KTLYST is a Security Learning Control Plane (SLCP) that captures what enterprise security teams learn from incidents, intelligence, and investigations, governs that knowledge with provenance and ownership, and enforces it back into existing tools as detections, playbooks, and controls.
Every enterprise has 60+ security tools - 60 muscles with no nervous system. Teams respond to incidents but never institutionalize the lessons. 84% of breached organizations paid ransom. 78% were breached again. 36% by the exact same attacker. LastPass, Okta, T-Mobile, MGM, and Rackspace collectively suffered $900M+ in damages from re-breaches.
KTLYST follows a five-stage pipeline: Ingest security learning from any source. Normalize findings into structured Learning Artifacts with evidence chains. Govern with ownership, approval, and provenance. Enforce outputs into existing tools (Splunk SPL, Snowflake SQL, Elastic KQL, ServiceNow). Compound - every new finding enriches the next response.
Assaf Kipnis, Founder and CEO - 12 years in threat intelligence at LinkedIn, Google, Meta, and ElevenLabs. Stephan Kaufmann, Co-Founder and COO - 20+ years in security operations at HP, McAfee, and Meta.