About CyberForge AI

We are a Canadian offensive security consultancy headquartered in Toronto. Our name reflects what we do: forge stronger defences by breaking systems under controlled, authorised conditions.

Founded on operational truth

CyberForge AI Inc. was established because too many organisations were making security decisions based on compliance artefacts rather than adversary behaviour. Our founders spent years on red team operations for financial institutions and critical infrastructure operators before launching a consultancy that prioritises evidence over theatre.

We incorporated in Ontario and operate from Suite 105 at 134 Peter Street — in the heart of Toronto's technology corridor. Our business number is BN 517 803 462 RC0001. We serve clients across Canada, with select engagements in the United States and Europe where contractual and legal frameworks permit.

Unlike firms that treat penetration testing as a volume business, we limit concurrent engagements to ensure senior operators remain hands-on throughout every project. When you work with CyberForge AI, the person who scopes your assessment is the person who exploits your environment and presents findings to your board.

CyberForge AI team collaborating in the Toronto studio
CFA-IMG-04 · Team forge studio
Founding team briefing a client on assessment findings
CFA-IMG-09 · Founder briefing

Our principles

Authorised operations only. Every engagement requires written permission, defined scope, and emergency contacts. We do not perform work outside contractual boundaries — period.

Evidence over anxiety. We do not sell fear. Our reports quantify risk in terms your leadership can prioritise: exploitability, blast radius, and detection gap duration.

Canadian context. We understand PIPEDA obligations, provincial privacy statutes, and sector regulators like OSFI. Our data handling practices reflect Canadian expectations for consent, retention limits, and breach notification.

Offence informs defence. Cluster A work (attack simulation) and Cluster B work (detection validation) are two halves of the same practice. We believe security programmes mature fastest when both run in coordination.

Operators, not account managers

Our team includes certified penetration testers, former SOC leads, detection engineers, and application security specialists. Several consultants hold OSCP, OSCE, GXPN, or equivalent credentials. Others bring a decade or more of incident response experience from Canadian enterprises.

We invest in continuous training — internal attack/defend exercises, conference research reviews, and tooling evaluation — because adversary tradecraft evolves quarterly. Your engagement benefits from that ongoing discipline, not from a static methodology document written three years ago.

We are hiring selectively. If you are an offensive security professional based in the Greater Toronto Area and interested in adversary simulation done properly, reach out via our contact page.

Let's talk about your threat landscape

Whether you are preparing for a regulatory examination, recovering from an incident, or building a security programme from scratch, we start with an honest conversation about what testing will — and will not — tell you.

Book a security assessment