Simbian, a provider of AI-driven security solutions, has launched the Simbian AI Pentest Agent, which is designed to provide enterprises with ongoing, on-demand penetration testing. The solution incorporates business context to ensure findings are focused on the specific security risk and priorities of each customer. Developed in collaboration with global risk management partner LRQA, the AI agent is intended to allow security teams to move beyond manual, point-in-time assessments to validate their security posture in real-time, officials said.
For most organizations penetration testing is a manual, once- or twice-a-year compliance exercise, but in an environment with frequent application releases, this creates a “window of exposure” in which code changes and emerging common vulnerabilities and exposures (CVEs) can remain unremediated for months, the company said. The Simbian AI Pentest Agent is intended to close this gap by making penetration testing an anytime, on-demand security practice, with results typically available in hours.
“The industry has long been forced to choose between the depth of a manual pentest and the speed of a shallow scan,” said Ambuj Kumar, CEO and co-founder of Simbian. “Simbian eliminates that trade-off. Our AI Pentest Agent doesn’t just follow a script; it reasons and adapts like a human hacker, leveraging context to uncover risks that actually matter to the business. We are giving enterprises the ability to find and close risks before attackers can ever exploit them.”
Simbian designed the agent in part by leveraging LRQA’s experience in penetration testing, cybersecurity and CREST-certified services. LRQA used its methodologies to provide independent assurance that the solution aligns with globally recognized penetration testing standards and responsible AI principles, officials said.
“These principles are embedded into the design of the agent. ‘Transparency by Design’ means that security teams have access to a complete reasoning trace, showing exactly why the AI chose a specific attack path. With a built-in safe mode, the agent is engineered to operate without disrupting critical applications and complex production environments,” officials said. “Data is kept secure and protected throughout the testing process and is never used to train public LLMs.”
“By combining Simbian’s autonomous AI with LRQA’s deep expertise in threat-led cybersecurity, we are helping organizations move from periodic testing to continuous risk insight,” said Howard Hughes, managing director for LRQA’s cybersecurity division. “This partnership brings together intelligent automation and experienced human judgment, ensuring the AI Pentest Agent operates to recognized ethical hacking standards and delivers assurance that boards and security teams can trust.”
The Simbian AI Pentest Agent functions as an autonomous reasoning engine that adapts to the unique business context. It’s designed to dynamically adjust its testing logic in real-time based on how an application responds, allowing it to uncover complex business logic flaws that fixed scanners can miss. “Simbian replaces a list of hypothetical security warnings with a prioritized, actionable guide for remediation,” the company said.
