.jpg?lu=760)
.jpg?lu=455)
29 January 2026
HackerOne has launched Agentic Pentest as a Service (PTaaS), a new approach to penetration testing that combines artificial intelligence (AI) agents with human security experts to provide continuous, adaptive security testing. The company describes this as the first iteration of what it calls “continuous agentic pentesting,” which is part of a broader Agentic Offensive Testing program designed to bridge the gap between traditional manual pentests and fully autonomous security tools.
The new service aims to address a growing challenge faced by enterprise security teams: balancing the need for frequent, thorough testing against the limitations of conventional approaches. Traditional penetration tests, while thorough, often struggle to keep pace with rapidly changing environments, delivering detailed results but lacking the agility required for modern, dynamic attack surfaces. Fully autonomous testing solutions, on the other hand, tend to produce unverified alerts and an overwhelming number of false positives, reducing their effectiveness.
HackerOne’s hybrid approach leverages a coordinated system of AI agents and human reviewers. The AI handles key aspects of reconnaissance, setup, exploitation, and validation, drawing on proprietary exploit intelligence developed from years of testing enterprise systems and insights from a verified community of pentesters. Human security experts then provide judgment and oversight, focusing their efforts on validating exploitable vulnerabilities rather than theoretical weaknesses. This balance aims to deliver high-confidence results while enabling testing to be performed at a much faster cadence.
The company emphasizes that Agentic PTaaS is particularly suited for organizations with large and frequently evolving attack surfaces. As assets and environments change rapidly, continuous testing becomes essential for maintaining security posture. Nidhi Aggarwal, Chief Product Officer at HackerOne, explained, “Security teams aren’t looking for more findings—they want to reduce risk exposure. Our agentic approach scales pentesting efforts, enabling organizations to perform assessments in hours instead of days, so teams can focus on validating real exploitability and reducing actual threats in the wild.”
HackerOne evaluated the service using both public and proprietary benchmarks and tested it extensively in enterprise production environments. The company contrasted this real-world testing with synthetic environments, highlighting how conditions like ambiguous scoping, shifting assets, and operational constraints led to higher-quality signals and more relevant findings. An optional feature involves secure integration with source code, allowing the AI agents to identify vulnerable patterns directly within application code, generate hypotheses, and prioritize testing efforts based on how the application is built.
The Agentic PTaaS is delivered through HackerOne’s platform, which integrates continuous threat exposure management into existing security workflows. By constantly validating exploitability and feeding insights into prioritization and remediation processes, the service shifts organizations away from point-in-time assessments toward an “always-on” security model. This approach aims to help enterprise teams monitor and manage risks more effectively as their systems and applications evolve.
HackerOne’s innovative approach signifies a step forward in adaptive security testing, offering organizations a scalable, continuous solution that combines the strengths of AI and human expertise to better protect against modern cyber threats.
