Intruder introduces AI-powered penetration testing agents as a GCHQ-supported startup automates manual security assessments worth $50,000.

      TL;DR: Intruder, a UK cybersecurity startup accelerated by GCHQ, has released AI pentesting agents that replicate the methods of manual penetration testing in just minutes. The cybersecurity industry is rapidly shifting towards automating vulnerability detection as AI narrows the divide between offensive and defensive measures.

      A manual penetration test typically costs between $10,000 and $50,000, requires weeks to schedule, days for execution, and results in a report that quickly becomes outdated. Intruder, based in London and a graduate of GCHQ’s Cyber Accelerator, has introduced AI pentesting agents that mimic human testers' approaches and provide results in mere minutes. CEO Chris Wallis will showcase the technology at KnowBe4’s KB4-CON conference on May 13, emphasizing the comprehensive depth of manual testing now available on demand and at a reduced cost.

      This timing is significant, as the cybersecurity sector observes AI accelerating the offensive capabilities more swiftly than the defensive strategies can adapt. Anthropic’s Claude Mythos Preview has uncovered thousands of zero-day vulnerabilities across all major operating systems and browsers in just one evaluation run.

      In March 2026, xBow, an automated pentesting startup, reached unicorn status after securing $120 million in funding. The pressing question is no longer if AI will supplant human testers, but rather if this shift will occur swiftly enough to bridge the gap between the vulnerabilities AI can identify and the pace at which organizations can address them.

      The Product

      Intruder’s AI pentesting agents analyze findings from vulnerability scanners using techniques employed by human testers. When a potential issue is identified, the AI agent interacts with the target system, sending requests, examining responses, and investigating for exposed data to ascertain whether the finding indicates a genuine exploitable flaw or a false positive. These investigations encompass injection attacks, client-side vulnerabilities, and information disclosures.

      Traditionally, the difference between a vulnerability scanner and a penetration test is between flagging potential issues and demonstrating their exploitability. Scanners generate extensive lists of findings, many of which are false positives or low-risk concerns, consuming security teams’ efforts without enhancing their overall security posture. A pen tester evaluates these findings to identify which are significant. Intruder’s AI agents streamline this verification process.

      Issue-level investigations are now available, with larger-scale web application penetration testing—where the agents link multiple findings to outline attack paths within an application—anticipated by the end of the current quarter. This is characterized as an initial phase, with plans for future releases to broaden the agents' autonomous investigation capabilities.

      The Company

      Wallis established Intruder in 2015 after his experience in ethical hacking and corporate security. The company was chosen for GCHQ’s Cyber Accelerator, a program designed to support promising cybersecurity startups. Intruder was recognized in 2023 as the fastest-growing cybersecurity firm in the UK by Deloitte’s Tech Fast 50 list.

      The company now serves over 3,000 organizations, generating approximately $16 million in revenue in 2024, up from $10 million in 2023, and a considerable increase from $900,000 in 2020. Intruder has secured only $1.5 million in external funding, a remarkable achievement in an industry where competitors often gather hundreds of millions before achieving profitability. The company operates largely on its own resources.

      Its platform integrates attack surface management, cloud security, continuous vulnerability scanning, and AI pentesting into a single interface. Intruder targets midmarket organizations—those sufficiently large to face significant cyber risks but too small to afford the $50,000 manual pentests and dedicated security teams typically available to enterprises.

      Intruder’s own research, published in its Security Middle Child Report in March 2026, revealed that 42% of midmarket security teams consider themselves stretched, overwhelmed, or perpetually behind.

      The Market

      The penetration testing market is valued between $2.5 billion and $3 billion, with annual growth rates of 12% to 16%. The AI-driven segment is expanding even faster. xBow achieved a $1 billion valuation with $237 million in total funding. Pentera, which offers automated attack simulations without needing agents on endpoints, has surpassed $100 million in annual recurring revenue. Horizon3.ai’s NodeZero has conducted over 170,000 autonomous penetration tests in live environments.

      The economics of manual pentesting are fundamentally flawed. The global cybersecurity workforce gap, estimated at 3.4 million unfilled positions, indicates a shortage of qualified pentesters, even if every organization could afford to hire them. Around 32% of companies still conduct penetration tests only once a year. Those testing quarterly spend more on pentesting than many do on their entire security toolkit. While AI reduces costs, it also prompts an unanswered question: can AI identify vulnerabilities more rapidly than human attackers?

      The push for regulated cybersecurity AI in 2026 highlights the conflict between speed and oversight. In 2025, industry telemetry surpassed 308 petabytes across over four million identities, endpoints,