Zero Trust Zero Tolerance (ZTZT) by Santosh Pandit

Zero Trust Zero Tolerance Bug Bounty 2025 (now closed)

Summer 2025 Bug Bounty: Results & Thanks

The Summer 2025 Bug Bounty is now closed. Thank you to every security tester, ethical hacker, and researcher who contributed findings. Your expertise improved the resilience, defense logic, and attack detection capabilities of ZTZT.dev.

Stay tuned for published summaries of the most notable findings and improvements implemented as a direct result of your contributions.

What is Zero Trust Zero Tolerance?

Zero Trust Zero Tolerance (ZTZT), designed by cybersecurity specialist Santosh Pandit, extends the Zero Trust security model with aggressive, proactive defense against threats. It raises the bar for critical infrastructure and modern organizations seeking defense against advanced, persistent adversaries.

From Zero Trust to ZTZT

Zero Trust: Trust nothing by default—verify everything.
ZTZT enhancement: Immediately block and ban all suspicious scanners and attackers—no exceptions, ever.
Figure: The timeline and principles of Zero Trust to ZTZT below show the evolution toward higher resilience.

Timeline depicting the shift from Zero Trust to Zero Trust Zero Tolerance and stronger protection — Evolution from Zero Trust to Zero Trust Zero Tolerance (ZTZT)

ZTZT enforces aggressive, immediate mitigation informed by the MITRE ATT&CK® Matrix, blocking both malicious and potentially unwanted yet legitimate scanning activity.

How ZTZT Blocks Reconnaissance

Reconnaissance is the first stage for most attackers. ZTZT blocks even highly regarded OSINT sources (like Shodan, Censys, Expanse) to protect digital assets and keep adversaries in the dark.

Any IP making a suspicious attempt is banned on first offence.
Frequent attacks from any /24 or /16 block trigger longer and broader bans.

Flowchart showing reconnaissance attempt leading to instant block under ZTZT — Reconnaissance attempts: From scan to ban under ZTZT

See Blocking Policy Table

Scope	Trigger	Detection Unit	Ban Time
Individual IP	1	Single IP	Approx 1 day
IP Block (/24)	16	IP addresses in /24	Forever
IP Block (/16)	16	/24 blocks in /16	Experimental

Platform Impact and Security Evolution

This project is continuously improved. The influence of community feedback and responsible disclosure is direct and visible in ZTZT defenses.

ZTZT quantifiable results graph Summer 2025 — Quantifiable results: stronger, more adaptive security

About the Creator & Contact

Santosh Pandit is a UK-based cybersecurity professional, creator of ZTZT.dev, the kyber.club post-quantum cryptography platform, and hard.email secure mail server. He is the author of Cyber Landscape in 2035 and shares research on LinkedIn and X (@SantoshPanditUK).

For executive or technical inquiries, contact Santosh Pandit.

We use a strictly necessary technical cookie to ensure secure browsing. No consent is required under GDPR. See the Cookie Policy for details.