Introducing the new Ethiack Portal: Built for the Way You Work Now

Link copied!
Image

João Ferreira

Head of ProductEthiack

July 2, 2026

When we built the first version of the Ethiack portal, the goal was clear: give security teams a place to see their validated exposures and act on them. That worked. But as organizations’ surfaces grew our platform reflected that with more assets, more findings and more teams relying on it daily. It became clear the experience needed to keep pace with how industry needs evolved and our customers were actually using it.

The new Ethiack Portal is our answer to that. It's the most significant redesign since launch, and it goes far beyond aesthetics. We've restructured the portal around two things: giving you faster signal and giving you more autonomy. Here's what that means in practice.

A portal built for how security actually works

Security doesn't run on a single mode, and Ethiack's new portal doesn't either.

Most security programs operate in two speeds. There's the ongoing work, continuous coverage of your attack surface, 24/7, tracking posture as it evolves. And there are the moments that demand something more targeted: a product release, a compliance audit, a new acquisition that can't wait for the next scheduled assessment.

Until now, a single workflow tried to serve both. The new portal doesn't make that compromise. From the moment you onboard, you choose your path.

Onboarding now starts with a choice: continuous validation or pentest. Each path is purpose-built.

Pentest on-demand or continuous exposure validation. Two modes, one platform.Pentest on-demand or continuous exposure validation. Two modes, one platform.

For continuous validation, domain setup is faster, you can quickly assert test authorization and import multiple domains with a CSV.

For pentest, you define your scope, set your policy, optionally add credentials for grey-box access, and launch. No setup calls. No waiting.

This was a deliberate design decision. We wanted the portal to feel like it was built for what you're trying to do, not like a single workflow forced to accommodate different use cases.

Whether you’re setting up continuous coverage across your entire attack surface or launching a targeted pentest before a product release, the portal now starts where you are, not where we assumed you’d be.

A dashboard that tells you where you stand immediately

The old dashboard asked too much of you. To understand your current posture, you had to navigate across multiple views, vulnerability lists, test activity and assemble the picture yourself. For security teams managing a live attack surface, that overhead compounds quickly. One extra click becomes five. Five becomes a routine that slows you down.

The dashboard was redesigned with one question in mind: “What does a security team need to see the moment they log in?”

The answer, for most teams, is three things: how exposed are we right now, is that improving or worsening, and what's most urgent. Your Risk Score, risk trend, and unresolved vulnerability count are now the first things you see.

Below that, Security Trends gives you the longitudinal view with the number of vulnerabilities broken down by severity (unresolved and all), vulnerability counts over time and your Mean Time to Resolve.

Image

The Deep Dive section brings together your most critical findings, most vulnerable assets, active tests, and latest comments in one place, so nothing falls through the cracks.

Image

Every minute spent piecing together your security posture is a minute not spent acting on it. The new dashboard makes orientation instant, so your team can focus on what comes next.

Know your assets, not just your vulnerabilities

Visibility has always been the first step: you cannot defend what you cannot see. But visibility into vulnerabilities alone is incomplete. Vulnerabilities are found on assets. But for a long time, the portal focused on a finding-centric view, with the asset information playing a secondary role. Knowing you have a critical finding matters. Knowing it lives on a public-facing asset hosted by a specific provider, running specific technologies, and appearing across multiple tests is what makes that finding actionable. Previously, that context existed, it just had no dedicated home.

Image

In the new portal, the Asset Details page makes that tangible. For any asset, you can now see its risk level and importance rating, full technical profile (IP, provider, location, technology stack), every vulnerability found against it, the services and paths discovered, associated tests, and screenshots where available.

Image

This shift, from finding-centric only to bringing asset-centric into the fold is what separates a vulnerability list from a genuine prioritisation framework. When you know which assets carry the most risk and why, the path to fixing what matters first becomes clear.

Run a pentest. Right now. Without us.

Security testing has always had a scheduling problem. Pentests require scoping, coordination, and back-and-forth, which means they happen on a timeline that rarely aligns with the pace of development or deployment. By the time a test is ready to run, the window it was meant to protect may have already passed.

Agentic Pentests powered by Hackian are now available directly from the portal, with no involvement from the Ethiack team. Two modes:

Swift is designed for single, simpler external applications. No grey-box access. Results in under 24 hours. Fast enough to fit into a sprint, a release cycle, or a quick pre-launch check.

Depth is for more complex engagements. Multiple applications, grey-box access with credentials and deeper coverage. Results within 3 days.

Image

Both are self-serve. You define the scope, assign credits, and launch. This is what we mean when we talk about putting your attack surface within your control.

And, of course, you will still be able to set up an Expert pentest if you wish to add some human creativity to expand on what Hackian can find. These engagements will maintain the same flow with the support of our Hacking operations team.

When a pentest takes minutes to launch instead of days to schedule, security validation stops being a milestone and starts being a habit. That’s the shift Agentic Pentests are designed to enable.

Findings that show you what matters and why

A long list of unfiltered findings is one of the most common sources of security fatigue. Without the right context of which findings are being actively exploited, which carry the highest real-world risk, how quickly they tend to be weaponised, teams default to CVSS scores that don’t tell the full story. The result is either over-prioritisation of theoretical risks or under-prioritisation of real ones.

The redesigned findings experience does two things the old one didn't: : it reduces noise at the list level, and it adds context at the detail level.

Reduces noise at the list level by giving focus to the most relevant information like Severity, Title, KEV and EPSS and removing focus from less relevant data such as the finding ID or in what test it was identified. Filtering has also moved into a dedicated panel, a small change that makes a real difference when you're working through a long list.

Adds context at the detail level, moving some of the information previously on the list to the details page and adding new details.

Image

On the details page, a new Quick Info section surfaces asset, test, CWE, CVSS, and CVE information immediately. The Risk Indicators panel now shows EPSS scores and KEV catalogue presence where applicable, giving you a data-backed view of real-world exploitability alongside theoretical severity.

Image

And with the new portal: the Exploit Timeline. It shows how quickly Hackian found the vulnerability and how your resolution time compares to known exploitation timelines in the wild.

Image

The combination of EPSS, KEV presence, and the Exploit Timeline means you no longer have to argue for prioritisation. The data does it for you. And when you need to explain urgency to an engineering team or a board, you have a timeline they can read.

Everything else, made better

The reports, settings, and preferences pages have all been updated to align with the new design system. You can now copy IPs and user agents directly from settings for whitelisting, and update your organisation's logo and name without a support request.

Credits replace hours across the platform to support the flexibility that Agentic Pentests require. Existing customers will receive separate communication on the transition.

The new Ethiack Portal is available to all Ethiack customers today. Log in and take a look! If you are not a customer yet, give it a try!

If you have questions about Agentic Pentests or credit allocation, your Customer Success contact is ready to help.

We're just getting started.

Validate your exposure

before attackers do.

Try Ethiack

30-day free trial. No commitment.

signup(datetime.now());

def hello(self): print("We are ethical hackers")

class Ethiack: def continuous_vulnerability_discovery(self: Ethiack): self.scan_attack_surface() self.report_all_findings() def proof_of_exploit_validation(self: Ethiack): self.simulate_attack() self.confirm_exploitability() self.validate_impact()

while time.time() < math.inf: ethiack.map_attack_surface() ethiack.discover_vulnerabilities() ethiack.validate_exploits() ethiack.generate_mitigations() ethiack.calculate_risk() ethiack.notify_users() log.success("✓ Iteration complete")

ISO27001

Compliant

Activate AI penTesting

Try Ethiack
Book a Demo
ISO27001

Compliant

Made by Büro
Ethiack — Autonomous Ethical Hacking for continuous security Continuous Attack Surface Management & Testing