Key Points
- CyberFlex combines attack surface discovery, penetration testing and budget allocation in one platform
- Platform uses AI-driven risk insights to track known, unknown and shadow IT assets
- Testing delivered by EU-based CREST-certified penetration testers
Swedish cybersecurity firm Outpost24 has launched an upgraded version of CyberFlex, an application security platform that combines attack surface monitoring, penetration testing and flexible budget management in a single programme, addressing the gap between annual security testing cycles and rapidly changing digital environments.
The platform is designed for organisations whose security teams must defend environments that change daily through cloud migrations, AI deployments, acquisitions and third-party integrations — while their testing budgets and scopes remain fixed to annual planning cycles.
CyberFlex connects discovery, automated scanning, risk prioritisation and expert-led testing in one workflow. The platform provides continuous visibility into an organisation’s external attack surface using AI-driven analysis that tracks known assets, previously unknown systems and shadow IT — technology deployed without central IT approval.
How the Platform Works
The programme allows security teams to reallocate their testing budgets across different services — penetration testing, validation and advisory support — as their risk priorities change, without renegotiating contracts each time. Structured service tiers align to different organisational maturity levels and operational requirements.
“Security teams are being asked to defend dynamic environments, while many AppSec programs are still planned around fixed scopes and annual cycles,” said Omri Kletter, chief product officer, Outpost24. “CyberFlex is designed to close that gap. It gives organisations the visibility to understand what has changed, the expert validation to understand what matters, and the flexibility to shift investment as risk evolves.”
Penetration testing — authorised simulated attacks designed to find security weaknesses before malicious actors do — is delivered by CREST-certified testers based in the European Union. CREST is an international accreditation body for cybersecurity service providers.
Customer Adoption
RS Group, a British industrial and electronics distributor, is among the organisations planning to adopt the updated CyberFlex capabilities.
“CyberFlex has made it much easier to connect testing activity to real business risk,” said Rebecca Wensley, head of security operations, RS Group. “We get clearer visibility into our attack surface, expert validation where it matters most, and a more practical way to prioritise remediation and demonstrate measurable security progress to stakeholders.”
The platform includes improved reporting dashboards designed to help security teams demonstrate risk reduction and remediation progress to executives, boards and auditors.
Outpost24, founded in 2001 and headquartered in Stockholm, operates globally with 14 offices including locations in the United States, United Kingdom, France, Belgium, Spain and Israel. The company’s cybersecurity portfolio spans two divisions: an attack surface management division focused on exposure management, and Specops, which provides identity and password security solutions.
Your Questions, Answered
What is CyberFlex from Outpost24?
CyberFlex is an application security platform that combines external attack surface visibility, automated scanning, penetration testing and advisory services in a single programme with flexible budget allocation.
How does CyberFlex differ from traditional application security testing?
Traditional programmes operate on fixed annual scopes and budgets. CyberFlex enables continuous monitoring and allows organisations to reallocate testing investment as risk priorities change without renegotiating contracts.
Who delivers the penetration testing for CyberFlex?
Testing and advisory services are delivered by CREST-certified penetration testers based in the European Union. CREST is an international accreditation body for cybersecurity professionals.
What types of assets does CyberFlex monitor?
The platform tracks known IT assets, previously unknown systems and shadow IT using AI-driven risk insights to show how an organisation's external attack surface expands over time.

