What it does
Runs scoped, authorized security testing across the exposed surface: recon, web, API, infrastructure, cloud posture, AI workflows, prompt injection paths, reporting, and remediation.
Loading...
Loading...
Loading...
Sentinel
Sentinel is ECG's operator-driven security platform for authorized testing, external reconnaissance, web and API review, infrastructure checks, AI system testing, prompt-injection assessment, reporting, and remediation guidance. It is not a single scanner and it is not only an AI tool. It is a full testing workflow: discover the exposed surface, run the right modules, rank the risk, produce usable evidence, and feed new research, lab results, defensive intelligence, and findings back into the platform.
Runs scoped, authorized security testing across the exposed surface: recon, web, API, infrastructure, cloud posture, AI workflows, prompt injection paths, reporting, and remediation.
Teams building internet-facing systems, APIs, cloud platforms, AI-enabled products, or regulated workflows that need a sharper assessment than a generic scan.
A risk-ranked report with technical evidence, executive summary, affected surfaces, likely impact, remediation guidance, and a clean path for follow-up work.
Sentinel keeps learning from defensive research, lab validation, expected findings, and operator notes, so the platform improves instead of freezing at one checklist.
Operating model
The important part is the feedback cycle. Sentinel can discover the surface, run scoped modules, produce evidence-backed reports, then absorb defensive research, bug bounty lessons, lab validation, expected findings, and operator notes back into the platform. Each engagement can make the next one sharper.
Sentinel starts with the exposed surface: domains, subdomains, redirects, headers, cookies, TLS, technologies, ports, crawlable paths, APIs, and application behavior.
Focused modules run against the target surface instead of treating every assessment like the same checklist. Web, API, infrastructure, cloud, OWASP, CVE, crawl, and AI modules can be selected by scope.
Research intake, defensive intelligence, local lab regressions, and expected-finding workflows turn new security knowledge into better checks, clearer findings, and stronger report language over time.
Findings are converted into JSON, HTML, PDF, Markdown, and executive outputs so technical teams, leadership, and remediation owners can work from the same evidence.
Coverage
Sentinel includes AI security and prompt injection testing because modern applications increasingly depend on LLMs, retrieval, agents, and tool-calling workflows. But the platform also covers the surrounding internet-facing surface that attackers still use: web apps, APIs, infrastructure, cloud posture, headers, TLS, redirects, cookies, crawling, exposed services, and reporting.
External recon and attack-surface discovery
Security headers, TLS, redirects, cookies, DNS, and exposed services
Web application checks, crawling, forms, upload surfaces, and sensitive-data exposure
API discovery, auth-bypass review, and focused fuzzing paths
Cloud and infrastructure posture checks
OWASP-oriented passive and active testing where authorized
Prompt injection, retrieval abuse, unsafe tool use, and AI workflow testing
Executive reporting, risk ranking, and remediation guidance
Constant learning
Sentinel is built with a defensive intelligence pipeline and an authorized lab loop. Public advisories, safe research sources, local vulnerable apps, expected findings, and operator notes can become backlog items, regression tests, module improvements, prompt-injection strategies, and clearer remediation language. That is the difference between a static scan and a platform that keeps learning.
Sentinel can ingest public defensive signals, advisory metadata, and local fixture output into a research backlog without touching third-party systems. That backlog becomes test and reporting improvement work.
Local vulnerable apps and assigned lab targets give Sentinel a safe place to validate modules, compare expected findings, and improve coverage before customer use.
New techniques, framework guidance, PortSwigger-style lessons, CISA/OSV/NVD changes, and operator notes can be normalized into Sentinel improvement candidates.
The platform is designed as an operator tool that can check its own version, keep modules current, and preserve a repeatable command path instead of becoming a one-off script folder.