LRQA, the leading global risk management partner, has partnered with AI security innovator, Simbian, to introduce continuous, AI-powered penetration testing – combining autonomous testing with experienced cyber specialists.
As cyber attacks are enhanced by increasingly automated approaches from threat actors and regulatory expectations around operational resilience continue to rise, traditional annual penetration testing models are under growing pressure to scale.
In sectors such as financial services and technology, where applications are updated constantly, the gap between rapid software change and infrequent validation can leave exploitable weaknesses undetected for months.
The Simbian AI Pentest Agent performs on-demand testing that adapts dynamically to how applications respond. Unlike traditional vulnerability scanners that generate theoretical alerts based on static rules, the agent determines whether vulnerabilities can be exploited in practice and prioritises them based on real-world business impact.
This allows organisations to assess newly disclosed security vulnerabilities immediately, rather than waiting for the next scheduled assessment, helping to reduce mean time to remediation.
LRQA ensures this autonomous capability operates within recognised ethical hacking methodologies and established governance frameworks, embedding continuous AI-driven testing within a structured risk management approach.
Howard Hughes, Managing Director for LRQA’s cybersecurity division, said:
“Automation is changing the threat landscape, and it must change how we manage cyber risk. AI enables continuous testing at a depth and frequency that was not previously possible. But effective risk management requires context, accountability and professional judgement. Our role is to ensure autonomous testing delivers clear, prioritised insight that leaders can act on with confidence.”
The capability has been piloted in controlled environments to validate its ability to identify exploitable weaknesses and business logic flaws that static scanning alone may miss. Designed to operate safely in live systems, it includes safeguards to prevent disruption, provides full visibility into what was tested and why, and ensures all data remains secure and is never used to train public AI models.
Ambuj Kumar, CEO and Co-Founder of Simbian, said:
“Security teams are overwhelmed with alerts that don’t always translate into real risk. Our AI Pentest Agent is designed to think and test like a human attacker, validating what can actually be exploited. Partnering with LRQA ensures this capability is deployed with the rigour and oversight organisations expect.”
As attackers increasingly use automation to scale their activity, this partnership offers a shift in cyber strategy for boards and risk leaders: continuous validation, strengthened by human expertise, embedded within a disciplined risk management approach.
Learn more about AI penetration testing
