Pentera is leveraging artificial intelligence (AI) to expand its Asia-Pacific operations from its Singapore hub and automate and enhance its attack simulation platform.
Israeli companies have progressed from automating penetration testing to leading what Gartner calls exposure verification, helping organizations continuously test their security defenses by simulating real-world cyberattacks.
Speaking in an interview with Computer Weekly in Singapore, Pentera, Amitai Latzon said the company is expected to have strong growth momentum, with a global team of 1,200 customers and 400 employees across 65 countries.
“Like Crowdstrike the leader of EDR [endpoint detection and response]and the recorded future is a leader in threat intelligence, and Pentera is a leader in security verification,” Rutson said.
The company is driving the next stage of growth by incorporating AI into its platform to improve everything from user experience to speed and refinement of simulated attacks. For example, the report shows that the platform is currently employing AI to translate complex technical research into actionable business insights.
“If you're a CEO, you don't mind all the little details,” Ratzon said. “AI allows us to coordinate reports from board members or CEOs who don't know the language of cybersecurity.”
Additionally, Pentera incorporates AI into its core attack engine, speeding up research and developing new attack technologies, reducing the time it takes to create new simulated ransomware campaigns from a month to just a few days. It is also developing AI Red Teaming capabilities to help organizations test the security of AI chatbots and large language models.
Despite standardizing Pentera's core technologies, organizations have the flexibility to coordinate security tests in a variety of ways. For example, using natural language prompts, the security manager can instruct the platform to run tests on a particular network segment within a specific time frame, or instruct the platform to target the most important assets.
You can also configure the stealth level of your attack based on the most applied threat. Government agencies fearing national state actors can choose a highly evasive test, but retailers may simulate sophisticated attacks from the script's children.
Ratzon said that amid growing fears of the AI weapons race where defenders use AI to counter AI-mediated attacks, Pentera remains a “responsible adult” by providing human oversight for AI-driven decisions and actions.
“We're literally attacking your company, so we don't want to do that based on AI recommendations,” says Ratzon. “There are people in Pentera who have the name of clicking a button and accepting it, because there is an impact from what is wrong.”
With growing concern over nation-state attacks on critical regional infrastructure, Rutson touched on Pentera's role in protecting operational technology (OT) systems that control everything from the power grid to trains.
We do not directly test the defenses of our OT systems due to risk, but we play a role in protecting the connected environment more widely.
“I oppose the server where the OT system is sitting, but I don't touch the actual interface of the OT machine,” says Ratzon. By testing OT environments and increasingly converging IT servers and networks, the platform can reduce the risk of attackers moving sideways to gain footing in the IT domain and disrupt body manipulation.
Pentera's growth is particularly strong in the Asia-Pacific region. The company has established an independent entities in Singapore, promoting regional businesses, and is expanding its footprint beyond Japan and Australia to markets such as Taiwan and India.
“The biggest banks, retailers and governments in most countries in the region are using Pentera because they see the threat,” Raton said. He expects the company's local customer base to grow from just under 70 years old a few years ago to over 150 by next year.
Following a $60 million funding round earlier this year, Pentera is currently focusing on some bold acquisitions, Ratzon said without giving details. “We're building a platform for security verification. When you build a platform, you're not integrated, you're integrated,” he added.
The first public offering (IPO) is on the card, but Ratzon said it was “a decision for 2027.” This is because the company focuses on solidifying its leadership position in the market and expanding its platform through internal product development and acquisitions.
