DT Master Team

Automated cybersecurity audit for SMBs and startups

Guard and his team of 27 specialists scan your infrastructure, flag OWASP vulnerabilities, check your NIS2 and GDPR compliance, and ship an actionable report your engineers can run with. Daily or on demand.

Run my free audit See an example report

An external cybersecurity audit costs €5,000 to €15,000 and arrives 1 to 2 times per year. Guard runs the same scan continuously, alerts on new vulnerabilities, and tells you what to fix in priority order. For an SMB or startup, that's the difference between knowing and finding out too late.

A security analyst at a vulnerability scan dashboard.

The 5 cyber risks hitting SMBs in 2026

Attacks no longer target only large groups. 43% of cyberattacks now hit companies under 50 employees, because they have fewer defenses and remain connected to bigger value chains. The 5 main risks are targeted phishing that bypasses mail filters, ransomware that encrypts poorly isolated backups, supply chain attacks via a compromised npm dependency or SaaS vendor, cloud leaks on misconfigured S3 buckets, and the new wave of prompt-injection attacks on poorly secured AI agents. An annual audit isn't enough — you need continuous scanning.

What Guard scans continuously

Guard doesn't just generate a report — he runs a 27-agent specialist team that covers an SMB or startup's full cyber perimeter.

  1. 1

    Application: OWASP Top 10 by Axe, dependencies and SCA via Ray, security code review with Kit (SAST/DAST).

  2. 2

    Infrastructure: AWS cloud config (Nova), Azure (Azure agent), GCP (Cirrus), global cloud posture (Onyx).

  3. 3

    Identity: IAM review (Stone), MFA and RBAC (Haze), API auth OAuth2/OIDC (Blaze).

  4. 4

    Compliance: GDPR (Rex), NIS2 and DORA (Fox), ISO 27001 (Ash), SOC 2 (Zen), PCI-DSS (Nyx).

  5. 5

    Detection: SOC monitoring (Ace), incident response (Raven), forensics on compromise (Vex).

Five layers of scanning: application, infrastructure, identity, compliance, detection.
The 5 layers continuously scanned by the 27 agents.

What you get

Full PDF report

Global risk score, critical vulnerabilities, prioritized remediation plan

Real-time alerts

Notification as soon as a new CVE hits your stack

Compliance tracking

GDPR, NIS2, DORA status updated automatically

Assisted pentest

Automated penetration tests by Ghost and Shard on a defined scope

Incident response plan

Playbook ready to deploy on compromise, by Raven

Custom CVE watch

Filtered to your stack, no noise

Mockup of a cybersecurity audit report with risk scoring.
Preview of the PDF report with global score and prioritized vulnerabilities.

Guard's team that secures your stack

Avatar de Guard
Guard
Security Lead — leads 27 cyber specialists
Avatar de Rex
Rex
GDPR Expert
Avatar de Fox
Fox
NIS2 & DORA
Avatar de Ash
Ash
ISO 27001 Auditor
Avatar de Zen
Zen
SOC 2 Expert
Avatar de Axe
Axe
OWASP Top 10
Avatar de Ghost
Ghost
Pentest Specialist
Avatar de Nova
Nova
AWS Security
Avatar de Onyx
Onyx
CSPM Cloud Posture

Included from Free — basic audit included

Continuous scan and real-time alerts from Startup at €69/month.

See all plans

Frequently asked questions

Can Guard replace a manual pentest?
No, and he doesn't claim to. Guard automates the standard scans — OWASP, SCA, cloud configuration, compliance — which covers 80% of vulnerabilities at marginal zero cost. For deep manual pentests (business logic, complex privilege escalation, social engineering), Ghost preps the work and an OSCP-certified human finishes. The combination works, not one or the other.
Compatible with AWS, Azure, GCP?
Yes — the 3 major cloud providers, read-only via native API. For Scaleway, OVH and other European clouds: integration via terraform export or lightweight agent.
Does scanned data stay in Europe?
Yes — processing on Scaleway France and OVH Germany. No scan transits via the US. Signable DPA on request.
How does Guard handle false positives?
Each alert is scored by confidence. You can mark an alert as a false positive, and Guard learns to stop surfacing it. False positive rate drops from 30% to under 5% after 4-6 weeks of usage.
Is my company subject to NIS2?
If you have more than 50 employees or more than €10M revenue and you operate in one of the 18 critical sectors (energy, transport, health, finance, digital, etc.), yes. Fox runs the diagnosis in 5 minutes and gives you the exact answer for your case.

Run your first audit in 5 minutes

Free audit, no commitment. Continuous scan from Startup.

Audit my infrastructure

Other tasks you might like

Task
Analyze a legal contract with a French AI agent
Tibo and his Legal team read your contracts, NDAs and T&Cs in French and English.
Task
Automate cold email with an AI agent
Mia drafts, personalizes and follows up your cold emails for you.
Task
Automatically extract CV data with AI
Dorothée and her HR team read your PDF and DOCX CVs and turn them into structured candidate records: skills, years of experience, education, languages, mobility.