YesWeHack Launches Agentic Pentest for AI Security Testing

PARIS--(BUSINESS WIRE)--YesWeHack, the offensive security and exposure management platform, announces Agentic Pentest, an on-demand solution using autonomous AI agents to test organisations' assets and deliver same-day findings.

Shaped by YesWeHack’s extensive offensive security experience, Agentic Pentest helps organisations identify vulnerabilities, test their real-world exploitability and uncover attack paths across in-scope assets.

The solution supports black box, grey box and white box testing of web applications, mobile apps, APIs and other internet-facing assets.

YesWeHack, leader in offensive security in Europe and APAC, leverages the best available frontier models for offensive testing, including open-weight models. This flexible approach enables organisations to use models developed and/or hosted anywhere in the world, such as in EU or APAC.

Agents operate within guardrails developed by YesWeHack to protect the confidentiality, integrity and availability of customer systems throughout testing.

Unified vulnerability management

Agentic Pentest is integrated into YesWeHack’s wider offensive security and exposure management platform.

Customers can manage Agentic Pentest findings alongside vulnerabilities identified through YesWeHack Bug Bounty Programs and human-led Continuous Pentesting, which uncover complex vulnerabilities missed by fully automated approaches, Vulnerability Disclosure Policies and Security Checkpoints detecting actively exploited CVEs.

To streamline remediation further, security teams have the option of leveraging YesWeHack’s in-house triage team to validate, reproduce and enrich reports, guaranteeing zero false positives.

Guillaume Vassault-Houlière, CEO co-founder of YesWeHack, comments:

“Agentic Pentest is faster and simpler to set up and run than traditional human-led pentesting, while offering broader coverage, greater scalability and lower costs. This enables SecOps teams to identify and remediate vulnerabilities more quickly – an imperative as attackers become increasingly empowered by AI and exploitation windows continue to shrink.”

“Together with our wider offensive security and exposure management platform, Agentic Pentest gives security teams the agility to keep pace with adversaries and cut through the noise by rapidly validating and prioritising vulnerabilities that pose major risk.”

“Ultimately, a diverse offensive security strategy drives operational efficiency. Bug Bounty and community expertise remain essential pillars of any proactive approach, as they have consistently proven in practice.”

Key features

• On-demand testing with validated findings delivered as testing progresses
• Black box, grey box and white-box testing of web applications, mobile apps, APIs and other internet-facing assets
• Coverage of high-impact vulnerability classes, including OWASP Top 10 and full attack paths
• Optional 24/7 expert triage validating, reproducing and enriching findings
• Centralised remediation workflows, analytics and exportable reporting for a unified view of cyber risk and simplified compliance

Availability and roadmap

Agentic Pentest is available to test assets across the external attack surface, with YesWeHack developing support for internal testing scopes. The solution has been rolled out at French multinationals Dassault Systèmes and Sanofi, and several other CAC 40 companies.

The capabilities will be available to customers of Sekost, cybersecurity audit company acquired by YesWeHack in 2025.

Data generated by YesWeHack Bug Bounty Programs will not be used to train AI models used by Agentic Pentest.

About YesWeHack

YesWeHack is a leading Offensive Security and Exposure Management platform delivering integrated, API-based solutions to secure organisations’ growing attack surfaces. Its human-in-the-loop model combines Bug Bounty (leveraging a global community of 150,000+ skilled ethical hackers), Autonomous Pentest, Continuous Pentesting and unified vulnerability management to deliver agile, exhaustive security testing at scale. Customers include Louis Vuitton, Ferrero, the European Commission, Tencent and L’Oréal Groupe. ISO 27001-certified, CREST-accredited and EU-hosted with full GDPR compliance.