Ethiack

On a mission to secure business technology through Autonomous Ethical Hacking.

ethiack.com is a cybersecurity SaaS platform powered by ethical hackers and AI for continuous and proactive security testing.

Co-Founder & CEO

AngelsWay 🔷

Angels Way is a community fund supporting startups in Portugal. I seek to identify entrepreneurs and accelerate innovative companies with social impact and scalable growth.

Angel Investor

ACI EUROPE

ACI Europe - Cybersecurity Committee Member

CIONET Portugal

Advisory Board

C-MAST (Centre for Mechanical and Aerospace Science and Technologies)

Projects: SpaceLAB, MECSE, NANOSTAR, ANTAEUS, BIOD'AGRO
http://www.aerospace.ubi.pt

Research Fellow 

SPACEWAY

PENTHACK

Co-founder & COO

Space Generation Advisory Council

In support of the United Nations Programme on Space Applications.
• The communication channel between national students and professional space networks;
• Plan, organize, and take part in international space projects and educational events;
• Active voice of the Portuguese youth on the United Nations space policy.

National Point of Contact for Space in Portugal (NPoC)

AgniKul Cosmos

International Business Architect  

Instituto de Telecomunicações

Preliminary Design of a SAR based on a 5.3 GHz Software Defined Radio (SDR) communication system for the INFANTE nanosat constellation.

R&D Engineer / Systems Engineer

An entrepreneur and explorer living by faith, for family, with freedom.

I love breaking norms, brainstorming ideas, scaling businesses, and connecting with people.

Go ahead and hit me up!

This isn’t a wrap, it’s a kick-off

hackAIcon just changed the game forever

“Finally, a cyber conference where I actually learned.” 
“Finally, I saw AI in practice, not just the buzzwords and marketing fluff” 
“This was a cyber spa!”

This was repeated feedback from some of the best in the industry

It takes courage to be different. 
But even more courage to make it happen. 

This team here in the photo has big balls.
Courage squared. 

These people don’t just talk about innovation, they actually build it and lead the pack. 

Talented. 
Relentless. 
Unstoppable.

If 5 years ago someone had told me I’d be here leading a AI cyber company and working alongside people 10x smarter than myself, I would have laughed. 

And today here we are, launching Agentic AI pentesting, organizing the world’s first AI Hacking conference, and having lots of fun at the same time.

I’m proud. 
I’m grateful. 
I’m speechless.

We don’t have everything figured out.
And maybe we will never have.

But I wouldn’t want to fight this battle with anyone else.

So to them, thank you. 
And to you, join the revolution.

We are just starting…
Expect us

Jorge  Monteiro

CEO, Ethiack | Securing your tech with Autonomous Ethical Hacking

No alternative text description for this image

One of Ethiack's employees lives a few hundred km from where Russian drones fell into NATO territory some weeks ago. On that day he texted me this: 

"Seeing this happen just makes me want to work harder. I know what we're building matters now more than ever."

While physical missiles target power grids and hospitals, cyber attacks are already hitting European infrastructure daily.

Critical systems.
Healthcare networks.
Energy infrastructure.
Financial services.

Every vulnerability we find and help fix isn't just about making businesses more secure.  It's about digital sovereignty and protecting democracy itself.

This is why we built Ethiack from Europe, for Europe.

European companies and governments deserve cybersecurity built by people who understand what's at stake. Who understand that a compromised hospital in Warsaw isn't just a data breach, or a ransomed energy grid in Estonia isn't just a business disruption.

We protect what matters.
And we protect it well.
From Europe, for Europe.

The motivation is personal, urgent, and real.

Every day, our work gets more meaningful.
And our team knows that.

Most "AI pentesting" tools are just fancy VA scanners with a marketing mask, or pentesting services with "human-in-the-loop"  disguise. 

They run the same scripts, follow the same playbooks, and stop when they hit good enough.

Real hackers don't work that way. 

They adapt. 
They explore. 
They think.
They just stop when a critical vuln is found. 

Hackian, our AI pentester, behaves exactly like that. 

What Makes Hackian Different:
👉  Pattern recognition to understand app behaviour instead of deterministic rule-based scanning
👉 Exploratory intelligence that discovers unknown vulnerabilities beyond CVE databases
👉 Creative payload construction by the development of combined techniques
👉 Autonomously pivot attacks when initial approaches fail
👉 Validates its own findings with proof of exploitation
👉 Strong Guardrails to stop harmful behaviour

Interested in seeing what next-level offensive security looks like?

HackAIcon is ON! 

We start off with Mohamed Pehapati, co-founder of Hacktron AI, with a talk on using AI… to hack AI.

Packed day ahead. Stay tuned 👀

🚨 Zero Days are the New CVEs 

Exploits now happen before patches are disseminated

Brent Muir from Mandiant (part of Google Cloud) just shared a previw of the most recent report with a first-ever negative Time to Exploit (TTE = -1 day).

Attackers aren’t waiting for patches anymore
They’re moving faster than you.

Take your own conclusions

Ethiack's hacking team enjoys spending their weekends in hacking battles, like #reconroyale. This time the goal was to give wings to Red Bull.

We found more than 5000 subdomains under their main domain. 

I wonder if their security team have visibility over these exposed assets. 
Not to mention how difficult it should be to test it frequently. 

I would love to share with them all the list we discovered and get some insights. 

So here is the BIG ASK to my network:
Would you help me connect to them?

You can share, comment or DM if you know anyone working in the Red Bull security team. All of this will help 🙏 

Norberts Dulbinskis, @Philip G. , Jimmy Heschl, Jeff Zabel, Konstantin Mikhailovsky
I am looking at you 👀 

Let's see the power of the LinkedIn network 
👏 🙏

Yes, it is. 

And you should test it all.

*credits to some fellows from cybersecurity LinkedIn communities that shared it

“we have zero false positives.”

Most competitors throw this line around.

Let’s be honest: 
absolute zero doesn’t exist in cybersecurity.

Not in detection. Not in validation.
Not in AI. Not even manually. 

The industry was always full of noise, and suddenly AI makes you perfect. Something smells bad. 

So when I hear “zero false positives”, two things come to mind:

1. You’re burning humans in the backend to manually validate every single vulnerability (which means you’re not really autonomous or Agentic as you say). 

2. You’re just saying marketing bullsh*t

Either way you are lying. 

At Ethiack, we prefer transparency.
We say 0.5% false positives.

Why?
Because that’s the truth today.

Because our AI pentesting agents validate, exploit, and prove real risks, but we know perfection doesn’t exist.

Because our customers, and our own research team, constantly help us measure and improve, but we know perfection doesn’t exist.

The industry doesn’t need more buzzwords.
It needs transparency and accountability.

If someone tells you they have “absolute zero false positives,” ask them how.

Chances are, they’ll either hide the humans in the back room or dodge the question.

At Ethiack, we prefer to face reality.

0.5% > 0% because it’s real. 


PS:
Think about this when evaluating vendors. Trust and Transparency are critical in cyber.

Annual pentests are security theatre.

Admit: you don't do it to be secure.

You test once a year. 
Your report sits in a Jira backlog for 3 months. 
By the time you look at it, it's irrelevant. 

Meanwhile, attackers don't wait for your next pentest cycle.

This is why the Continuous Threat Exposure Management (CTEM) framework is replacing the VA/VM and annual pentest model. 

CTEM isn't just "scan more often."
 It's a fundamental shift:

→ Real-time attack surface discovery
→ Event-driven continuous testing 
→ Prioritisation based on actual risk, not just CVSS scores
→ Continuous validation of exploitability
→ Mobilisation to fast mitigation on priority findings

Embrace the framework. 
Adapt your security posture.

As every founder, in 2022, when we started Ethiack we made a prediction.

And we nailed it. 

The prediction was: in less than 5 years, Vulnerability Exploitation would become the major initial vector for data breaches. 

According to Verizon DBIR we are not very far away.

Let's be brutally honest about where we stand.

The cybersecurity industry is facing an existential crisis. 

♦️ Attack surfaces are exploding exponentially, from internal applications to 3rd parties, and now even AI.  

♦️Attackers are weaponising AI as we speak. Attacks are becoming faster, more autonomous and more dangerous than ever

♦️ Security teams are overwhelmed, burned out, and still reactive. They are drowning in false positives and noise while real threats slip through undetected. 

The question isn't whether AI will transform offensive security.  It already has. 

The question is: will defenders join this revolution, or will they wait for the worst to happen?

Forget annual pentests. Forget massive PDF reports. 

Here's the future:

1. Event-Driven Testing
Security tests trigger automatically:
Code commit? Test runs.
New subdomain exposed? tested instantly.
CVE announced? Your environment is validated within minutes.

2. AI Agents + Human Oversight
AI agents handle:
Reconnaissance at scale
Known exploit validation
Repetitive attack patterns

Humans handle:
Creative attack chains
Business logic exploitation
Strategic risk assessment

3. Real-Time Dashboards Replace Static Reports
Live vulnerability feed
Proof-of-exploit videos
Prioritised remediation queues
Jira/Slack/Git/SOC... integrations

4. Continuous Validation, Not Point-in-Time Snapshots
Security becomes an operational discipline, not a compliance event.

This isn't speculation. 
This is what we're building at Ethiack. 
This is what PTaaS + Adversarial Exposure Validation enables.

The companies adapting now will be 5 years ahead.
The companies waiting will be playing catch-up after the next breach.

Is your security strategy ready for 2027, or stuck in 2017?

#cybersecurity #pentesting #ctem

Shadow AI is your next breach.

Most enterprises are rushing to deploy AI. Few are stopping to ask: what happens when attackers find it?

On September 23, ETHIACK , Zenity  and HackerOne will dive into:
👉The real adversarial AI threats: data poisoning, prompt injections, policy bypass
👉 How red teaming is being reinvented in the age of autonomous systems
👉 The key questions every CISO should ask before signing off on an AI vendor

These are the security blind spots that will define the next wave of breaches.

📅 TODAY: September 23
🔗 Register here:

Open article: 2025 AI Security Ask-Me-Anything Webinar | HackerOne by bit.ly

2025 AI Security Ask-Me-Anything Webinar | HackerOne

The news are true:
Hackian, your AI pentesting agent is now live

Join the Revolution!

That’s a wrap for HackAIcon! And we have something big to announce to close the day:

Hackian, our new hackbot and automated pentesting agent, is now LIVE!

This is the result of months of hard work creating a machine that analyzes, thinks, and attacks like a human Ethical Hacker. And it’s already out there, finding critical vulnerabilities in our clients.

This is THE major leap in offensive security, and you’re witnessing it firsthand. 

See the future for yourself at ethiack.com

EU drops €1.1B to push AI across healthcare, energy, defence, manufacturing....

Great vision.  But here's what's missing:

Von der Leyen: "I want the future of AI to be made in Europe."

But you can't scale AI adoption securely without scaling offensive security testing.

You need an European offensive security strategy.

More AI = more attack surface.
More automation = more bugs.

Most organisations are deploying AI faster than they can secure it.

Running compliance pentests once a year.
Hoping their firewall will protect them.
Treating cybersecurity like a checkbox instead of a continuous war.
Attackers are already using AI agents to automate hacking at scale.

If you're not using AI pentesting agents to test your systems 24/7, you're already behind.

The future of AI needs to be secure.
Not just innovative.
Build AI-first.
But secure it attacker-first.

AI boosts hacking 10x, but most security teams are still ”waiting” for the next pentest. 
Why? 

They still don’t believe in the power of AI in hacking.

That will all change tomorrow at HackAIcon.

Get ready for the big day!

When AWS sneezes, half the Internet catches a cold.

One provider is causing a massive Internet outage today

We don’t yet know the exact cause. 
It might or might not be a cyberattack, but the impact is the same and real.

Major apps and services from e-commerce giants to gaming, banking and communications are down. 

Millions of users and businesses have been disrupted within minutes.

All because one 3rd-party provider (AWS) had an issue (which one?)

That’s the paradox of modern architecture:
We’ve traded control for convenience.
Scalability for sovereignty.
And in doing so, we’ve concentrated risk in other hands.

It’s not just uptime we lose, it’s resilience.
If your business can’t operate when your provider fails, it’s not your infrastructure anymore. It’s theirs.

(and yes, we are not different, unfortunately 😅 )

True digital resilience means testing beyond your perimeter, across your dependencies, APIs, cloud and 3rd-party integrations.

Because your attack surface doesn’t end at your servers.
It extends to every service you rely on, and every line of code you didn’t write.

At Ethiack, we continuously test not just what you own, but what you depend on. Because a simple vulnerability can take your business down. 

In 2025, your biggest risk might not be a hacker.
It might be your provider.

Why should you care about third-party and supply chain attacks?

Because the numbers don’t lie.

According to the Verizon DBIR 2025:  
👉 20% of all breaches now involve exploitation of vulnerabilities. That’s a 34% increase YoY.
👉 22% of initial access vectors are via VPNs and edge devices 
👉 Exploited vectors increasingly include management consoles, firewalls, and even security devices.

Web apps and email remain top targets, but supply chain dependencies are a growing blind spot.

Here’s the painful truth:
Most organisations obsess over patching code dependencies (npm, PyPI, etc.) while leaving edge devices and exposed services wide open.

Attackers don’t care whether they come in through your VPN gateway, your CI/CD pipeline, or your favourite open-source package.

They care about what gets them in fastest.

That’s why third-party risk = business risk.
And why continuous offensive testing across your entire attack surface is no longer optional.

If a single maintainer's compromise in npm can poison billions of downloads… what happens when your own vendors or gateways are next?

Are you are looking to prevent supply chain attacks?
DM me, we are cooking something

We are in a arms race. Who is winning? 

AI-Powered Hacker or AI-Powered Defender ?

What happens when both defenders and attackers wield the power of AI?

That's the topic of our roundtable with Luís Valente (MC Sonae), Duarte Sousa Lopes (CyberInspect), Filipi Pires (Segura), and Ralph Chammah (Blacklight AI). A must-listen conversation during the ongoing AI arms race in cybersecurity.

"AI will never do pentesting like a human"

Hackian says the opposite, just check it out!

And remember, we're just starting!

Long Live the Hackian!

This is the world’s first show & tell from a hackbot.


We first showed this video at HackAIcon in Lisbon. It features Hackian, our Hackbot, autonomously discovering two critical vulnerabilities during a DEFCON CTF—all on its own.

We’re excited to share the potential of this technology with you. And if you think this is impressive, remember: this is the worst hackbots will ever be.

Taplio

Jorge Monteiro's Linkedin Analytics

What is Jorge talking about?

's Best Posts (last 30 days)

Want to drive more opportunities from LinkedIn?

Taplio

.css-1jgreyo{background-image:linear-gradient(284deg, rgba(39,43,72,1) 0%, rgba(33,47,183,1) 100%);color:transparent;-webkit-background-clip:text;background-clip:text;}Jorge Monteiro's Linkedin Analytics

What is Jorge talking about?

's Best Posts .css-qqfgvy{font-size:var(--chakra-fontSizes-md);}(last 30 days)

Want to drive more opportunities from LinkedIn?

Jorge Monteiro's Linkedin Analytics

's Best Posts (last 30 days)