-
AI Pentesting helps stretched teams keep up with a fundamentally altered threat landscape by delivering the depth of a pentest, whenever it’s needed.
-
Agents actively investigate and validate a wide range of issues including injection issues, client-side attacks and information disclosure risks surfaced in Intruder, using the same methods employed by human pentesters and security experts.
-
Issue level pentesting investigations are available now on Cloud, Pro, and Enterprise plans, with full scope, audit-ready web app pentests expected by the end of this quarter.
Intruder, a leader in exposure management, announced AI Pentesting and released its first pentesting agents as the company works towards enabling continuous, AI-powered pentesting and red teaming across web apps, external and internal networks. With this initial release, agents will actively investigate vulnerability scanner findings identified in Intruder using the same methods employed by human pentesters and security experts.
Also Read: CIO Influence Interview with Gihan Munasinghe, CTO of One Identity
AI is rapidly transforming the cybersecurity landscape for both attackers and defenders. Weaponized exploits are increasing and time-to-exploit has collapsed as AI enables attackers to accomplish more, faster. Annual or quarterly pentests do not offer organizations the same level of protection they used to.
Security Teams Stretched, Investing in Automation
According to Intruder’s latest survey, The Security Middle Child Report, 49% of security leaders cite AI and automation as their top investment priority for 2026. Additionally, 42% of midmarket security teams are stretched, overwhelmed, or consistently behind. This demonstrates an industry need for automated solutions that relieve security teams of manual, time-consuming tasks while simultaneously helping them keep up with a fundamentally altered threat landscape.
“Pentesting has long been an essential component of any security program,” said Andy Hornegold, Chief Security Technologist at Intruder. “But in the age of AI, where attackers can move faster than ever, the volume of vulnerabilities is growing and exploit windows have shrunk from months to days to hours. The old playbook that called for a quarterly or annual pentest has long been unfit for purpose. The state of the threat landscape necessitates a new approach, focused on delivering the depth of a manual pentest, on-demand.”
The Depth of a Pentest, On Demand
Pentests and vulnerability scans share a common goal but differ in their approaches. Vulnerability scanners deliver broad, affordable and frequent coverage. On the other hand, pentests are infrequent, expensive and require depth and context to go deeper, validate issues and assess impact. AI pentesting provides the investigative depth of a manual pentest whenever you need it. Security and IT teams can now pentest with every new release, every new cloud service, and every new finding, without the wait.
AI Pentesting also gives stretched teams time back. Triage, investigation, and validation are the slowest parts of the remediation cycle and have typically required a human analyst and hours of investigation. Intruder’s pentesting agents reduce investigation time to minutes so security, IT and developer teams spend less time working on false positives and more time fixing actual problems.
Issue Level AI Pentesting Investigations Now Available
In this initial release, AI agents conduct pentesting investigations by interacting directly with the target, sending requests, analyzing responses, and probing for exposed data to build a picture of the issue’s real-world impact. Pentesting agents can investigate a wide range of issues including:
- Injection issues: The agent validates injection flaws – vulnerabilities that let attackers manipulate an application’s commands, queries, or instructions to gain unauthorized access, by reproducing scanner findings with error-based, timing-based, UNION-based, and other injection techniques.
- Client-side attacks: The agent validates client-side findings like clickjacking, attacks that target your application’s users rather than the app itself. Scanners flag clickjacking whenever frame-related headers are missing, but some pages are intentionally frameable and pose no real risk. Traditional scanners can’t make that distinction, but Intruder’s AI pentesters can.
- Information disclosure: Scanners flag when information such as configuration details or open cloud storage buckets are exposed to unauthorized users, but can’t assess whether the exposed data is actually sensitive. Intruder’s AI pentesting agent confirms the scanner’s finding, reviews what’s exposed, and evaluates how an attacker could use it. If it finds credentials like login details or API keys, it will attempt to verify whether they’re valid.
Intruder expects to release new capabilities regularly over the coming quarter, including full scale AI web application pentests that can be used as compliance and audit evidence. F********* users and Intruder customers on the Cloud, Pro, and Enterprise plans now have access to AI Pentesting credits. Additional credits are available for purchase. More information on Intruder’s AI Pentesting capabilities can be found on the company blog.
Catch more CIO Insights: CIO as Orchestrator of Cross-Functional Digital Strategy
[To share your insights with us, please write to psen@itechseries.com ]
