

No slides. No generic demo. A Zero Trust expert who will listen to your situation, show you AUXO™ in context, and tell you plainly what you’d get and what it takes.

Plano, TX and Zaltbommel, NL, serving enterprises across the US and Europe.

Request a Demo

AUXO™ is live today

Not a roadmap. The Curator, the ZT-MCP Server and MDR Prevent are all in active production. You can see them working within days.

Sovereign AI infrastructure

Every LLM, every inference, every agent decision runs on ON2IT-owned infrastructure. Your security data never touches a third-party AI provider.

Human experts included

MDR Prevent means a dedicated Zero Trust Security Engineer team works your environment continuously. AI accelerates them. They own the outcomes.