Intruder introduces AI-powered pentesting agents as a startup supported by GCHQ automates $50,000 worth of manual security assessments.

      **Summary**

      Intruder, a UK cybersecurity startup supported by GCHQ, has introduced AI pentesting agents that emulate traditional pen testing methods in just minutes. The industry is racing to automate the discovery of vulnerabilities as AI narrows the gap between offensive and defensive cybersecurity measures.

      Manual penetration testing costs between $10,000 and $50,000, requiring weeks for scheduling and days for execution, producing reports that quickly become outdated. London-based Intruder, a graduate of GCHQ’s Cyber Accelerator, has launched AI pentesting agents that mimic human pentesting procedures and deliver results in a fraction of the time.

      CEO Chris Wallis will showcase this technology at KnowBe4’s KB4-CON conference on May 13, emphasizing that it offers the thoroughness of a manual test on demand and at a lower price point.

      This development comes at a crucial time, as the cybersecurity landscape is witnessing rapid advancements in AI on the offense side, outpacing defensive capabilities. Recent evaluations, such as Anthropic’s Claude Mythos Preview, have identified thousands of zero-day vulnerabilities across various major operating systems and browsers in one sweep.

      Autonomous pentesting startup xBow reached unicorn status in March 2026 after securing $120 million in funding. The key concern is no longer whether AI will supplant human pen testers but rather how quickly this transition will occur to narrow the divide between identified vulnerabilities and the speed at which organizations can address them.

      **The Product**

      Intruder’s AI pentesting agents analyze findings from vulnerability scanners using methodologies akin to a human tester. When a scanner identifies a potential flaw, the AI agent interacts with the target system, sending requests and evaluating responses to verify whether the finding is a legitimate vulnerability or a false positive. The agents investigate various attack vectors, including injection attacks and information disclosure.

      The traditional distinction between a scanner, which flags potential issues, and a pen test, which confirms exploitability, has seen Intruder’s AI agents automate that verification process. Currently, it offers issue-level investigations, with broader web application penetration testing expected by the end of the quarter, marking just the beginning of planned expansions for the technology.

      **The Company**

      Wallis established Intruder in 2015 after his experience as an ethical hacker and corporate security professional. The company was chosen for GCHQ’s Cyber Accelerator program aimed at supporting promising cybersecurity startups. In 2023, Intruder was recognized as the fastest-growing cybersecurity enterprise in the UK by Deloitte’s Tech Fast 50.

      Today, Intruder serves over 3,000 organizations and recorded approximately $16 million in revenue for 2024, a rise from $10 million in 2023, and from $900,000 in 2020. Having only raised $1.5 million in external funding, the company stands out in a sector where competitors typically secure hundreds of millions before achieving profitability. Intruder operates with a bootstrapped approach.

      It integrates attack surface management, cloud security, continuous vulnerability scanning, and now AI pentesting within a single platform. The company's focus is on midmarket organizations, which face significant cybersecurity risks but may not be able to afford high-end manual pentests or dedicated security teams.

      Research conducted by Intruder, presented in its March 2026 Security Middle Child Report, found that 42% of midmarket security teams feel stretched, overwhelmed, or consistently lagging behind.

      **The Market**

      The penetration testing market is estimated to be valued between $2.5 and $3 billion, with an annual growth rate of 12 to 16%. The AI-integrated segment is expanding even more rapidly. xBow achieved a $1 billion valuation, and Pentera surpassed $100 million in annual recurring revenue. Horizon3.ai’s NodeZero has conducted over 170,000 autonomous penetration tests in active environments.

      The economics of manual pentesting are facing systemic challenges. With the global cybersecurity workforce gap estimated at 3.4 million unfilled roles, there aren’t enough qualified testers to meet the demand, even if every organization could afford their services. Many companies still perform penetration tests only once a year, and those that do so quarterly often spend more on those tests than on their entire security infrastructure. Although AI lowers costs, it presents another industry question: can AI discover vulnerabilities faster than human attackers can exploit them?

      The move towards regulated cybersecurity AI in 2026 highlights the conflict between speed and oversight. In 2025, industry telemetry exceeded 308 petabytes across more than four million identities and assets, yielding nearly 30 million investigative leads that no human team could efficiently process. However, the EU AI Act categorizes many security automation tools as high-risk, necessitating compliance with transparency and oversight requirements which autonomous testing agents may struggle to fulfill.

      **The Arms Race**

      Euro finance ministers called for access to Anthropic’s Mythos after realizing that no European governmental or banking entity had gained access to such an advanced vulnerability discovery tool. The geopolitical implications of AI