If you think Thread’s approach to AI for MSPs is targeted, wait until you meet InfiltrateIQ, as I did at a conference late in April. The young company doesn’t just focus on penetration testing. It focuses on a particular kind of penetration testing.

“What we’ve developed is a fully AI-operated penetration test for websites, web applications, and APIs,” says Bill Raickovic (pictured), InfiltrateIQ’s managing director.

That’s something a lot of businesses don’t even know they need, according to Spencer Fairbairn, the company’s co-founder and development lead, who says people tend to think “network” when they hear pen test. “They don’t realize that there are many other forms of penetration testing, one of which is the website, API, and web application.” As a result, Fairbairn continues, Vana, InfiltrateIQ’s AI platform, almost always finds flaws.

“If the customer has never done a pen test at all, there’s practically a 100% chance there’s going to be something on the site that’s wrong,” Fairbairn says.

Of course, Sxipher, ThreatMate, and Kaseya’s Vonahi unit among others also claim to automate pen testing. InfiltrateIQ says they don’t, however. According to Raickovic, the company researched about 20 such vendors before its founding in 2023.

“There was always a manual part to the process,” he says, adding that any AI the vendor employed mostly helped with tasks like report writing. “We’ve developed an AI that literally does everything from A to Z.”

And at machine speed too. Human-powered pen tests typically take anywhere from a few weeks to a few months. InfiltrateIQ does it in one to two days.

“You go log onto your dashboard, you put in the URL, and you schedule the test,” Raickovic says. “24 to 48 hours later you get an email telling you to download the reports.”

Unlike the $20,000 or more vendors often charge for one test, InfiltrateIQ charges $375 a month (billed annually) for 12. According to Raickovic, MSPs generally resell the tests for a few thousand dollars each.

“We’re doing a win-win situation here where the customer saves money and the MSP has a fantastic margin,” he says.

InfiltrateIQ does vulnerability scanning in addition to pen testing. An annual $249 per month contract includes 180 scans, which works out to 15 a month at $16.60 each, Raickovic notes. An additional website defense service priced at $749 a month uses AI-powered detection and response technology to protect websites from AI-powered attacks in real time.

Rates like that make affordability an unlikely sales objection. Trust, however, is another matter. Some potential users worry about a fully autonomous digital pen tester missing some risks and hallucinating others.

“That’s really the only challenge we’ve had,” Raickovic says.

Follow Me on LinkedIn