DPDPEnforcement rules notified. 12-month compliance windowThreatRansomware activity up 38% YoY across listed mid-marketSEBICSCRF audit cycle deadline narrows for listed entitiesInsuranceCyber capacity softening. renewal terms easing in Q2AdvisoryNew zero-day in widely-used MFA vendor. patch liveRegulatorIncident reporting timelines tightened to 6 hoursBreachListed fintech reports BEC fraud. ₹4.2 Cr in flightClaimsD&O cyber rider claims paid in 14-day median
Mitigata

Gordon AI: Your cyber resilience command centre.

Gordon AI is Mitigata's cyber resilience platform that brings SOC monitoring, VAPT, brand intelligence, dark web monitoring, GRC, third-party risk, workforce risk, and cyber risk scoring into one live console.

Book a call
81% exposure reduction modelled90% false-positive cutCERT-In empanelled expertise

Monitor. Assess. Mitigate. Without the mess.

Monitor what is happening. Assess what it is worth in rupees. Mitigate what does not need to stay open. Gordon brings the whole picture into one operating console.

No more hunting for the real risk.

The posture console rolls up every signal into a single domain score with findings ranked by impact. Drill into any finding for evidence, exploitability, and one-click remediation.

Live/Domain · sample-co.in/Last sync · 18 sec ago
CONSOLE · GORDON-V3
Posture score
75/ 100
Medium-high risk
7open
Critical issues
34total
Assets tracked
12vendor
Risk signals
Score breakdown
External surface68
Workforce risk52
Third-party84
GRC coverage91
Top findings · ranked by impact
05 of 47 open
See all
  • 01
    SQL injection · /api/v2/usersCritical
    CWE-89 · public endpoint
    CVSS
    9.8
  • 02
    Exposed S3 bucket · acme-logsCritical
    CWE-200 · public read
    CVSS
    9.1
  • 03
    Outdated TLS · checkout.sample-co.inHigh
    TLS 1.0 · weak ciphers
    CVSS
    7.4
  • 04
    Subdomain takeover · staging.acmeHigh
    Dangling CNAME · GitHub Pages
    CVSS
    7.2
  • 05
    Missing CSP · main appMedium
    Headers · clickjacking risk
    CVSS
    5.3
05 / 47 shown · 5,200+ assets scanned dailyGordon · auto-prioritised

Your cyber team's least annoying assistant.

Gordon turns findings, anomalies, gaps, and evidence into drafts your team can review and use.

  • 01 / 06

    Risk narratives

    Auto-generates plain-English briefs from raw findings, so leadership sees what matters first.

    Daily briefGordon
    • Top priority: patch SQL injection in /api/v2/users.
    • 7 critical findings open.
    • 3 owned by infra team.
  • 02 / 06

    Anomaly detection

    Flags unusual access, risky behaviour, off-hours logins, and suspicious user patterns.

    Anomaly flagGordon
    • Anomalous SSO sessions detected.
    • Device mismatch found.
    • Recommend MFA reset and manager review.
  • 03 / 06

    Compliance gap finder

    Finds missing controls across DPDPA, RBI, SEBI, IRDAI, ISO, SOC 2, and other frameworks.

    DPDP gapGordon
    • Data principal rights desk not implemented.
    • Owner: legal and product.
    • Estimated closure: 6 weeks.
  • 04 / 06

    Remediation playbooks

    Creates practical fix steps for repeat findings, from TLS upgrades to access reviews.

    Playbook · TLS upgradeGordon
    • Disable TLS 1.0 and 1.1.
    • Roll cipher suite changes.
    • Re-scan after deployment.
  • 05 / 06

    Executive summary

    Builds board-ready reports with posture score, open risks, movement, exposure, and insurance context.

    Board pack · Q1Gordon
    • Posture: 75 / 100.
    • Exposure reduced by modelled controls.
    • Top three risks need action this month.
  • 06 / 06

    Vendor questionnaire

    Helps complete security questionnaires using your evidence vault and current control status.

    SIG Core · 84/120Gordon
    • 70% auto-filled from evidence.
    • 14 questions need human review.
    • Estimated submission: 2 days.
Why Gordon

Gordon connects what other tools scatter.

Gordon connects monitoring, assessment, mitigation, compliance, and reporting into one working risk view.

Read enough. Book your call now.
Old Stack
STATUS QUO

Five tools. Five dashboards. Zero agreement.

  • 01·Monitor

    Alerts pile up. False positives eat the day. Important signals get buried.

  • 02·Assess

    VAPT reports arrive as PDFs. Findings lose owners. Fixes are hard to verify.

  • 03·Prove

    Compliance evidence is chased across inboxes, folders, and screenshots.

  • 04·Report

    Board updates are rebuilt manually every month from stale data.

Net

Your team spends more time stitching reports than reducing risk.

With Gordon
ONE CONSOLE

One console. One score. Telemetry stitched end to end.

  • 01·Monitor

    SOC, brand, dark web, and alert signals come into one working view.

  • 02·Assess

    Attack surface, VAPT, vendor, workforce, and financial risk are ranked by impact.

  • 03·Mitigate

    Playbooks, training, questionnaires, and control tasks move from finding to closure.

  • 04·Report

    Gordon writes risk narratives, compliance gaps, and board-ready summaries.

Outcome

Your team spends less time stitching reports and more time reducing risk.

Full-Stack Cyber Resilience, Powered by AI.

Choose the plan that fits your team. Upgrade or cancel anytime.

MonthlyAnnualSave vs monthly

  • Free

    $0· 15-day trial

    Explore the platform with limited access. No credit card required.

    Get Started
  • Most Popular

    Startup

    $17,875/yr
    Save ~$3,581 vs monthly

    For growing companies up to 100 employees. Core security, GRC, and insurance in one platform.

    Start Free Trial

  • Mid-Market

    $33,820/yr
    Save ~$6,764 vs monthly

    For companies with 100-500 employees. Expanded limits across all modules.

    Start Free Trial

  • Enterprise

    $66,070/yr
    Save ~$13,214 vs monthly

    For large enterprises 500+ employees. Unlimited scale, dedicated support, and custom SLAs.

    Talk to Sales
Included Not availablelimitUsage limit
$17,875/yr

Attack Surface Monitoring

· 12 scans/year
  • Monitored Assets (Domains, IPs, Mobile Apps)Upto 1 asset
  • Exposed subdomains & open portsIncluded
  • SSL/TLS certificate healthIncluded
  • DNS anomalies & misconfigurationsIncluded
  • Web technology fingerprintingIncluded
  • Vulnerability scoring (CVSS)Included
  • DMARC / SPF checksIncluded
  • Phishing riskIncluded

AI VAPT

· web, API, mobile, cloud
  • Web / Mobile application — dynamic pagesUpto 50 pages
  • Web / Mobile application — static pagesUpto 50 pages
  • Mobile applicationUpto 2 apps
  • IPNot available
  • APIUpto 50 APIs
  • CloudUpto 1 instance

Employee Risk, Simulation & Training

· by no. of employees
  • Workforce risk dashboardUpto 100 employees
  • Email phishing simulationIncluded
  • Custom phishing templatesIncluded
  • Security awareness training + phishing simulationIncluded
  • Learning management systemIncluded

Dark Web Monitoring

· by no. of keywords
  • Tor-based forums & marketplacesUpto 1 keyword
  • Paste sites (Pastebin, Ghostbin, etc.)Included
  • Telegram threat-actor channelsIncluded
  • Breach databases & data dumpsIncluded
  • Real-time alerts on new mentionsIncluded
  • Ransomware & APT group monitoringIncluded

Cloud Security & Billing Monitoring

· by no. of cloud instances
  • Misconfiguration detection (CIS benchmark checks)Upto 1 instance
  • IAM & privilege escalation checksIncluded
  • S3 / Blob public exposure alertsIncluded
  • Logging & monitoring gap analysisIncluded
  • Remediation playbooksIncluded
  • Cloud billing trackingIncluded

GRC & Compliance

· Audit charges extra
  • Compliance FrameworksUpto 2 frameworks
  • Automated control mappingIncluded
  • AI Gap assessment & remediation tasksIncluded
  • AI Evidence collection & MappingIncluded
  • Policy & procedure auto-generationIncluded
  • Compliance dashboard & scoringIncluded
  • Risk register automationIncluded
  • Control testing workflowsIncluded
  • AI-based internal auditIncluded
  • Audit-ready reportsIncluded
  • Trust centerIncluded

Third Party Risk Management (TPRM)

· by no. of vendors
  • AI security questionnaire — versioning, dispatch & scoringUpto 100 vendors
  • Continuous external surface scanIncluded
  • Breach & dark web alerts for vendorsIncluded
  • Risk rating (A–F) with trendIncluded
  • Contractual risk flag alertsIncluded
  • Employee usage & permission trackingIncluded

Gordon AI

· AI credits / tokens
  • Auto-generated risk narrativesUpto 500 credits
  • One-click remediation playbooksIncluded
  • Executive summary generationIncluded
  • AI-assisted questionnaire fillingIncluded
  • Cyber risk quantification (CRQ)Included
  • Threat intelligence summariesIncluded

Brand, Executive Monitoring & Takedowns

· by brand assets & takedowns
  • Fake domain / phishing page / typosquat monitoring1 asset · 20 keywords
  • Keyword search (20 keywords per asset)Included
  • Reverse imaging / logo detectionIncluded
  • Social media monitoringIncluded
  • Counterfeit listing detectionIncluded
  • Fake mobile application detectionIncluded
  • Takedowns (rogue app, DMCA, phishing pages)Upto 25 takedowns

Consent Manager (DPDPA)

· by unique users
  • Unique consentsUpto 25K
  • Granular consent collectionIncluded
  • 15+ platform integrationsIncluded
  • One-click consent withdrawalIncluded
  • Notifications (email + messages)Included
  • Consent banner configuration (branding)Included
  • Policy & cookie customisationIncluded
  • 22 Indian-language translations (DPDPA Art. 18)Included
  • User data-protection rights declarationIncluded
  • Cookie scannerIncluded
  • Data deletion & grievance requestsIncluded
  • Webhook integration (real-time ingestion)Included
  • Consent lifecycle dashboard + geo-locationIncluded
  • Real-time consent statusIncluded
  • Google Consent Mode v2 supportIncluded
  • Child data protection (upcoming)Included
  • Multi-application support (upcoming)Included
Start Free Trial

All plans include a 15-day free trial. No credit card required.

Cyber risk score

A 30-second reality check for your security stack.

Pick your industry, drop in your headcount, tick the security controls you have in place.

Score in
~30 sec
No Login
100% Anonymous
Security Teams Assessed
8,000+
Controls Evaluated
84
[MODELLED ON 8K+ SECURITY ASSESSMENTS ]

Score is indicative. Full audit covers 84 controls. DPDP, ISO 27001, SOC 2 mapped.

Industry
Employees50
1100250500+
Controls in place

Estimated risk score 39 / 100 · MEDIUM

Proof we're not just good at talking.

Real outcomes from real teams who moved from five tools and zero visibility to one console.

Chief Information Security Officer · Financial Services

"Before Gordon, we had alerts in one place, compliance evidence in another, and vendor risk somewhere nobody wanted to open. The biggest change was not just visibility. It was that our teams finally worked from the same version of risk."

CYBER RISK VISIBILITY
Director of IT & Security · Healthcare Network

"The console made our morning reviews much sharper. Instead of asking five people for updates, we could see what changed overnight, which risks were critical, and who needed to act. That saved our lean team a lot of chasing."

LIVE SECURITY OPERATIONS
Co-founder & CTO · B2B SaaS

"We started using Gordon during our SOC 2 push, but it ended up helping beyond compliance. The same evidence, findings, and ownership trail helped us answer customer questionnaires much faster. That was a very real sales unlock for us."

SOC 2 AND CUSTOMER TRUST
Chief Information Security Officer · Financial Services

"Before Gordon, we had alerts in one place, compliance evidence in another, and vendor risk somewhere nobody wanted to open. The biggest change was not just visibility. It was that our teams finally worked from the same version of risk."

CYBER RISK VISIBILITY
Director of IT & Security · Healthcare Network

"The console made our morning reviews much sharper. Instead of asking five people for updates, we could see what changed overnight, which risks were critical, and who needed to act. That saved our lean team a lot of chasing."

LIVE SECURITY OPERATIONS
Co-founder & CTO · B2B SaaS

"We started using Gordon during our SOC 2 push, but it ended up helping beyond compliance. The same evidence, findings, and ownership trail helped us answer customer questionnaires much faster. That was a very real sales unlock for us."

SOC 2 AND CUSTOMER TRUST
Director of Risk & Compliance · Healthcare Organization

"The gap finder was honestly the part my team loved most. It did not just say something was missing. It showed the owner, the evidence gap, and what had to happen next. That made audit prep much less painful."

COMPLIANCE READINESS
VP Technology · Ecommerce Enterprise

"We had enough tools. What we did not have was a clean way to decide what mattered first. Gordon helped us prioritise by impact, not by who shouted loudest in the meeting."

RISK PRIORITISATION
Co-founder & COO · Cloud Infrastructure Company

"Our board updates used to take days of pulling screenshots and rewriting status notes. With Gordon, the first draft is already there. We still review it, of course, but we are no longer starting from a blank slide at 11 PM."

BOARD REPORTING
Director of Risk & Compliance · Healthcare Organization

"The gap finder was honestly the part my team loved most. It did not just say something was missing. It showed the owner, the evidence gap, and what had to happen next. That made audit prep much less painful."

COMPLIANCE READINESS
VP Technology · Ecommerce Enterprise

"We had enough tools. What we did not have was a clean way to decide what mattered first. Gordon helped us prioritise by impact, not by who shouted loudest in the meeting."

RISK PRIORITISATION
Co-founder & COO · Cloud Infrastructure Company

"Our board updates used to take days of pulling screenshots and rewriting status notes. With Gordon, the first draft is already there. We still review it, of course, but we are no longer starting from a blank slide at 11 PM."

BOARD REPORTING
FAQs

What CTOs ask before they book the demo.

  • Gordon AI is Mitigata's cyber resilience platform. It brings security monitoring, attack surface visibility, VAPT, brand intelligence, dark web monitoring, workforce risk, third-party risk, GRC, and financial risk scoring into one console.
  • No. SOC monitoring is one module. Gordon also supports VAPT, brand intelligence, dark web monitoring, GRC automation, vendor risk, workforce risk, phishing simulation, security awareness, and financial impact modelling.
  • Gordon is built for CISOs, CTOs, compliance teams, founders, CFOs, risk teams, and boards that need one view of cyber posture across security, compliance, and financial risk.
  • Gordon helps map controls, track owners, identify gaps, collect evidence, and prepare for frameworks like ISO 27001, SOC 2, DPDPA, RBI, SEBI, IRDAI, and PCI DSS.
  • Gordon converts findings, alerts, controls, and risk signals into risk narratives, compliance gaps, remediation steps, vendor questionnaire drafts, and executive summaries.
  • Not always. Gordon can sit above existing tools and bring signals into one risk view. In some cases, it can also help reduce overlap where multiple tools are doing the same job.
Book a 30-min discovery call
Talk to Mitigata

Book the demo before the next CVE bulletin does it for you.

We've run this for 800+ businesses, we'll do it for you as well. The demo is 30 minutes. The risk score is yours to keep. The next step is entirely up to you.

Book a call
Mean time to detectacross 800+ clients
4.2Min
Insurance boundtypical broker takes 6 weeks
6Days
Breach responsewar room to containment
60Min
Claims settledin last 24 months
₹500Cr