UtkenUTKEN
Partner-only · Est. 2024

Security as a
quiet partnership.

Utken is a cybersecurity studio. We find, exploit and patch the vulnerabilities inside the web products of a small circle of partners, with AI-assisted depth and human judgment.

What we doBecome a partner
Capabilities

Four ways we keep our partners safe.

We work only with software, only on the web. Hardware, network appliances and consumer apps are not where we live. The depth comes from focus.

Discovery

We map the surface of the product: endpoints, dependencies, identity flows, third-party calls. Nothing is patched before it is understood.

Vulnerability audit

Static, dynamic and AI-assisted analysis of code, configuration and data paths. We look for the holes before someone else does.

Exploit verification

Findings are not theoretical. We reproduce each vulnerability in a controlled environment so the impact, and the urgency, are real.

AI-assisted patching

We propose, review and ship fixes alongside our partners' engineers, then keep the loop running for the patches that come after the patch.

Partnerships

We work with a small circle.

Utken does not take open applications. Our work is done inside long-term partnerships with companies whose products we know intimately.

Partner since 2024

Rofs Development

Swiss software studio building modern web, mobile and desktop products. Utken secures their web surface.

Partner since 2025

Leuqui

Long-standing engineering partner. Utken handles the security review on every product they ship to the web.

How we engage

Four steps, repeated quietly.

Security is a habit, not a one-off audit. Our engagement runs in a continuous loop for the lifetime of the partnership.

01

Engagement

We sign a partnership, define scope, and gain the access we need to understand the surface from the inside.

02

Audit

Full review: code, infrastructure, identity, third parties. We surface what is broken, what is fragile, and what is at risk.

03

Patch

Findings are fixed, not filed. Our engineers work next to your engineers, with AI-assisted review at every step.

04

Monitor

We do not leave after the report. We stay on, watching for new exposure as your product, and the threat landscape, evolves.

Principles

How we think about security.

We do not believe in noise, dashboards full of red, or fear as a sales tool. We believe in fewer findings, fixed faster, by the right people.

Partner-only

We do not take open clients. Trust is a precondition for the depth of access we need.

Web-only

We focus on the web surface, where most software lives and most breaches happen, and we go deep there.

AI-assisted

We use AI to extend the reach of a careful human team, not to replace the careful human team.

Discreet by default

Engagements stay private. What we find inside a partner's stack stays between us and them.

Field notes

Notes from the field.

Occasional writing on what we see, what we patch, and how the threat landscape moves.

All posts
Abstract visualisation of the Mythos frontier AI patching crisis, May 2026
·8 min read

The Mythos Frontier: how autonomous AI forced a global patching crisis

May 2026 ended the academic debate about offensive artificial intelligence. We look at what changed when a frontier model started reading codebases at machine speed, and what defenders are doing about it.

Read more
Contact

Already working with one of our partners?

If you operate inside the orbit of Rofs Development or Leuqui and need our help, we are easy to reach.

hello@utken.com