Frequently asked questions

PROMETHEUS is NEVERHACK's sovereign AI advisory engine, purpose-built for cybersecurity. It analyzes your security challenges and returns a structured response covering: context understanding, risk analysis, recommended architecture, NEVERHACK capability mapping, and an implementation roadmap. It runs entirely on sovereign French infrastructure — no data is sent to third-party AI providers.

Once logged in, navigate to the Cyber AI page and type your cybersecurity question or challenge in the PROMETHEUS input (minimum 10 characters). Be as specific as possible — describe your environment, your concern, or the incident you're facing. PROMETHEUS will generate a structured advisory response within seconds.

PROMETHEUS is designed for cybersecurity topics. Good examples include: 'What are the key risks of deploying AI in a healthcare environment?', 'How do I build a Zero Trust architecture for a hybrid cloud?', 'We've detected lateral movement on our network — what should we do?', 'What framework should we follow for ISO 27001 certification?'. The more context you provide, the more precise the response.

Every registered account includes 2 free PROMETHEUS requests per month. Additional requests can be purchased as token packs — visit the Tokens page once logged in to see available plans.

Your data is never retained. All PROMETHEUS requests are processed in memory and discarded after the response is generated — nothing is logged, stored, or used to train AI models. The infrastructure is 100% sovereign, hosted in France, and aligned with ANSSI and SecNumCloud requirements. PROMETHEUS is designed to be compatible with sensitive and government-grade environments.

PROMETHEUS runs on fully isolated French sovereign GPU infrastructure with no dependency on external AI platforms (OpenAI, Azure, Google, etc.). This makes it compatible with environments requiring strict data sovereignty. If your organisation has specific classification requirements, contact us to discuss a dedicated deployment.

Three key differences: (1) Sovereignty — your data never leaves French infrastructure and is never used for training, unlike commercial AI tools. (2) Specialisation — PROMETHEUS is trained and tuned for cybersecurity, not general-purpose tasks. (3) Governance — every query is logged in your account's audit trail, with RBAC controls and human oversight, making it suitable for professional and regulated use.

The NEVERHACK CERT (Computer Emergency Response Team) is a certified CSIRT available 24/7/365. It handles all types of cyber incidents — from ransomware and data breaches to network intrusions, DDoS attacks, and insider threats. Our team is deployed with a guaranteed SLA of under 2 hours from incident activation.

The CERT covers: Ransomware & extortion (isolation, decryption analysis, negotiation support), Data breaches (containment, forensic analysis, regulatory notification), Network intrusions (lateral movement detection, APT eradication), DDoS & sabotage (traffic mitigation, ISP coordination), Phishing & social engineering, Insider threats, and any other cyber incident.

Go to the CERT page on this website and fill in the incident form: your company name, contact details, incident type, urgency level, and a brief description. Once you confirm the intervention via secure payment, our team is alerted immediately and will contact you within minutes. You'll also receive a confirmation email.

Our deployment SLA is under 2 hours from activation. In practice, you'll be contacted by a senior CERT analyst within minutes of payment confirmation. The team is operational 24 hours a day, 365 days a year — including weekends and public holidays.

The initial fee (€500) covers the first 2-hour emergency response — incident triage, immediate containment guidance, and team mobilisation. Additional hours beyond the initial response are billed separately based on the complexity and duration of the incident. All costs are agreed with you transparently before any extended work begins.

Choose your urgency based on impact: Critical — systems are down or actively encrypted (ransomware, total outage). High — an active attack is in progress but systems are still partially operational. Medium — you've detected suspicious activity or indicators of compromise but there is no confirmed active attack. When in doubt, select Critical — we'll triage accordingly.

The NEVERHACK CERT operates under ISO 27035 (incident management), NIST 800-61 (incident response), ISO 22301 (business continuity), and ISO 27037/41/42 (digital evidence preservation and forensics). Our team is composed of certified forensic analysts and incident responders.

Yes. Following every intervention, the CERT produces a structured incident report covering the timeline of events, root cause analysis, evidence collected, remediation actions taken, and recommendations to prevent recurrence. This report can be used for regulatory notification (GDPR, NIS2) and cyber insurance claims.

NEVERHACK operates across 9 cybersecurity delivery lines: (1) Cyber Advisory & GRC, (2) Cyber Training & Awareness, (3) Identity & Data Security, (4) Electronic Warfare & Secure Systems, (5) SOC / MSSP — 24/7 monitoring, (6) CERT — Emergency Response, (7) Sovereign Cyber AI, (8) Cyber OT Security, (9) Offensive Security. These are delivered through Professional Services, Managed Security (MSSP), and Technology Resale (VAR).

Yes. Our SOC / MSSP service provides 24/7/365 monitoring, threat detection, and incident response across IT, OT, and cloud environments. With a Mean Time to Detect (MTTD) under 15 minutes and a dedicated team of 200+ security analysts, we operate as a seamless extension of your internal security team.

VAR (Value Added Reseller) means we source, integrate, and operate best-in-class cybersecurity technologies from 50+ certified vendors — covering Endpoint/XDR, Network Security, Identity & Access, SIEM/SOAR, Cloud Security, and AI. Unlike a simple reseller, we provide certified integration by our architects and can operate the full stack as a managed service.

NEVERHACK specialises in sectors with high security requirements: Government & Defence, Critical Infrastructure, Energy & Utilities, Aerospace, Finance & Banking, Healthcare, Industrial & OT, and Transportation. Our experience in sensitive and regulated environments means we understand the specific constraints of each sector.

Yes. Our Cyber OT team of 80+ specialists focuses on industrial cybersecurity — OT assessments, segmentation, ICS/SCADA protection, and OT/SOC monitoring. We follow IEC 62443, NIST 800-82, and ISO 27001 and operate without disrupting production environments.

Yes. Our Cyber Advisory & GRC team covers 12+ regulatory frameworks including ISO 27001/27002, ISO 27005, ISO 31000, ISO 22301, NIST CSF, NIST 800-53, and emerging frameworks like AI governance under ISO 42001. We run maturity assessments, design security architectures, and accompany you through certification processes.

Cyber insurance is a financial protection mechanism that covers your organisation against the economic consequences of a cyberattack or data breach. It can cover: costs of incident response and forensic investigation, business interruption losses, regulatory fines (GDPR, NIS2), ransom payments, reputational crisis management, and third-party liability. It complements — but does not replace — your technical security controls.

NEVERHACK partners with leading cyber insurance underwriters to offer tailored coverage packages. Depending on your profile, coverage typically includes: 24/7 CERT incident response activation (integrated with our CERT service), forensic investigation costs, data recovery expenses, business interruption for the duration of the incident, extortion and ransomware payments (where legally permitted), and regulatory notification support. Coverage limits and terms are customised based on your sector, size, and risk profile.

Unlike a standalone insurance product, NEVERHACK's offering is fully integrated with our operational security services. When you hold a NEVERHACK cyber insurance policy, a cyber incident automatically triggers our CERT team — no need to call multiple parties. The same team that investigates the incident also handles documentation for the claim, reducing settlement time and ensuring technical accuracy of the loss assessment.

To receive a cyber insurance proposal, contact us via the Contact form on this site or reach out to your NEVERHACK account manager. We will schedule a brief risk qualification session (30–45 minutes) covering your sector, infrastructure, current security posture, regulatory obligations, and desired coverage limits. A tailored proposal is typically delivered within 5 business days.

Our CERT and cyber insurance are designed to work together. If you hold a NEVERHACK cyber insurance policy and experience a covered incident, the CERT intervention fee may be covered by your policy from the first hour. The CERT team also produces the incident documentation (timeline, root cause analysis, loss evidence) required to substantiate an insurance claim — eliminating the friction between technical responders and your insurer.

Cyber insurance policies typically exclude incidents caused by: known vulnerabilities that were unpatched beyond a reasonable period, intentional acts or gross negligence by the insured, war or state-sponsored cyberattacks (nation-state exclusions vary by policy), and prior incidents not disclosed at underwriting. NEVERHACK helps clients understand their coverage boundaries and recommends security controls that both reduce risk and maintain insurability.

Yes. Insurers increasingly factor in your demonstrated security posture when calculating premiums and coverage limits. Clients who hold a NEVERHACK SOC / MSSP contract, have completed a CERT retainer, or have performed a formal risk assessment typically qualify for more favourable terms. We can provide insurers with security attestation documentation on your behalf.

Yes. NEVERHACK acts as a technical expert throughout the claims process — not just during the incident. We provide: incident timeline and forensic report, evidence of losses (downtime logs, recovery costs), a post-incident remediation plan, and expert testimony if required by the insurer. Our goal is to ensure technically accurate claims, faster settlement, and fair compensation.

All NEVERHACK services — including PROMETHEUS AI inference — run on French sovereign infrastructure. No data transits through or is stored by third-party cloud providers (AWS, Azure, Google Cloud, OpenAI). This ensures full compliance with French and European data sovereignty requirements.

Yes. NEVERHACK is GDPR-compliant. Data collected through the website (account registration, CERT forms, PROMETHEUS queries) is processed according to our Privacy Policy, with no third-party sharing for commercial purposes. All data processing is documented and subject to your rights of access, correction, and deletion.

Yes. NEVERHACK has decades of experience with government institutions, defence contractors, and critical infrastructure operators across Europe. Our infrastructure is aligned with ANSSI (French national cybersecurity agency) requirements, and our AI platform is designed to be compatible with SecNumCloud-grade environments.

NEVERHACK and its entities hold a range of certifications depending on the service and country. This includes ISO 27001 certification, qualified CSIRT status, and sector-specific accreditations. Visit our Certifications page for a full and up-to-date list.