K0NSULT // ai-truth/ipIII
k0nsult.cloud / ai-truth / ipIII / global / en

Global Gateway — the global entry point

K0NSULT's manifesto for stepping onto the global stage — powered by the community of pentesters and security researchers. This is the first thing a mature researcher checks when assessing whether an organization is serious: is there somewhere to report, is contribution recognized, are the rules published, is there a safe harbor. Here, they are. Global is not a declaration — it is a position to be earned, measured by the evidence the community produces.

Global security is built with a global community.

No internal team has as many eyes on the problem as an open community of researchers does. K0NSULT opens itself to testing and co-creation: it exposes reporting gateways, recognizes contribution, publishes its rules, and speaks one language with the world — standards. This is an evidence-first panel: every claim about a "global level" must be backed by measurable community contribution.

THE PATH: OPENINVITETESTRECOGNIZEFIXMEASUREGLOBAL
NOTE — honest status. "Global level" is labeled ROADMAP — a goal being realized through community evidence, not a declared fact. Items marked LIVE work today; GAP is a gap not yet filled; SIMULATION is demonstration data. Zero offensive payloads — this gateway is defensive and for authorized activity only.

5 entry gateways

Everyone arrives differently: one wants to report a bug, another to compete, a third to learn, a fourth to join the team. Five doors, one house.

1 · VDP / Disclosure LIVE

Found a vulnerability? Report it safely. Coordinated Vulnerability Disclosure (CVD), a security.txt channel, acknowledgement and status. Open to every researcher — no registration, no fees.

→ Report a vulnerability (VDP)

2 · Bug Bounty / Hall of Fame ROADMAP

Recognition for contribution: a public Hall of Fame, reputation points, a rewards track as scopes come online. Your name on the board, not in a drawer.

→ Bug Bounty and Hall of Fame

3 · Hackathon PL vs the world ROADMAP

Competition: recurring CTF/hackathon events, Polish and international teams, joint cyber + AI scenarios. A place where skills are measured, not declared.

→ Hackathon and challenges

4 · Training + assessments ROADMAP

Learn and prove it: training tracks (blue/purple team, AI security), labs, an exam with certification. Competence verified, not asserted.

→ Training and assessments

5 · Roster of 50k ROADMAP

Join as a specialist in the roster of researchers and responders. Profile, competencies, availability for tasks and response teams. Scale built person by person, honestly.

→ Join the roster

Open standards and interoperability

Global speaks one language. We do not lock ourselves into a proprietary format — we exchange data in standards that banks, CERTs and platforms understand worldwide.

StandardRoleStatus
STIX / TAXIIFormat and transport for threat intelligence exchange — IoCs, campaigns, actors.ROADMAP
MISPInteroperability with indicator-sharing communities (feeds, sharing groups).ROADMAP
MITRE ATT&CKA shared taxonomy of techniques and tactics — mapping of playbooks and reports.LIVE
security.txt (RFC 9116)A standard security point of contact — how to find us, where to report.LIVE
OpenAPIA machine-readable API contract — integration with partner SIEM/SOAR.ROADMAP
DORA TLPT / TIBER-EUA common language for intelligence-led penetration testing — with the banking sector.ROADMAP
Why standards, not a proprietary format. A researcher on the other side of the world and the CISO of a Polish bank must read the same artifact without a translator. A standard means interoperability — and interoperability is the entry condition for the global level.

Code of conduct and ethics

Openness without boundaries is chaos. The global gateway is defensive, and its rules are hard and public.

Authorized / defensive only

Testing solely within the authorized scope and solely for defensive purposes. No activity against real targets without consent and Rules of Engagement (RoE).

Safe harbor

A researcher acting in good faith and within the rules is protected — we do not pursue legal action over policy-compliant, coordinated disclosure.

No action without RoE

Zero offensive payloads published publicly. Every test scenario has a scope, consent and criteria — otherwise it does not exist.

GDPR for participants

Data of researchers, hackathon participants and trainees is processed in line with the GDPR — minimization, purpose, retention, right of access and erasure.

Languages

Global starts with understanding. We provide the gateway bilingually, with a plan for further languages as we enter new markets.

Polski LIVE

The primary language of the portal and of contact with national authorities (KNF, CSIRT, MC).

→ /ai-truth/ipIII/global

English LIVE

The version for the global community of researchers and international partners.

→ /ai-truth/ipIII/global/en

More ROADMAP

DE / FR / ES / UA are planned — prioritized by real community traffic, not declared upfront.

The scale ladder — why global is a goal, not a label

K0NSULT grows in layers: local → national → regional → global. Each rung is earned with evidence, not an announcement. Global is the top of this ladder — a position measured by community contribution, public reports and acknowledged fixes.

LOCAL LIVENATIONAL (PL) LIVEREGIONAL (EU) ROADMAPGLOBAL ROADMAP

→ The scale ladder (full description)

4
Ladder rungs
local → global
2
Rungs LIVE
local + national
5
Entry gateways
VDP · bounty · hackathon · training · roster
6
Open standards
STIX · MISP · ATT&CK · security.txt · OpenAPI · DORA
An honest measure. We will not write "we are global" until we can point to public reports from researchers outside the country, acknowledged fixes and intel exchange in a standard. Until then, global carries the status ROADMAP — and that is precisely the proof of seriousness.

The call

Test us.

The best proof that we take security seriously is that we invite you to try to break it — within the rules. Find a gap, report it, and we will fix it and recognize your contribution. That is how the global level is built: not by declaration, but by invitation.

→ Enter through the disclosure gateway and report your first vulnerability

Overriding principle. Reaching the global level is a ROADMAP realized through community evidence — public reports, acknowledged fixes, intel exchange in standards. Claim ≤ proof applies here too: until the proof exists, "global" remains a goal, not a fact.