CyCognito, a leading exposure management platform, today introduced Continuous AI Pentesting. The new capability bakes AI-driven offensive pentesting directly into the platform, leveraging the rich context it already maintains for every exposed asset. This enables CyCognito to deliver AI pentesting as a continuous service, circumventing the cost and coverage constraints that confine comparable solutions to periodic, narrowly scoped engagements.
With this new solution, CyCognito addresses a major shift in the security ecosystem, driven by the latest advances in AI. Today's models, with more advanced ones on the way, have lowered the bar for attackers. An attack campaign that once required a group of skilled threat actors can now be carried out by a low-skilled individual, in a fraction of the time and at relatively low cost. This signals a tectonic shift that compels defenders to adopt the same technology to keep pace and close the security gaps in their own environment.
"AI pentesting is rapidly becoming part of every security team's toolkit, and a lot of it is already being done in-house," said Rob Gurzeev, CEO and co-founder of CyCognito. "But running offensive AI isn't the hard part. The challenge is scale. AI pentesting today is typically limited to the top 1% of priority assets. Meanwhile, the other 99% is where a lot of attacks actually start, where adversaries find the low-hanging fruit and use it as a foothold for lateral movement."
To provide AI pentesting coverage across that overlooked 99%, CyCognito built a distinct architecture that centers on the Target Graph™, a contextual graph that bridges the AI pentesting solution and CyCognito's three core modules:
Together, these layers increase the effectiveness of the pentesting agents, equipping them with the rich context and exploitability evidence, dramatically improving the efficiency of every run.
The architecture is also built to be constantly self-evolving. Every new risk scenario AI pentesters uncover can be hardcoded into the Exposure Validation module, joining the deterministic tests it already runs. This frees the AI agents to pursue new threats, and also consolidates learnings from agentic tests in a way that will benefit every CyCognito customer.
In the announcement for this new feature, the company also shared some of the vulnerabilities:
These examples are just some of the risk scenarios identified through the work on this new capability, now running with select design partners, including major enterprises and Fortune 500 companies. Internally, CyCognito refers to the project as Project Kineto, after the Kinetograph, the first motion picture camera.
"The name echoes our vision for what AI pentesting should be," said Gurzeev. "Security testing has always been a snapshot. AI lets us turn it into continuous motion: an always-on stream of change-aware tests that runs across your entire attack surface at machine speed, with the skill of a seasoned security expert."
To go deeper on Continuous AI Pentesting, read the full announcement post: https://www.cycognito.com/blog/new-continuous-ai-pentesting/
CyCognito is an external exposure management platform that reduces risk by discovering, testing and prioritizing security issues. The platform scans billions of websites, cloud applications and APIs and uses advanced AI to identify the most critical risks and guide remediation. Emerging companies, government agencies and Fortune 500 organizations rely on CyCognito to secure and protect from growing threats. For more information, visit https://www.cycognito.com
The CyCognito platform preempts attacks and helps satisfy key elements of most common security frameworks and many regulatory compliance standards.
Learn more about the CyCognito and take the first step to Rule Your Risk.