LRQA partnered with Simbian to introduce continuous, AI-powered penetration testing, combining autonomous testing with experienced cyber specialists to help organizations manage risk at machine speed.
“Automation is changing the threat landscape, and it must change how we manage cyber risk. AI enables continuous testing at a depth and frequency that was not previously possible. But effective risk management requires context, accountability and professional judgement. Our role is to ensure autonomous testing delivers clear, prioritised insight that leaders can act on with confidence,” says Howard Hughes, managing director for LRQA’s cybersecurity division.
“Security teams are overwhelmed with alerts that don’t always translate into real risk. Our AI Pentest Agent is designed to think and test like a human attacker, validating what can actually be exploited. Partnering with LRQA ensures this capability is deployed with the rigour and oversight organisations expect,” adds Ambuj Kumar, CEO and co-founder of Simbian.
Key takeaways:
· The capability has been piloted in controlled environments to validate its ability to identify exploitable weaknesses and business logic flaws that static scanning alone may miss.
· Designed to operate safely in live systems, it includes safeguards to prevent disruption, provides full visibility into what was tested and why, and ensures all data remains secure and is never used to train public AI models.
· The Simbian AI Pentest Agent performs on-demand testing that adapts dynamically to how applications respond.
· The agent determines whether vulnerabilities can be exploited in practice and prioritises them based on real-world business impact. This allows organizations to assess newly disclosed security vulnerabilities immediately, rather than waiting for the next scheduled assessment, helping to reduce mean time to remediation.
