top of page

Case Study

Demonstrating Enterprise-Grade Security in Finance and AI

Demonstrating Enterprise-Grade Security in Finance and AI

About the Client

Kaunt, based in Denmark, provides an AI-driven account coding engine that automates the invoice account coding process for enterprise finance teams. Operating in a high-trust environment, Kaunt serves organizations that demand strict compliance with frameworks like ISO and SOC 2, as well as a demonstrably mature security posture.

As Kaunt scaled its presence in the finance and AI sectors, security became more than just a requirement—it became a key differentiator.

Key Takeaways

Deep collaboration yields stronger results

Early context, clear communication, and technical engagement drive real security improvement.

Security is a trust asset

Third-party validation isn’t just for compliance—it helps close deals and earn long-term client confidence.

Transparency builds loyalty

Kaunt’s leadership valued our ability to deliver tough feedback clearly, and partner across technical and executive levels.

The Challenge

Security That Builds Compliance and Credibility

After reviewing multiple vendors, Kaunt selected Sekurno for our technical credibility, cultural alignment, and ability to tailor engagements to real-world business needs.

When Kaunt first approached Sekurno, they were looking for more than a checkbox exercise. Their goals included:

Earning the trust of enterprise clients through transparent, defensible security practices

Gaining actionable insights through high-quality penetration testing

Fulfilling compliance requirements with ISO and SOC 2 standards

Our Solution

A Multi-Year Partnership Built on Trust and Depth

Our collaboration with Kaunt began in 2023 and has since evolved into a multi-year partnership. Initially focused on backend services, the scope expanded in 2025 to include additional systems and deeper threat modeling—reflecting Kaunt’s growing needs and their confidence in our work. From the outset, we prioritized technical depth, clarity, and strong communication. Key activities included:

Deep-Dive Reconnaissance

We conducted a thorough analysis of Kaunt’s application and infrastructure design, studying internal documentation, participating in demo sessions, and understanding business logic in detail.

Rigorous Planning & Threat Modeling

Our team decomposed the application, mapped data flows, and documented architectural and logic-layer threats. This allowed us to personalize the testing strategy and ensure we weren’t just checking boxes—but testing for real-world impact.

Automated Testing Using Enterprise-Grade Tools

We used SAST, DAST, and SCA tools to ensure broad coverage—followed by manual verification of automated results to eliminate false positives and focus on real risk.

Manual Pentesting & Code Review

We manually assessed the application using OWASP WSTG’s 130+ checks, combined with custom test cases derived from our threat model. This hybrid approach ensured we surfaced both common and business-specific vulnerabilities.

Reporting & Developer Enablement

Our final deliverables included:

  • A comprehensive report tailored for both technical and non-technical audiences

  • A live Q&A session with developers to explain findings, answer questions, and support secure remediation

  • A follow-up test to verify that fixes were properly implemented and risks were mitigated

Results

From Compliance Confidence to Sales Enablement

Our partnership delivered outcomes that reached far beyond technical validation:

High Assurance—Even in the Absence of Critical Findings

Interestingly, we did not identify any critical vulnerabilities in Kaunt’s applications—a rare outcome in our experience.

But this didn’t reduce the perceived value of the assessment.

Finding nothing is only valuable if you trust how deeply someone looked. Demyd Maiornykov

What mattered most was that Mads and his team saw our work as transparent, thorough, and clearly documented.

The clarity of our reports and the level of visibility provided during the process helped build trust—not just with Kaunt, but also with their enterprise clients.

Sales Enablement via Security Trust

Sharing parts of our report with prospects helped Kaunt establish credibility with large enterprise buyers. One client noted, “These guys know what they’re doing.”

Compliance-Ready Reports

Our work supported Kaunt’s ISO/SOC 2 readiness and reassured both internal and external stakeholders.

Increased Security Awareness Across Teams

Kaunt’s developers gained confidence from an external review of their work and left the engagement with greater security fluency.

A Growing, Multi-Year Partnership

In 2025, Kaunt returned for the second year in a row, expanding the scope to include:

Frontend applications

Key infrastructure components

More advanced threat modeling tied to evolving business logic

They also recommended Sekurno to other companies within their group—further reinforcing the trust earned through results.

If you are going to invest in penetration testing, make sure it is more than just a formality. Work with a partner who helps you learn something from the process and improves your actual security. With Sekurno, we received useful feedback and our team became more security aware as a result.

Mads, CTO at Kaunt

Conclusion

Helping Finance and AI Innovators Lead with Security

For companies like Kaunt, working in regulated, data-sensitive environments, security is foundational. By partnering with Sekurno, Kaunt moved from “meeting standards” to demonstrating security maturity—earning trust from some of the most demanding clients in finance.

Want to Turn Compliance into Competitive Advantage?

See how Sekurno turns penetration testing into a strategic advantage for compliance, client trust, and long-term resilience.

Free ISO 27001 Self-Assessment for Biotech & HealthTech

Safeguard your innovations with globally recognized security standards.

bottom of page