Intruder automates $50K pentests

Penetration testing is one of those security jobs everyone agrees matters, but almost nobody wants to buy often enough. It is slow. It is expensive. And by the time the report lands, the app may already have changed. That gap is what London startup Intruder is trying to close with a new product called AI Pentesting — a set of agents it launched on April 30 that automatically investigate vulnerabilities using the same kinds of steps a human pentester would take. ### What does Intruder actually ship? This is not a magic “hack the whole company” button. Intruder’s first release focuses on issue-level investigations inside its existing platform. The agents take findings from Intruder’s scanners, probe them further, and try to confirm whether they are real, exploitable risks rather than noisy alerts. The company says the current coverage includes injection flaws, client-side attacks, and information-disclosure issues. (finance.yahoo.com) ### Why is that different from a normal scanner? A scanner mostly tells you something might be wrong. A pentester tries to prove what an attacker could actually do with it. That middle step — validation — is the painful part for lean security teams, because it burns analyst time and often still leaves uncertainty. Intruder’s pitch is that its agents send follow-up requests, analyze responses, and build enough context to separate false positives from genuinely dangerous findings. (finance.yahoo.com) ### Where does the “$50K pentest” line come from? The headline number is really shorthand for the economics of manual testing. Intruder and coverage of the launch frame traditional pentests as engagements that can run from about $10,000 up to $50,000, with scheduling delays measured in weeks and execution measured in days. The company is not saying every full-scope pentest disappears. It is saying a meaningful slice of the expensive investigative work can be compressed into automated runs that happen on demand. (intruder.io) ### So is this replacing human pentesters? Not fully — at least not yet. Intruder’s own wording is narrower than the splashy framing. The product currently validates scanner findings already identified in Intruder, and the company says it is “building towards” continuous AI-powered pentesting and red teaming across web apps plus external and internal networks. Basically, this is a wedge into the pentest workflow, not the whole workflow in one shot. (digitrendz.blog) ### Why launch this now? Because the old cadence looks broken. Intruder argues that exploit windows have shrunk from months to days or even hours, which makes quarterly or annual pentests feel like snapshots from a different era. At the same time, the company says midmarket security teams are stretched, and nearly half of security leaders it surveyed plan to prioritize AI and automation spending in 2026. That is the demand story here — not just better testing, but testing that fits teams with too much surface area and not enough people. (finance.yahoo.com) ### Why does the GCHQ angle matter? Mostly as a credibility signal. Intruder came out of GCHQ’s Cyber Accelerator, which helps explain why the company gets framed as a serious UK security startup rather than just another AI wrapper. That does not prove the product works perfectly, but it does matter in a market where buyers are being asked to trust automation with adversarial testing. (financialcontent.com) ### What is the real shift here? Security testing is moving from periodic audit to continuous verification. The important change is not that AI can write a pentest report faster. It is that vendors are trying to package attacker-style validation as a product feature you can run whenever code changes, infrastructure shifts, or a new finding appears. If that works, budget starts moving away from occasional big-ticket engagements and toward always-on tooling plus human review for the hardest cases. (thenextweb.com) ### Bottom line? Intruder’s launch matters because it turns one of security’s most manual, boutique services into something closer to software. The catch is scope — today’s product looks more like automated validation than a full human-led pentest. But that is still a meaningful step, because for a lot of teams the biggest problem is not finding one more alert. It is figuring out which alert is worth acting on right now. (help.intruder.io) (finance.yahoo.com)