.png?width=55&height=41&name=conosco_icon_lightbg%20(1).png "conosco_icon_lightbg (1)"){kind=icon}
Prompt Injection - the attack that turns your AI against uou
Why OWASP's #1 LLM vulnerability is already inside your organisation, and what to do about it. There's a category of attack that doesn't need a CVE to work. It doesn't exploit a memory overflow or a misconfigured firewall. It exploits the thing that makes AI useful in the first place: the fact that …
The dangers of vibe coding
Vibe Coding is Shipping Vulnerabilities to Production. Here's the Proof. A penetration tester's breakdown of what AI-generated code actually looks like under a scanner. I've been doing offensive security for a long time. I've broken into banks, hospitals, government networks and SaaS platforms. I've …
What a penetration test actually finds
A penetration test reveals vulnerabilities that provide access to systems, applications, accounts, or data. Basic testing results in a list of technical issues, while thorough testing identifies which weaknesses can be exploited, how they are interconnected, and the potential risks they pose to the …
How often should you have a Penetration Test?
Most companies should do penetration testing at least once a year, but annual testing should be treated as a baseline, not a complete strategy. A company should also test after significant infrastructure changes, major application releases, cloud migrations, mergers, incidents, new internet-facing s …
What happens after a penetration test?
After a penetration test, the organisation receives a report detailing the vulnerabilities found, their risk levels, evidence of exploitation, and recommended fixes. The next step is to review the findings, prioritise remediation, assign owners, fix the most important issues first and validate that …
7 reasons your business needs a penetration test
A penetration test is a crucial tool that provides board members, CEOs, CFOs, and COOs with critical insights. It directly answers a decisive question: Could someone realistically break into our systems, access sensitive data, disrupt operations, or prove that our controls don't work?
Pen testing with assurance: find it, fix it, prove it
A penetration test should offer more than just a report; it should provide actionable insights for improving security. While it's essential to obtain findings that identify vulnerabilities in web applications, cloud platforms, networks, mobile apps, Application Programming Interfaces (APIs), and int …
Conosco is named one of The Sunday Times Best Places to Work 2026
We’ve got some brilliant news to share. Conosco has been named one of The Sunday Times Best Places to Work 2026, recognised in the small organisation category. For a business heading towards its 25th year, this is a huge moment. Not because it looks good on a badge, although it definitely does, but …
Why we’re beginning our Assurix certification journey
Trust in technology providers has to mean more than a good relationship, a fast response time or a polished service review.
Penetration testing for first-timers: how to know if you need one
Most first Penetration Testing projects are bought for the wrong reason. A client asks for a certificate, cyber insurance tightens its wording, or a board member reads about an incident and wants reassurance by quarter-end. Penetration Testing is most effective when it is risk-driven and well-scoped …
Long read: what the BBC got right, and where leaders must push further
This long-form analysis responds to the BBC’s investigation, “The true cost of cyber attacks – and the business weak spots that allow them to happen,” examining the incidents that halted Jaguar Land Rover, disrupted Marks & Spencer and Co-op, and exposed the fragility of the UK’s critical supply …
When one portfolio company gets hacked, you all pay.
Portfolio companies don’t face a single cyber risk. They face a networked risk. A compromise at one portfolio company often exposes shared vendors, credentials, and processes that repeat across the rest of the fund. That’s aggregation. It’s why ransomware and supply-chain attacks scale so efficientl …
.png?width=220&height=165&name=image%20(4).png)
