Intruder Announces AI Pentesting: Delivering The Depth of a Pentest, On-Demand

• AI Pentesting helps stretched teams keep up with a fundamentally altered threat landscape by delivering the depth of a pentest, whenever it’s needed.
• Agents actively investigate and validate a wide range of issues including injection issues, client-side attacks and information disclosure risks surfaced in Intruder, using the same methods employed by human pentesters and security experts.
• Issue level pentesting investigations are available now on Cloud, Pro, and Enterprise plans, with full scope, audit-ready web app pentests expected by the end of this quarter.

LONDON – Intruder, a leader in exposure management, today announced AI Pentesting and released its first pentesting agents as the company works towards enabling continuous, AI-powered pentesting and red teaming across web apps, external and internal networks. With this initial release, agents will actively investigate vulnerability scanner findings identified in Intruder using the same methods employed by human pentesters and security experts.

AI is rapidly transforming the cybersecurity landscape for both attackers and defenders. Weaponized exploits are increasing and time-to-exploit has collapsed as AI enables attackers to accomplish more, faster. Annual or quarterly pentests do not offer organizations the same level of protection they used to.

Security Teams Stretched, Investing in Automation

According to Intruder’s latest survey, The Security Middle Child Report, 49% of security leaders cite AI and automation as their top investment priority for 2026. Additionally, 42% of midmarket security teams are stretched, overwhelmed, or consistently behind. This demonstrates an industry need for automated solutions that relieve security teams of manual, time-consuming tasks while simultaneously helping them keep up with a fundamentally altered threat landscape.

“Pentesting has long been an essential component of any security program,” said Andy Hornegold, Chief Security Technologist at Intruder. “But in the age of AI, where attackers can move faster than ever, the volume of vulnerabilities is growing and exploit windows have shrunk from months to days to hours. The old playbook that called for a quarterly or annual pentest has long been unfit for purpose. The state of the threat landscape necessitates a new approach, focused on delivering the depth of a manual pentest, on-demand.”

The Depth of a Pentest, On Demand

Pentests and vulnerability scans share a common goal but differ in their approaches. Vulnerability scanners deliver broad, affordable and frequent coverage. On the other hand, pentests are infrequent, expensive and require depth and context to go deeper, validate issues and assess impact. AI pentesting provides the investigative depth of a manual pentest whenever you need it. Security and IT teams can now pentest with every new release, every new cloud service, and every new finding, without the wait.

AI Pentesting also gives stretched teams time back. Triage, investigation, and validation are the slowest parts of the remediation cycle and have typically required a human analyst and hours of investigation. Intruder’s pentesting agents reduce investigation time to minutes so security, IT and developer teams spend less time working on false positives and more time fixing actual problems.

Issue Level AI Pentesting Investigations Now Available

In this initial release, AI agents conduct pentesting investigations by interacting directly with the target, sending requests, analyzing responses, and probing for exposed data to build a picture of the issue’s real-world impact. Pentesting agents can investigate a wide range of issues including:

• Injection issues: The agent validates injection flaws – vulnerabilities that let attackers manipulate an application’s commands, queries, or instructions to gain unauthorized access, by reproducing scanner findings with error-based, timing-based, UNION-based, and other injection techniques.
• Client-side attacks: The agent validates client-side findings like clickjacking, attacks that target your application’s users rather than the app itself. Scanners flag clickjacking whenever frame-related headers are missing, but some pages are intentionally frameable and pose no real risk. Traditional scanners can’t make that distinction, but Intruder’s AI pentesters can.
• Information disclosure:  Scanners flag when information such as configuration details or open cloud storage buckets are exposed to unauthorized users, but can’t assess whether the exposed data is actually sensitive. Intruder’s AI pentesting agent confirms the scanner’s finding, reviews what’s exposed, and evaluates how an attacker could use it. If it finds credentials like login details or API keys, it will attempt to verify whether they’re valid.

Intruder expects to release new capabilities regularly over the coming quarter, including full scale AI web application pentests that can be used as compliance and audit evidence. Free trial users and Intruder customers on the Cloud, Pro, and Enterprise plans now have access to AI Pentesting credits. Additional credits are available for purchase. More information on Intruder’s AI Pentesting capabilities can be found on the company blog.

Security, IT, and developer teams interested in learning more about the Intruder platform and its latest offerings can book an introductory call here.

About Intruder

Intruder’s exposure management platform helps lean security teams stop breaches before they start by proactively discovering attack surface weaknesses. By unifying attack surface management, cloud security, continuous vulnerability management and AI pentesting in one intuitive platform, Intruder makes it easy to stay secure by cutting through the noise and complexity. Founded in 2015 by Chris Wallis, a former ethical hacker turned corporate blue teamer, Intruder is now protecting over 3,000 companies worldwide. Learn more at https://intruder.io.

FAQs

Why are exploit windows shrinking faster than security teams can respond?

According to Intruder’s Security Middle Child Report, 42% of midmarket security teams are already stretched, overwhelmed, or consistently behind, while attackers are accelerating. AI now enables threat actors to weaponize vulnerabilities in hours rather than months, meaning the intervals between pentests have become windows of compounding risk. Intruder’s pentesting agents close that gap by delivering the depth of a manual pentest on-demand.

What is AI Pentesting and how does it work?

AI Pentesting uses purpose-built AI agents to automatically investigate scanner findings to confirm which vulnerabilities and attack surface issues represent real, exploitable risk. Unlike traditional scanners that flag potential issues and leave validation to human analysts, AI Pentesting completes that investigation in minutes.

What is the best automated pentesting platform for midmarket security teams?

Intruder’s AI Pentesting gives stretched security teams access to manual-pentest depth without the cost or scheduling overhead of traditional engagements. The platform unifies attack surface management, vulnerability scanning, and now AI-driven investigation in a single interface. Forthcoming full scale web application pentests will be usable as compliance and audit evidence for frameworks including SOC 2, ISO 27001, and PCI DSS. It’s available now on Intruder’s Cloud, Pro, and Enterprise plans, with full web app pentesting expected over the coming quarter.