Elastic scanned 14,500 assets in under 5 minutes. What took days was done in minutes, with accuracy that saved dozens of hours in manual triage.

• Coordinating vulnerability detection across a large multi-cloud environment
• Maintaining a live, accurate inventory of external-facing assets
• Responding quickly to zero-days and risky misconfigurations
• Proactively identifying issues that external researchers were catching through Elastic’s public bug bounty program
• Navigating the limitations of legacy scanners like BitSight and SecurityScorecard, which often produced more noise than actionable insight
• Scanning and validation workflows that were too slow and resource-intensive to keep up with the pace of modern threats
• Staying in sync as a globally distributed team, where response coordination added an extra layer of complexity

“The ease of use and strong community backing are huge advantages. With Nuclei, I can easily write my own templates while benefiting from rapid coverage provided by community-driven templates.”
— Clement Fouque, Principal Information Security Analyst at Elastic

• Cloud providers sometimes blocked or rate-limited the devbox, cutting off visibility
• Scans often took days to complete, slowing down response
• Revalidating fixes was slow and repetitive, especially when timing mattered most
• Maintaining scripts, schedules, and infrastructure drained time from higher-impact work
• Follow-up was challenging since findings were hidden in JSON files

“We were already invested in Nuclei. ProjectDiscovery Cloud was the missing piece that let us scale it seamlessly across our environment,” said Clement Fouque, Principal Information Security Analyst at Elastic.

• Community-powered agility: The open-source community moved fast, and new templates were often available within hours of a CVE dropping.
• Accurate detections: ProjectDiscovery’s internal team reviewed every submission for accuracy and quality
• Template-first customization: Nuclei’s YAML templates made it easy to write and tweak detections tailored to Elastic’s needs.
• A true partnership: ProjectDiscovery’s engineering team welcomed feedback, shipped improvements quickly, and felt like an extension of Elastic’s own team

• Real-time perimeter view: Automated asset discovery gave Elastic a reliable, always up-to-date view of their perimeter, streamlining audit prep and reducing the manual overhead of proving controls.
• Rapid response: During the Next.js CVE-2025-29927 disclosure, Elastic scanned 14,500 assets in under five minutes. What used to take days was done in minutes, with accuracy that saved dozens of hours in manual triage.
• Confidence from the attacker’s perspective: Because scans run from the cloud, there was no risk of being blocked or rate-limited. Elastic knew exactly what an attacker would see, and whether it's vulnerable.
• Instant validation: Retest scans completed in seconds, giving the team near real-time confirmation on whether a vulnerability has been fixed.
• Right-sized response: Fast scan results meant incident response teams were looped in only when necessary, reducing coordination overhead and freeing up security resources when responding to emerging threats
• Automated remediation workflows: GitHub tickets were created automatically for issues meeting certain severity thresholds (Critical, High, Medium)
• Faster, more flexible detections: With the AI Template Editor, Elastic could quickly generate and customize Nuclei templates to match their security workflows, unlocking broader coverage without adding complexity
• Bug bounty acceleration: Findings from external researchers were turned into reusable templates, helping the team surface similar issues across the environment fast.

• Building an elastic agent integration to push findings directly into the Elastic Stack
• Expanding coverage with custom technology detection templates, focusing on their most critical technologies and applications first
• Using ProjectDiscovery Cloud’s integrations with cloud infrastructure providers to broaden the scope of monitoring and scanning