Business & Technology
Intruder launches AI web app pentesting at lower cost
Intruder has launched an AI pentesting product for web applications, offering customers on-demand penetration testing through its platform.
Organisations can connect code repositories through GitHub or GitLab, allowing tests to be scoped and started automatically, with results and reporting delivered within hours, according to Intruder.
The launch builds on Intruder’s earlier use of AI for issue-level investigations, where autonomous agents validated scanner findings and reduced false positives. This release moves beyond checking individual issues to analysing a broader web application environment using source code access.
The system is designed as a white-box test, giving the software visibility into the application codebase while it assesses weaknesses. Intruder says the agents were built and trained by CREST-certified pentesters and are intended to mirror the methods used in manual testing engagements.
The move comes as security teams face pressure to review software more often while engineering teams ship updates faster. Intruder cited its own survey of security leaders, which found that 49% named AI and automation as their top investment priority for 2026, while 42% described their teams as stretched, overwhelmed, or consistently behind.
Intruder also pointed to a narrowing window between the disclosure of flaws and their exploitation, arguing that annual penetration tests no longer match the pace of modern software releases. Major deployments are now taking place weekly, increasing the need for more frequent application testing, it said.
Cost pressure
Intruder is pitching the product to small and medium-sized businesses, as well as existing customers already using its broader security platform. The company says the web application pentest costs 25% or less than a traditional manual engagement, with prices starting at USD $3,500 per test.
Existing customers can view pentest findings alongside attack surface, cloud, and vulnerability data in the same platform. New customers can also scope and run a test through the company’s free plan, according to Intruder.
Audit reporting is also part of the launch. Each test produces a full pentest report that can be used as evidence for compliance frameworks including SOC 2 and ISO 27001, the company said.
Andy Hornegold, Chief Security Technologist at Intruder, outlined the rationale for adding web application testing to the product line.
“Our mission at Intruder has always been to make robust cybersecurity accessible to everyone,” said Andy Hornegold, Chief Security Technologist at Intruder. “Providing web application testing marks an exciting step on that journey. By delivering the depth of a pentest on demand and at a fraction of the price, we’re helping businesses keep up with an accelerating threat environment.”
Founded in 2015 by former ethical hacker Chris Wallis, Intruder says it now protects more than 3,000 companies worldwide. Its platform combines attack surface monitoring, cloud security, vulnerability management, and now AI-led penetration testing.
Human comparison
Intruder framed the product as a way to replicate some elements of manual security testing without the scheduling delays and fees associated with consultant-led work. Traditional pentests often take weeks or months to arrange and complete, while Intruder says its automated version can begin in minutes and finish in hours, depending on the complexity of the application.
Chris Wallis, Chief Executive Officer and Founder at Intruder, said the economics of traditional testing no longer fit the current security environment.
“Historically, the cost of a pentest has been very high and has taken a long time,” said Chris Wallis, Chief Executive Officer and Founder at Intruder. “In today’s accelerated threat environment, that timeline and cost don’t hold up. We’re ensuring that resource-constrained small and medium-sized businesses aren’t excluded from good security purely based on budget.”
One customer, Yembo, said the product is being used to narrow the gap between periodic human-led assessments. The company, which develops an AI platform, said annual reviews can leave systems exposed between tests.
“Securing a global AI platform requires continuous defence,” said Zach Rattner, Chief Technology Officer and Co-Founder at Yembo. “While Yembo continues to leverage human pentesters, annual assessments alone leave dangerous windows of exposure. Intruder’s AI pentesting bridges that gap by delivering human-grade depth at machine speed to keep our platform permanently hardened.”