AI TOOL PROFILE
Cyber Risk Guru: Threat Modelling and Vulnerability Monitoring
- Security
- Vulnerability Management
- Small to medium-sized businesses
- Security teams
- Software developers
Pricing
Pricing includes a free Apprentice plan for demo purposes, a PRO plan at €49/month (1 user, 1 asset), and a GURU plan at €295/month (5 users, 5 assets). A GURU+ fully managed service is available; buyers should contact the vendor for custom pricing.
At a glance
- Best for
- Small to medium-sized businesses, Security teams, Software developers
- Key use cases
- Pre-deployment Threat Modelling, Continuous Vulnerability Tracking, Attack Surface Assessment, Security Documentation for Audits
- Official website
- Visit Cyber Risk Guru official website
How AI is used
Cyber Risk Guru is a security platform that uses a structured, four-phase threat modelling workflow based on CWE, CAPEC, CVE, and OWASP standards. Users register their specific tech stack—including frameworks, libraries, and protocols—to receive findings tailored to their actual configuration.
The tool is designed for security teams, developers, and SMBs. It combines AI-supported attack simulations with daily monitoring of the CVE database to flag new risks relevant to the components the business is running.
Buyers should note that the platform uses a maturity model, where analytical features like the Riskogram and Risk Posture unlock as the user completes the configuration process. Depending on internal expertise, buyers can choose between self-service tiers or a fully managed service option.
Key Features
Stack Registration
Allows users to define their front-end, back-end, libraries, and protocols so vulnerability findings are scoped to their specific environment.
CWE Weakness Mapping
Cross-references the registered tech stack against the Common Weakness Enumeration to identify design-level flaws.
CAPEC Attack Simulation
Uses CAPEC patterns to simulate potential adversary methods, lateral paths, and supply chain exposures.
Daily CVE Monitoring
Performs daily delta checks against the CVE database to alert users of new vulnerabilities affecting their registered component versions.
AI-Supported Mitigations
Provides guidance and recommendations for fixing identified vulnerabilities based on OWASP and industry standards.
Maturity Tracking
A progress-based system that unlocks reporting and scanning features as asset configuration is completed.
Use Cases
Pre-deployment Threat Modelling
Mapping design weaknesses using CWE before code ships, which may reduce rework costs.
Continuous Vulnerability Tracking
Monitoring for new CVEs daily to maintain coverage between periodic pentests.
Attack Surface Assessment
Simulating attack vectors via CAPEC to identify how a system may be breached.
Security Documentation for Audits
Generating findings referenced to CWE, CAPEC, or CVE identifiers for compliance teams.
FAQ
What is the difference between the PRO and GURU plans?
- The PRO plan costs €49/month and supports one user and one asset, while the GURU plan costs €295/month and supports up to five users and five assets.
How does the CVE monitoring work in Cyber Risk Guru?
- It is scoped to the components and versions registered in the tech stack, providing daily alerts for vulnerabilities that affect the specific environment being run.
Is there a free version of the software?
- Yes, the Apprentice plan is free, though it is limited to demo assets only.
Does Cyber Risk Guru offer a managed service?
- Yes, the GURU+ plan is a fully managed service where experts handle monitoring, simulation, and reporting.
Source category: Security
Source subcategory: Vulnerability Management
More tools in Security
Other published listings in the Security category.
More tools in the Vulnerability Management software type
Related listings that share the same software type for comparison and shortlisting.
