Strobes Security Unveils AI Harness for End-to-End Penetration Testing

Multi-agent orchestration with human-in-the-loop oversight compresses full-scope pentest engagements from weeks to under 48 hours

Strobes, a leader in Exposure Management, today announced the launch of its proprietary AI Harness, a multi-agent orchestration engine that powers end-to-end AI Penetration Testing across cloud, web, API, and enterprise environments. The platform delivers full-scope engagements that historically consumed two to four weeks in under 48 hours, without sacrificing rigor, traceability, or oversight.

Read More: AI-Native Architecture: Designing Systems for Intelligence First

Penetration testing has been shaped less by the difficulty of the technical work than by the overhead around it: reconnaissance, enumeration, exploitation, evidence collection, peer review, and report writing, each handed off serially with idle time in between.

“Why does a pentest still take three weeks in 2026?” said Venu Rao, CEO & Co-founder at Strobes. “It’s the coordination overhead, the context switching, and the serial nature of the process. Our AI Harness runs these workstreams in parallel, around the clock, delivering output on par with a senior pentester in a fraction of the time.”

How it works: a supervisor, purpose-built agents, and parallel execution

A supervisor agent decomposes security objectives into discrete tasks and dispatches them to domain-specialized sub-agents:

• Cloud Pentesting Agent: AWS, Azure, GCP configuration review, IAM analysis, misconfiguration detection
• Web Pentesting Agent: OWASP Top 10, authentication flaws, business-logic testing
• API Pentesting Agent: REST and GraphQL discovery, authorization testing, injection checks
• Network Pentesting Agent: infrastructure reconnaissance and service-level testing
• Code Review Agent: SAST-aware triage of code-level findings
• Threat Intelligence & Compliance Agents: exploit enrichment, mapping to SOC 2, ISO 27001, PCI DSS

Agents run simultaneously and exchange findings through structured data. The harness runs on Strobes’ own agent runtime built on best-in-class foundation models, including Anthropic Claude on AWS Bedrock, with guardrail middleware and persistent agent memory purpose-built for security operations.

The results

In internal benchmarks and early customer engagements the AI Harness has, in a single session:

• Coordinated scans across 128 cloud assets spanning three AWS regions
• Surfaced 47 critical findings within hours
• Generated remediation tickets automatically
• Produced a client-ready PDF report end-to-end

For full-scope web application pentests, the AI Harness consistently delivers complete engagements in under 48 hours.

Speed without losing control

Any action with real-world impact surfaces an approval card requiring explicit human authorization. Every engagement runs in a dedicated workspace recording agent reasoning, tool calls, and decision points. Customer data stays inside the customer’s tenant boundary via a schema-per-tenant database model.

Read More: Prompt Engineering to Context Engineering: The New Developer Skill Stack

Closing the gap between discovery and action

Results flow directly into systems security teams already use:

• Ticketing: Jira, ServiceNow, GitHub Issues, Azure DevOps
• Reporting: client-ready PDF and CSV reports in the same session
• Compliance: automatic mapping to SOC 2, ISO 27001, PCI DSS
• ChatOps and SIEM: Slack, Teams, Splunk, Sentinel via webhook and API.

Write to us [⁠wasim.a@demandmediaagency.com] to learn more about our exclusive editorial packages and programmes.