About SentriKat
We're on a mission to simplify vulnerability management by focusing on what actually matters: vulnerabilities being actively exploited in the wild.
Our Story
SentriKat was born from a simple observation: security teams are drowning in CVEs. With over 250,000 vulnerabilities and thousands more added each year, traditional vulnerability management has become an exercise in futility.
We asked ourselves: what if instead of chasing every CVE, we focused only on the vulnerabilities that attackers are actually using? That's the core of SentriKat's intelligence engine — exploited vulnerability tracking from both US and EU government sources.
SentriKat was built from the ground up to leverage both US and EU threat intelligence, automatically correlating your software inventory with actively exploited vulnerabilities. No more alert fatigue. No more prioritization paralysis. Just actionable intelligence about the threats that matter.
Engineered in Switzerland and designed for European data sovereignty, SentriKat runs 100% on your infrastructure. With NIS2 now in force across the EU, we built native European vulnerability intelligence and multi-source severity enrichment so your vulnerability management never depends on a single database — or a single continent.
Meet the Founder
I'm Denis, an IT Systems Engineer with more than seven years of hands-on experience running vulnerability management in growing companies. Before starting SentriKat I spent years in Berlin's startup scene, administering infrastructure for teams where the gap between "what the security tool reports" and "what actually matters" kept getting wider.
The turning point came in my previous role, when I inherited a vulnerability management stack built on enterprise tools that cost tens of thousands of euros per year and produced dashboards with 40,000+ open CVEs nobody would ever fix. The security team was demoralized. The developers ignored the reports. The auditors demanded evidence. Meanwhile, the actually exploited vulnerabilities — the small subset that threat actors were really using — were buried under noise.
I moved to Canton Ticino, Switzerland, to build something different. SentriKat is the tool I wish I had back then: focused on CISA KEV and ENISA EUVD exploited-vulnerability catalogs, priced so small and medium businesses can actually afford it, and engineered for the European regulatory reality (NIS2, DORA, the upcoming Cyber Resilience Act).
SentriKat's mission is simple: make vulnerability management accessible to European SMBs — without enterprise pricing, without enterprise complexity, and without having to send your sensitive inventory data across the Atlantic.
Why Exploited Vulnerabilities?
SentriKat tracks vulnerabilities with confirmed active exploitation from both US and EU government catalogs. This gives you dual-continent coverage of the threats that matter — prioritized by real-world exploitation, not theoretical risk scores. That's less than 0.6% of all CVEs, but the ones attackers are actually using.
Our Principles
Your Data, Your Control
SentriKat is 100% self-hosted. Your vulnerability data never leaves your infrastructure. No cloud dependencies, no data sharing. The only external call is a lightweight license heartbeat — no customer data is transmitted.
Auditable Source Code
Security tools should be transparent. Our source code is available for security audits and compliance reviews. You can verify exactly what runs in your environment.
Simplicity First
Enterprise software doesn't have to be complicated. SentriKat deploys in minutes with Docker Compose and gets out of your way so you can focus on remediation.
European by Design
Engineered in Switzerland with native ENISA EUVD integration. SentriKat combines US and EU vulnerability intelligence with multi-source CVSS enrichment — no single point of failure, no dependency on a single continent's infrastructure.
Contact Us
Have questions or want to learn more? We'd love to hear from you.