Frequently asked questions

Straight answers about what we do, what we do not do, and how engagements work.

Is CyberForge AI a hacking-for-hire service, an antivirus product, or a course — and do you guarantee we'll be unhackable?

No. We are an AI-driven security studio that runs authorized penetration tests, red teaming and hardening for client organizations — only with your written authorization and agreed rules of engagement. We do not hack accounts, phones or competitors, never test systems we aren't authorized to, and offer no surveillance or stalkerware. We are not a product you buy and not a course. AI assists our recon and analysis, but a qualified human reviews and makes the call. We reduce risk and help you fix what we find — but no one can make a system impervious to every attack, and we never promise zero breaches.

What is the difference between a penetration test and a red team engagement?

A penetration test prioritises breadth and documentation: find vulnerabilities, chain them where possible, and deliver a prioritised report within a defined window. A red team engagement prioritises stealth and objective completion: simulate how a motivated adversary would operate over days or weeks, testing whether your detection and response capabilities catch the activity. Pen tests answer "where are the holes?" Red teams answer "would we notice someone walking through them?"

How long does a typical engagement take?

Security assessments typically run two to four weeks. Penetration tests range from one to three weeks depending on scope. Red team engagements often span four to eight weeks including reconnaissance, execution, and debrief. Detection engineering projects vary based on SIEM complexity but commonly run six to ten weeks. We provide a timeline estimate during scoping.

Will testing disrupt our production environment?

We design engagements to minimise operational risk. Rules of engagement specify testing windows, prohibited techniques, and systems that must remain untouched. We coordinate with your operations team before any activity that could affect availability. In over five years of operations, our controlled testing has not caused unplanned production outages — because we treat your uptime as a constraint, not an afterthought.

Do you test cloud environments (AWS, Azure, GCP)?

Yes. Cloud identity misconfigurations, overprivileged service accounts, and exposed storage buckets are among the most common findings in our Canadian engagements. We test infrastructure-as-code deployments, Kubernetes clusters, serverless functions, and identity federation setups. Cloud testing requires appropriate authorisation from your cloud account owner.

What deliverables do we receive?

Every engagement includes an executive summary, a technical findings register with severity ratings and reproduction steps, and a remediation roadmap. Red team and detection engineering engagements add attack timeline narratives, ATT&CK technique mappings, and detection coverage matrices. Deliverables are provided in PDF and, where agreed, structured formats for import into your ticketing system.

How do you handle confidential data discovered during testing?

Our engagement agreements specify data handling procedures. We minimise data collection to what is necessary to demonstrate impact — often redacted screenshots or hashed identifiers rather than full datasets. Sensitive data discovered incidentally is reported to your designated contact and securely deleted per contractual retention schedules. We comply with PIPEDA and applicable provincial privacy legislation.

Can you retest after we remediate findings?

Yes. We offer retest windows — typically within 30 days of initial delivery — to verify critical and high findings are resolved. Retesting is scoped to specific findings rather than a full re-engagement, keeping cost proportional to the validation you need.

FAQ briefing session with client stakeholders
CFA-IMG-12 · FAQ briefing

Still have questions?

Reach out during business hours and we will respond within one business day.

Contact us