Simbian AI Pentest Agent delivers continuous, context-aware penetration testing
Simbian announced the launch of the Simbian AI Pentest Agent, a new solution designed to provide enterprises with ongoing, on-demand penetration testing. Simbian’s AI Pentest Agent is the first automated penetration testing solution to incorporate business context, ensuring that findings are focused on each customer’s specific security risks and priorities.
Developed in partnership the leading global risk management partner LRQA, the AI agent allows security teams to move beyond manual, point-in-time assessments to validate their security posture in real-time.
For most organizations penetration testing is a manual, once- or twice-a-year compliance exercise. In the fast-paced world of frequent application releases, this creates a “window of exposure” where code changes and emerging common vulnerabilities and exposures (CVEs) can remain un-remediated for months. The Simbian AI Pentest Agent closes this gap by making penetration testing an anytime, on-demand security practice, with results typically available in hours.
“The industry has long been forced to choose between the depth of a manual pentest and the speed of a shallow scan,” said Ambuj Kumar, CEO of Simbian. “Simbian eliminates that trade-off. Our AI Pentest Agent doesn’t just follow a script; it reasons and adapts like a human hacker, leveraging context to uncover risks that actually matter to the business. We are giving enterprises the ability to find and close risks before attackers can ever exploit them.”
Simbian developed the Agent with input from LRQA, drawing on its experience in penetration testing and cybersecurity. LRQA provided independent validation to help ensure the solution aligns with established penetration testing standards and responsible AI practices.
These principles are embedded into the design of the agent. “Transparency by Design” means that security teams have access to a complete reasoning trace, showing exactly why the AI chose a specific attack path. With a built-in “safe mode,” the agent is engineered to operate without disrupting critical applications and complex production environments. Data is kept secure and protected throughout the testing process and is never used to train public Large Language Models (LLMs).
“By combining Simbian’s autonomous AI with LRQA’s deep expertise in threat-led cybersecurity, we are helping organizations move from periodic testing to continuous risk insight,” said Howard Hughes, Managing Director for LRQA’s cybersecurity division. “This partnership brings together intelligent automation and experienced human judgement, ensuring the AI Pentest Agent operates to recognized ethical hacking standards and delivers assurance that boards and security teams can trust.”
While legacy scanners can serve as a foundational security layer, they are often noisy with theoretical alerts triggered by static rules that identify potential vulnerabilities without confirming if they can actually be exploited. In contrast, the Simbian AI Pentest Agent functions as an autonomous reasoning engine that adapts to the unique business context. It adjusts its testing logic in real-time based on how an application responds, allowing it to uncover complex business logic flaws that fixed scanners miss. Simbian replaces a list of hypothetical security warnings with a prioritized, actionable guide for remediation.