CyCognito Blog

Posts by Rob Gurzeev

Search the Blog

Rob Gurzeev

Rob Gurzeev

CEO & Co-Founder

Rob Gurzeev, CEO and Co-Founder of CyCognito, has led the development of offensive security solutions for both the private sector and intelligence agencies.

By Rob Gurzeev

Today we’re announcing continuous AI pentesting. It runs always-on across your full external surface, using AI agents to spot overlooked weaknesses, reason through context, and chain the multi-step moves a skilled adversary would. It has already uncovered real exposures in live environments. Here’s how it works.

Read more about Continuous AI Pentesting: What We’re Building, and What It’s Already Finding
By Rob Gurzeev

As manufacturing enterprises adopt digital transformation, integrating SCADA with cloud-based solutions introduces serious cybersecurity risks. This case study highlights how a Fortune 500 manufacturer inadvertently exposed SCADA systems to the internet, making them vulnerable to attacks. Traditional security tools failed to detect these exposures due to blind spots in asset inventory and reliance on predefined IP ranges. By leveraging external exposure management, the company identified and remediated these risks before exploitation. This incident underscores the need for continuous attack surface monitoring, risk-based prioritization, and automated asset discovery to secure operational technology (OT) environments against emerging threats.

Read more about Security Risks in Internet-exposed SCADA in Manufacturing
By Rob Gurzeev

There are three approaches to External Attack Surface Management (EASM) for securing complex and evolving attack surfaces in modern organizations. Each has its own set of considerations, including the limitations of traditional methods and the resource-intensive nature of human reconnaissance, which clearly underscore the benefits of an automated and comprehensive EASM solution like CyCognito.

Read more about Three Approaches to External Attack Surface Management
By Rob Gurzeev

Business risks lurk in many places. For cybersecurity, the worst risks are often the ones you never saw coming.  A Real World Example To illustrate, consider this real example: A manufacturing conglomerate has an engineer build a Javascript connector for remote access to a mainframe but inadvertently exposes it to the internet. How do you discover this risk and its potential damage? A penetration test will not help unless you happen to be testing that particular machine among hundreds or thousands of servers. A vulnerability scan also will not help, as the risk will be invisible because it is not…

Read more about Principles of Attack Surface Protection: Assess All Assets to Detect All Risks