Our Commitment
CurlSek is committed to security, transparency, and responsible use of AI in offensive security testing. This page provides enterprise customers, security reviewers, and investors with factual information about our certifications, compliance posture, and engineering practices—without marketing claims.
Certifications & Recognitions
SOC 2 Type II
Third-party audited controls for security, availability, and confidentiality. Audit completed by an independent assessor.
Startup India
Recognized by the Department for Promotion of Industry and Internal Trade (DPIIT), Government of India.
NVIDIA Inception
Member of NVIDIA's startup accelerator program for AI-based companies.
Media Mentions
-
CurlSek Secures Funding from Capital3 to Scale Its AI-Powered Continuous Pentesting Platform
ANI News
Coverage of CurlSek's angel funding round from US-based micro-VC Capital3.
-
Building Continuous Security Intelligence: Inside Mohd Sohaib's Vision for CurlSek
Indian Startup Times
Founder interview on CurlSek's approach to continuous security and AI-driven testing.
Security & Compliance Alignment
CurlSek's testing practices and platform design align with the following frameworks and standards. These are statements of alignment; we do not claim certification for frameworks that do not issue formal certifications to vendors.
- GDPR — Data handling and processing practices aligned with EU General Data Protection Regulation requirements.
- DPDP Act (India) — Practices aligned with India's Digital Personal Data Protection Act.
- IT Act (India) — Awareness of and alignment with applicable provisions of the Information Technology Act, 2000 and related rules.
- OWASP Top 10 — Testing methodology benchmarks against OWASP Top 10 vulnerability categories.
- MITRE ATT&CK — Attack simulations mapped to MITRE ATT&CK framework where applicable.
- CVE Program — Vulnerability identification and referencing aligned with CVE nomenclature where relevant.
- NIST Cybersecurity Framework — Design principles informed by NIST CSF functions (Identify, Protect, Detect, Respond, Recover).
Responsible AI & Security Practices
CurlSek applies engineering discipline to ensure testing is controlled, auditable, and safe.
- Scope-controlled testing — Testing is performed only within agreed scope. No testing outside defined boundaries without explicit customer approval.
- Human-in-the-loop validation — High-risk and high-impact findings undergo human review before being reported. AI-generated results are validated before escalation.
- Bias review — Findings and outputs are reviewed for bias and corruption. We apply checks to ensure results are not skewed by model bias, adversarial inputs, or data corruption.
- Audit logging and access controls — Platform access, testing runs, and data access are logged. Role-based access controls restrict sensitive operations.
- No autonomous remediation — CurlSek does not apply fixes, patches, or changes to customer systems without explicit approval. Findings are reported; remediation is customer-directed.
Customer Evidence
Anonymized feedback from organizations that have used CurlSek's services.
"Findings were relevant and the turnaround time was fast enough to fit into our release timelines."
"Gave us a cleaner, more realistic view of our security posture than traditional pentest reports."
"The validated exploitability focus reduced noise and helped us prioritize remediation effectively."