AI-powered evaluation using the Model Context Optimization BS Detection Framework, based solely on publicly available website content.
Based on 275 businesses audited.
Security, Surveillance & Cybersecurity BS: NCC Group (www.nccgroup.com)
NCC Group avoids the common ‘cyber-fluff’ trap by backing its corporate-vague H1 with hard institutional credentials and named, high-value client proof. It functions as a legitimate authority site where the primary BS risks are technical (missing schema) and trust-theatre related (unlinked review counts).
1. Deploy comprehensive Organization and Person schema to technically validate the leadership and expert claims. 2. Provide direct verification links or certificate IDs for the 28 reviews cited on the homepage to satisfy the proof_links_count requirement. 3. Replace generic power-words in the H1 and H2 sections (e.g., ‘Defy it’, ‘New era’) with specific data points regarding global threat detection rates. 4. Ensure all case study quotes are linked to more detailed, data-heavy forensic reports to maximize proof density.
The heading fluff saturation is low, though the homepage Hero (H1) ‘People powered, tech-enabled cyber resilience’ uses power-words without specific nouns. However, body text provides high specificity, citing ‘+420 offensive security experts’ and 25 years of experience. Body substance is high, referencing specific technical protocols like CHECK and CREST rather than just ‘world-class’ generalities. Concept repetition is present regarding ‘trust’ and ‘resilience’ but is usually anchored to specific service descriptions like ‘Incident Response Recovery’.
AI only sees the HTML that arrives on first response — everything else is invisible. Expose your real text only footprint and find out which parts of your site never reach an AI crawler at all.
Homepage H1 promises ‘cyber resilience’ which is accurately supported by sub-pages detailing technical assurance, managed services, and incident response. There is no significant disconnect; the site maintains its ‘global enterprise’ positioning consistently across the contact page (listing UK, US, Canada, and APAC) and the service pages. The transition from H1 marketing to H3 technical delivery (e.g., ‘Managed XDR for Splunk’) is cohesive and demonstrates high alignment.
Our Authority as a Service model transforms raw diagnostic data into high stakes results. Start your Clinical Strategic Diagnosis for 1 Euro to secure the strategic fixes required for growth.
A trust_theatre_flag is triggered due to the review_count of 28 on the homepage without associated proof_links_count in the structured data. However, this is heavily mitigated by the presence of named, high-profile case studies (TikTok, Vodafone, Barclaycard, TfL) and specific industry recognitions like ‘IDC MarketScape Leader’. Performance claims like ‘contain the threat and quickly resume normal operations’ are directly linked to these case studies, moving them from fluff to substance.
Proof density is high, particularly for the cybersecurity sector. Verifiable evidence includes specific accreditation names (CHECK, CREST, OSCP, SC/DV), a named partnership ecosystem (Splunk, Horizon3.ai), and specific news reactions dated within the current temporal anchor (e.g., ‘March 2026’). The ratio of specific nouns to vague assertions is significantly better than the industry average.
For a demonstration of entity driven retail architecture, open the Walmart Structured Data audit. View the Walmart Structured Data Audit to see how product, brand, and service entities are reconstructed for AI systems.
While the site uses industry jargon like ‘penetration testing’ and ‘threat intelligence’, these are exempted from jargon penalties as they are described as specific deliverables with methodology (e.g., ‘Red, Purple, and Black Teaming’). Cliché density is moderate with phrases like ‘your trusted security partner’. Template language is used in ‘Why NCC Group?’ and ‘Latest Insights’ sections, but the content within them is dated (March 2026) and specific, reducing the boilerplate penalty.
The largest authority gap is the lack of provided schema_json (null), which is a technical credibility disconnect for a ‘tech-enabled’ security firm. While the site names specific clients (Nadeem Raza, CEO; Steve Knibbs, Head of VBSE), there is no structured data (Person schema) to link these individuals to their professional footprints. The claim of being a ‘Leader’ in various reports is specific but lacks direct outbound verification links in the crawl data.
The disconnect is minimal. Bold claims about reputation and footprint are substantiated by specific lists of global offices and high-level accreditations like ‘CHECK approved’ and ‘NCSC assured service provider’. The technical assurance page specifically quantifies the expert team size (+420), which anchors the marketing claims in operational reality.
Security, Surveillance & Cybersecurity BS: NCC Group (www.nccgroup.com)
The site perfectly matches the Security, Surveillance & Cybersecurity category, specifically focusing on high-end professional services like technical assurance, managed detection and response (MDR), and incident response. The language consistently uses industry-specific technical markers such as CHECK, CREST, OSCP, and SC/DV clearances which are appropriate for this sector.
When your canonical, redirect, and final URL disagree, the model treats each version as a separate entity. Study the Canonical Integrity Framework Guide and see why stable identity is the prerequisite for AI driven retrieval.
“The score of 32 is driven primarily by technical authority gaps (missing schema) and trust theatre flags (unverified review counts). The site scored very well on semantic coherence and information density, as its sub-pages successfully prove the high-level claims made on the homepage. The presence of government-level accreditations acts as a major BS-neutralizer.”