CHAPTER 12
Penetration Testing
Penetration testing is already well suited to be automated. The earliest scanners from CyberCop and ISS were pointed at a target IP address range and let run. Each of the 65,535 TCP ports would be scanned on each IP address in a range. As the payment card industry released requirements for frequent pentests, there was a flood of services offering continuous pentesting. There are 318 pentesting products from 214 vendors in the IT-Harvest Dashboard.
But pentesting encounters decision points where a human is often called in. There may be an exploitable misconfiguration or vulnerability that requires a custom exploit. This is where AI can play a role by making those decisions.
Here are the pentesting solutions that are AI-first:
| Company | Country | Investment ($M) | Employees |
|---|---|---|---|
| Theori | USA | $15.2M | 76 |
| Cybral | USA | - | 53 |
| ETHIACK | Portugal | $4.56M | 52 |
| Ridge Security | USA | $1M | 43 |
| Novee Security | Israel | - | 41 |
| Tuskira | USA | $30.5M | 41 |
| Tenzai | Israel | $75M | 36 |
| Dreadnode | USA | $14M | 21 |
| Sxipher | USA | - | 17 |
| Vulnetic | USA | - | 13 |
| Jedsec | USA | - | 12 |
| OFFENSAI | USA | - | 11 |
| Repello AI | USA | $2.5M | 11 |
| RunSybil | USA | - | 11 |
| Menaya | USA | - | 7 |
| UprootSecurity | USA | - | 7 |
| GhostEye | USA | $0.5M | 4 |
| ScourNomad | Croatia | - | 1 |
| Veria Labs | USA | - | 0 |