Attestor.ai is an R&D project led by Pekka Hagström, a practitioner in governance, cyber defense, and enterprise risk. Having seen the limits of checklist-driven compliance, Pekka founded Attestor.ai to explore new methods for cyber risk management.
We are a small team focused on turning research into practical approaches that help organizations stop adversaries — not just pass audits.
Our Approach
Our work is built on three principles:
- Why Mapping Matters — Defenses must start from adversary behavior, using MITRE ATT&CK as the foundation for mapping threats to business processes.
- Continuous Improvement — Risk must be recalculated as threats evolve, with fresh intelligence and evidence driving updated protections.
- AI-Powered Risk — By applying OpenAI GPT models, we test how AI can make complex risk data explainable and actionable.
What Makes Us Different
- R&D mindset — We innovate instead of repeating old compliance routines.
- Threat-informed, not checklist-led — Every method begins with adversary techniques, not static catalogs.
- Business translation — We frame risk in terms of processes, ROI, and resilience.
Our Mission
Attestor.ai’s mission is to develop and test measurable, governable, and defensible approaches to cyber risk. Our goal is to shape the next generation of cyber risk management — bridging research, technology, and real-world defense.
