Intruder launches AI penetration testing services for web applications, adding on-demand penetration testing to its security platform.
The service allows customers to connect to their source code repositories via GitHub or GitLab, allowing them to scope and automatically start testing. Results and audit-ready reports are created within hours rather than weeks or months associated with manual effort.
The announcement builds on Intruder’s previous use of AI to conduct problem-level investigations, with autonomous agents validating the scanner’s findings. With new releases, the company is moving to full-fledged white-box testing that uses access to the codebase to search for weaknesses throughout the application.
Intruder says the system was built and trained by CREST-certified penetration testers and is intended to mirror the way experienced human testers work. The agent reasons through the application and adapts its approach during testing.
cost pressure
Pricing starts at USD $3,500 per test. According to Intruder, automated web application testing costs less than 25% of traditional manual labor.
Part of this pricing is aimed at small businesses that may struggle to pay for frequent manual penetration testing. Existing customers can view web application penetration testing results on the same platform as attack surface, cloud, and vulnerability data.
The move comes as security teams face pressure to use AI coding tools to more frequently review software released by engineering groups. Intruder cited an exclusive survey of security leaders that found that 49% cite AI and automation as a top investment priority for 2026.
Intruder argues that in many companies, where large-scale deployments can occur weekly, annual penetration testing is no longer aligned with software release cycles. They also point out that the time between a vulnerability being disclosed and being exploited by an attacker is decreasing.
This service is designed for security, IT, and development teams who want to run application tests on a more regular basis without the scheduling overhead of traditional penetration testing projects. Reports generated by this service can be used as evidence for compliance frameworks such as SOC 2 and ISO 27001.
Andy Hornegold, chief security technologist at Intruder, said the launch reflects the company’s long-standing goal of expanding access to security testing.
“At Intruder, our mission has always been to make robust cybersecurity available to everyone,” said Andy Hornegold, Chief Security Technologist at Intruder. “Offering web application testing is an exciting step in that effort. By providing advanced penetration testing on-demand and at a low cost, we are helping enterprises respond to an accelerating threat landscape.”
broader shift
The announcement comes as suppliers across the market look to use AI to automate many of the tasks traditionally performed by security consultants. Intruder pointed to recent industry attention to AI systems that can identify software flaws, and warned that attackers are using similar tools to accelerate their campaigns.
The main operational change for customers is the ability to run tests more frequently and closer to release cycles. Rather than requesting a one-time annual review, organizations can use automated penetration testing as part of regular software delivery.
Chris Wallis, CEO and founder of Intruder, framed the discussion around the time and budget constraints of small organizations.
“Historically, penetration testing has been very expensive and time consuming,” said Chris Wallis, CEO and founder of Intruder. “In today’s accelerating threat environment, that timeline and cost are unsustainable. We are ensuring that resource-constrained small businesses are not excluded from good security based solely on budget.”
One customer quoted by Intruder said its appeal lies in bridging the gap between formal annual reviews. Yembo, which continues to use human intrusion inspectors, said more continuous inspections are needed to reduce exposure between scheduled inspections.
“Ensuring the security of the global AI platform requires continuous defense,” said Zach Ratner, chief technology officer and co-founder of Yembo. “Yembo continues to leverage human penetration testers, but annual assessments alone leave a dangerous window of exposure. Intruder’s AI penetration testing closes that gap by providing human-level depth at machine speed, permanently enhancing our platform.”
