What happened
Tenzai, a newly launched cybersecurity startup, announced a $75 million seed funding round, one of the largest seed rounds in the sector.
The Tel Aviv–based firm plans to build an autonomous, AI-driven penetration-testing platform designed to continuously test, exploit, and help remediate vulnerabilities at scale and in real time, instead of relying on traditional, periodic manual pentests.
Who is affected
- Large enterprises, especially those deploying frequent code changes or relying on AI-generated code, are primary targets for this approach.
- Sectors expected to adopt early include financial services, healthcare, and technology firms across North America and Europe.
Why CISOs should care
- Speed vs. security gap: With more than 30% of newly written code reportedly generated by AI and frequent deployments becoming the norm, conventional pentesting can’t keep up.
- Continuous risk exposure: Traditional pentests are episodic; code can go untested in production for long periods, giving attackers a window to exploit unknown vulnerabilities.
- AI-written code adds novel risks: As organizations increasingly rely on AI for development, the attack surface evolves, making automated, specialized tools more relevant.
Given these dynamics, CISOs need to reevaluate whether their existing pentesting cadence is adequate in an AI-first development world.
3 Practical Actions for CISOs
- Audit your pentesting cadence and coverage
- Review how often your organization performs penetration tests, and whether those tests cover code that’s dynamically generated or frequently updated.
- If your deployment frequency is high, consider moving from scheduled to continuous or on-demand testing.
- Assess suitability of AI-native testing tools
- Evaluate emerging AI-driven pentesting platforms to see if they can complement or replace manual pentesting.
- Pay attention to how well such tools integrate into your CI/CD pipeline and development workflow.
- Enforce secure coding and deployment hygiene
- Even with automation, rely on secure coding practices: code reviews, threat modeling, runtime monitoring, and logging.
- Combine automated penetration testing with traditional safeguards like access controls, secrets management, and runtime anomaly detection.