CATHERINE KNOWLES
Information Editor
Intruder has launched AI Pentesting, now accessible to customers on its Cloud, Professional and Enterprise plans.
The London-based cyber safety firm mentioned the product makes use of AI brokers to research scanner findings by interacting instantly with a goal, sending requests, analysing responses and probing for uncovered information.
The brokers are designed to validate points typically surfaced by vulnerability scanners, together with injection flaws, client-side assaults and data disclosure dangers. Intruder mentioned the system makes use of strategies employed by human pentesters and safety specialists to evaluate whether or not a discovering represents an actual safety downside.
The launch comes as safety groups face rising strain to reply extra shortly to newly found weaknesses. Intruder cited its Safety Center Little one Report, which discovered that 49% of safety leaders ranked AI and automation as their prime funding precedence for 2026, whereas 42% of mid-market safety groups described themselves as stretched, overwhelmed or constantly behind.
That has raised questions concerning the worth of counting on annual or quarterly pentesting cycles when attackers can transfer a lot quicker. Intruder mentioned AI has lower the time wanted to weaponise vulnerabilities from months to hours, leaving organisations uncovered between formal exams.
“Pentesting has lengthy been a vital part of any safety program,” mentioned Andy Hornegold, Chief Safety Technologist at Intruder.
“However within the age of AI, attackers can transfer quicker than ever, the quantity of vulnerabilities is rising, and exploit home windows have shrunk from months to days to hours. The previous playbook of quarterly or annual pentests has lengthy been unfit for objective. The menace panorama now requires a brand new strategy centered on delivering the depth of a handbook pentest on demand.”
The way it works
The primary launch focuses on issue-level investigations fairly than full software assessments. When a scanner flags a possible weak spot, the AI agent makes an attempt to breed and study it to find out its influence.
For injection points, the agent tries to validate the flaw by reproducing scanner findings with error-based, timing-based and UNION-based strategies, amongst others. For client-side assaults reminiscent of clickjacking, it’s designed to differentiate between pages which might be intentionally frameable and those who pose a real threat.
For info disclosure findings, the agent evaluations what information is uncovered and assesses how an attacker would possibly use it. If credentials reminiscent of login particulars or API keys are found, the system makes an attempt to confirm whether or not they’re legitimate.
Intruder mentioned this course of is meant to chop investigation time from hours to minutes, decreasing the handbook triage required from safety, IT and software program growth groups. It argued that this will help groups spend much less time on false positives and extra time on remediation.
Market focus
Based in 2015, Intruder sells publicity administration software program aimed toward organisations with lean safety groups. The corporate says it now serves greater than 3,000 prospects worldwide.
The product sits inside a broader market push to automate safety work that has historically required human analysts. Vulnerability scanners have lengthy provided frequent and comparatively low-cost protection, whereas handbook pentests have sometimes supplied deeper evaluation at increased value and decrease frequency.
Intruder is positioning the brand new providing between these two approaches by automating the investigation and validation levels that usually gradual remediation work. That displays wider demand from mid-market firms searching for extra frequent scrutiny with out the expense and scheduling delays of conventional testing engagements.
Customers on eligible plans now obtain AI Pentesting credit, with extra credit accessible for buy. The present launch covers issue-level investigations throughout findings recognized throughout the Intruder platform.