Cybersecurity companies are now using artificial intelligence to perform penetration tests much faster and cheaper than traditional methods. A UK startup called Intruder has developed AI agents that can mimic human pen testers and deliver results in minutes, saving organizations thousands of dollars and weeks of work. This new technology is part of a larger shift toward automation in vulnerability discovery, driven by the rapid advances in AI.

Traditional Penetration Testing and Its Limitations

Manual penetration testing, or pen testing, typically costs between $10,000 and $50,000 per engagement. It can take weeks to schedule, days to execute, and usually results in a report that quickly becomes outdated. These tests involve security experts probing systems for vulnerabilities, verifying whether issues flagged by scanners are real threats or false positives. While effective, this process is time-consuming and expensive, making it difficult for smaller organizations to regularly assess their security.

Many companies rely solely on vulnerability scanners, which identify potential issues but don’t confirm whether they can be exploited. This often leads to security teams chasing false alarms or missing critical vulnerabilities. Pen testers do the detailed work of validating these findings, but their high costs and slow turnaround times have created a gap in cybersecurity defenses.

How AI Is Changing the Game

Intruder’s new AI pentesting agents are designed to automate the second step—investigating scanner findings to determine which issues are real threats. When a scanner detects a potential vulnerability, the AI interacts directly with the system, sending requests, analyzing responses, and probing for exposed data. It can assess injection attacks, client-side issues, and information leaks, just like a human tester would.

This automation means security teams can get detailed, actionable reports in minutes rather than weeks. The AI agents not only verify whether a vulnerability is exploitable but also map out attack paths across web applications by chaining multiple findings together. The company plans to expand these capabilities further, aiming to cover broader testing scenarios and more complex environments.

Founded in 2015 by a former ethical hacker, Intruder is a UK-based company that has grown rapidly. It was part of GCHQ’s Cyber Accelerator, a program supporting promising cybersecurity startups. Today, it protects over 3,000 organizations, generating around $16 million in revenue in 2024, up from $10 million the year before. Remarkably, the company has raised just $1.5 million in external funding, relying mostly on its own resources and revenue—unusual in an industry where competitors often raise hundreds of millions before turning a profit.

The Broader Market and Future Outlook

The market for penetration testing is valued at around $2.5 to $3 billion and is growing at 12 to 16 percent annually. The segment of AI-native testing is expanding even faster, with startups like xBow reaching a billion-dollar valuation after raising hundreds of millions of dollars. Other companies, such as Pentera and Horizon3.ai, are also making waves with automated attack simulation tools that require no agents on endpoints.

The need for automation is driven by a significant workforce gap—an estimated 3.4 million unfilled cybersecurity jobs worldwide. Many organizations still perform security tests only once a year or less, leaving them vulnerable. The faster AI tools can identify and verify vulnerabilities, the quicker organizations can respond and patch their systems.

Overall, AI-powered pentesting is set to reshape cybersecurity. It offers a cost-effective, rapid alternative to manual testing, enabling organizations of all sizes to maintain stronger defenses. As these tools become more sophisticated, they will help close the gap between discovering vulnerabilities and fixing them, making the internet safer for everyone.

Inspired by

• https://thenextweb.com/news/intruder-ai-pentesting-cybersecurity-knowbe4