If a CVE not on the FIRE list causes your financial loss breach, we reimburse the loss. Up to $5 million, underwritten by Cysurance.

Request a demo See coverage details

We put our money where our mouth is.

Cybersecurity is the only enterprise category where the vendor walks away scot-free when the product fails. The rest of your budget comes with performance terms. Vulnerability management hasn't had them, because no vendor's findings have been grounded in data they'd put real money behind.

The FIRE list changes everything. Built from actual cyber incidents and loss data, it's the only list in the world that covers every CVE known to have cost money. We scan your perimeter against it daily, and stand behind the result when we miss.

FIRE warranty
$0

Guaranteed reimbursement - underwritten by Cysurance.

Mythos finds vulnerabilities.
Evidence finds liabilities.

Mythos will keep surfacing new vulnerabilities: some exploitable, but many that are impossible or impractical to use in a real-world context. Attackers will keep exploiting a very small number of CVEs.

Evidence tracks the CVEs with a documented history of causing financial loss. Our proprietary FIRE list is built from insurance claims and DFIR forensics, and it grows as new loss data emerges (including from attacks that use Mythos).

Think of our warranty as a bet, up to $5 million, that a CVE we have never seen won't be the one that costs you money.

Evidence — FIREs

If it costs you money, we cover it.

Evidence Warranty covers the direct financial costs of a qualifying breach.

Ransomware

Payment, recovery, and direct expenses.

Data loss

Exfiltration and destruction costs.

Compliance fines

HIPAA, PCI, SEC, FTC, GDPR, and similar frameworks.

Legal

Initial counsel engagement covering disclosure obligations and litigation exposure.

Emergency response

Containment, forensics, and immediate operational costs.

Losses above $5,000 qualify Once per 12-month term

Tiers

Foundation
$1M
Standard
$3M
Maximum
$5M

Renewed every 12 months. Purchased separately from the Evidence Platform subscription. Ask your Evidence rep for a full quote.

What the warranty doesn't cover.

The warranty covers what the scanner is built to find. The rest stays with your cyber policy. Claims will not be paid for:

Non-CVE compromise

Phishing, credential stuffing, brute force, malicious email, drive-by downloads, lost laptops.

FIREs we already disclosed

If we told you about a FIRE vuln in your environment and attackers use it when you already knew it could cause financial loss.

Third-party systems

CRMs, HRIS, SaaS you don't control.

Unidentifiable initial access

No entry vector found means no claim validation.

Cy

Backed by underwriters.

The Evidence Warranty is underwritten by Cysurance, a specialist cyber warranty carrier backed by a licensed reinsurer.

FAQ

Why a warranty rather than insurance?
A warranty is product-level accountability for a specific outcome the vendor controls. Insurance covers the broader risk universe that can't be engineered out. The two instruments are designed to sit alongside each other.
How does Mythos affect the warranty?
Mythos and other AI discovery tools increase the total number of known CVEs. They do not change the warranty's scope. The warranty covers any CVE that causes your financial loss and that Evidence did not report to you, whether it was found by AI, by a human researcher, or by an attacker in the wild. The FIRE list grows as new claim data arises, and the daily scan picks up new additions automatically.
Does this replace our cyber policy?
No. The warranty backs the scanning side of the program; your cyber policy keeps covering everything else. However, you may choose to use the warranty to offset the claim size reported to the insurer, or as a tool to pay the deductible.
How is it priced?
Pricing depends on tier, organizational size, and industry. The Cysurance qualification factors into the underwriting. We quote it alongside the platform proposal.
What's the term?
12 months, renewable. The benefit can be used once per term.
What counts as a qualifying loss?
A direct, documented financial loss above $5,000 caused by a qualifying CVE during the warranty term, falling into one of the five covered cost categories.
How fast does a claim process?
You have 48 hours from discovery to notify Cysurance. Processing then follows standard underwriter procedure: documenting the access vector, validating against the triggers, and calculating the qualifying loss.
Do other VM vendors offer this?
No. A warranty on findings requires those findings to be grounded in evidence-backed data the vendor would put money behind. No other company in the industry will back their vulnerability prioritization claims with real money.

See the world's only warrantied vulnerability management product.

In 30 minutes, we can show you your entire footprint's exposure to FIREs and walk you through our warranty coverage.

Request a demo