If you think Thread’s approach to AI for MSPs is targeted, wait until you meet InfiltrateIQ, as I did at a conference late in April. The young company doesn’t just focus on penetration testing. It focuses on a particular kind of penetration testing.

“What we’ve developed is a fully AI-operated penetration test for websites, web applications, and APIs,” says Bill Raickovic (pictured), InfiltrateIQ’s managing director.

That’s something a lot of businesses don’t even know they need, according to Spencer Fairbairn, the company’s co-founder and development lead, who says people tend to think “network” when they hear pen test. “They don’t realize that there are many other forms of penetration testing, one of which is the website, API, and web application.” As a result, Fairbairn continues, Vana, InfiltrateIQ’s AI platform, almost always finds flaws.

“If the customer has never done a pen test at all, there’s practically a 100% chance there’s going to be something on the site that’s wrong,” Fairbairn says.

Of course, Sxipher and ThreatMate among others also claim to automate pen testing. InfiltrateIQ says they don’t, however. According to Raickovic, the company researched about 20 such vendors before its founding in 2023.

“There was always a manual part to the process,” he says, adding that any AI the vendor employed mostly helped with tasks like report writing. “We’ve developed an AI that literally does everything from A to Z.”

And at machine speed too. Human-powered pen tests typically take anywhere from a few weeks to a few months. InfiltrateIQ does it in one to two days.

“You go log onto your dashboard, you put in the URL, and you schedule the test,” Raickovic says. “24 to 48 hours later you get an email telling you to download the reports.”

Unlike the $20,000 or more vendors often charge for one test, InfiltrateIQ charges $2,500, with volume discounts. According to Raickovic, MSPs can mark that up significantly and still offer an extremely competitive price.

“We’re doing a win-win situation here where the customer saves money and the MSP has a fantastic margin,” he says.

InfiltrateIQ will soon offer web application detection and response in addition to pen testing. Meant mostly for larger businesses (and priced for early adopters at $2,000 per application per month, with volume discounts), the service uses AI-powered detection and response technology to protect sites from AI-powered attacks in real time.

Rates like that make affordability an unlikely sales objection. Trust, however, is another matter. Some potential users worry about a fully autonomous digital pen tester missing some risks and hallucinating others.

“That’s really the only challenge we’ve had,” Raickovic says.

Follow Me on LinkedIn