Multi-agent orchestration with human-in-the-loop oversight compresses full-scope pentest engagements from weeks to under 48 hours
Strobes, a leader in Exposure Management, today announced the launch of its proprietary AI Harness, a multi-agent orchestration engine that powers end-to-end AI Penetration Testing across cloud, web, API, and enterprise environments. The platform delivers full-scope engagements that historically consumed two to four weeks in under 48 hours, without sacrificing rigor, traceability, or oversight.
The problem: pentests are slow because of coordination, not technique
Penetration testing has been shaped less by the difficulty of the technical work than by the overhead around it: reconnaissance, enumeration, exploitation, evidence collection, peer review, and report writing, each handed off serially with idle time in between.
“Why does a pentest still take three weeks in 2026?” said Venu Rao, CEO & Co-founder at Strobes. “It’s the coordination overhead, the context switching, and the serial nature of the process. Our AI Harness runs these workstreams in parallel, around the clock, delivering output on par with a senior pentester in a fraction of the time.“
How it works: a supervisor, purpose-built agents, and parallel execution
A supervisor agent decomposes security objectives into discrete tasks and dispatches them to domain-specialized sub-agents:
Cloud Pentesting Agent: AWS, Azure, GCP configuration review, IAM analysis, misconfiguration detection
Web Pentesting Agent: OWASP Top 10, authentication flaws, business-logic testing
API Pentesting Agent: REST and GraphQL discovery, authorization testing, injection checks
Network Pentesting Agent: infrastructure reconnaissance and service-level testing
Code Review Agent: SAST-aware triage of code-level findings
Threat Intelligence & Compliance Agents: exploit enrichment, mapping to SOC 2, ISO 27001, PCI DSS
Agents run simultaneously and exchange findings through structured data. The harness runs on Strobes’ own agent runtime built on best-in-class foundation models, including Anthropic Claude on AWS Bedrock, with guardrail middleware and persistent agent memory purpose-built for security operations.
The results
In internal benchmarks and early customer engagements the AI Harness has, in a single session:
Coordinated scans across 128 cloud assets spanning three AWS regions
Surfaced 47 critical findings within hours
Generated remediation tickets automatically
Produced a client-ready PDF report end-to-end
For full-scope web application pentests, the AI Harness consistently delivers complete engagements in under 48 hours.
Speed without losing control
Any action with real-world impact surfaces an approval card requiring explicit human authorization. Every engagement runs in a dedicated workspace recording agent reasoning, tool calls, and decision points. Customer data stays inside the customer’s tenant boundary via a schema-per-tenant database model.
Closing the gap between discovery and action
Results flow directly into systems security teams already use:
Ticketing: Jira, ServiceNow, GitHub Issues, Azure DevOps
Reporting: client-ready PDF and CSV reports in the same session
Compliance: automatic mapping to SOC 2, ISO 27001, PCI DSS
ChatOps and SIEM: Slack, Teams, Splunk, Sentinel via webhook and API
The post Strobes Security Unveils Proprietary AI Harness first appeared on AI-Tech Park.