Astra Security, a security company specializing in artificial intelligence-driven penetration testing, today announced it has raised$ 2.7 million in early-stage funding to improve its AI capabilities and increase its cloud services.
Astra, which was launched in 2018, offers a software that simplifies the security process of penetration tests, or pentesting, which simulates the actual process of hacking a computer network from the perspective of a harmful actor to find vulnerabilities.
More code is being shipped than ever before as a result of the rise in continuous delivery practices and the development of new AI code generation, and the “attack surface” for vulnerabilities and exploits to hide has grown. Additionally, AI has gained popularity among hackers as a tool for identifying potential code cracks. Astra uses AI to think like attackers.
Last year, Astra’s pentesting platform uncovered almost 5, 500 vulnerabilities per day for its customers. This figure, according to the company, is expected to triple by the year’s end.
” We’re building Astra as a one-of-a-kind continuous pentest platform which emulates hacker behavior and performs AI-driven attacks just like a hacker does”, said Shikhil Sharma, co-founder and chief executive of Astra Security, told SiliconANGLE in an interview. ” So across your web apps, APIs, cloud, we scan all your infrastructure for vulnerabilities, just like a hacker would”.
Traditional pentesting only happens periodically, such as yearly or quarterly, explained Sharma, and produces long-winded vulnerability reports about the system. A team of human experts typically conduct a pentest, which aims to exploit the system to discover weaknesses from the outside by posing as malicious assailants.
Astra stands out because it can be triggered as a service at any time, and its AI-powered scanners can be integrated directly into development lifecycle processes. That implies that it can be used whenever a new feature is available, when it is being delivered, when a vendor update is being made, or whenever there is a good reason to believe something has changed.
” We built an underlying AI-powered ‘ offensive scanning engine,’ as we call it”, said Sharma. The beauty of it is that it can very precisely correlate vulnerabilities across various targets. And of course, it’s very simple to create rules or detections for web applications and cloud APIs, and we’re now using AI to do that, and we’ll eventually give that capability to our customers.
Astra also employs a team of security engineers to support the AI threat engine, but the automated AI scanner automatically activates. The AI suggests offensive threat cases tailored for the scope of the pentest during the planning phase to ensure the best use of their time while the AI does the grunt work. Any vulnerabilities that the cybersecurity experts discover and weren’t fixed by the scanning engine are quickly created as new detections and added as training for the AI.
According to Sharma, the AI-driven offensive scanning engine is still human-driven and constantly updated with numerous potential exploitables as a result of this vulnerability discovery loop. Even though the business occasionally uses updates from publicly available databases that include security flaws and other sources, nothing compares to actual hands-on training.
When asked what AI models are used under the hood, Sharma said he couldn’t reveal exactly which one but said,” It’s one of the big ones”. Astra also doesn’t skimp on using generative AI: developers can access a chatbot called Astranaut if they want to quickly fix a particularly bad vulnerability.
According to Sharma, “it provides actionable responses to questions because it has context about the vulnerability being fixed and the customer’s technology stack,” ” Still, if developers need support from a security expert, they can comment under the vulnerability, and experts will reply within 24 to 48 hours. For Slack lovers, there’s also a way to sync this entire conversation to Slack threads about each vulnerability”.
Last year, more than a quarter of Astra’s customers were midsized and large organizations, including Loom Inc., Sunglass Hut, HackerRank, Mamaearth, the University of Cambridge, CompTIA and Prime Healthcare. The company’s customer base comprises more than 800 engineering teams across more than 70 countries.
Sharma described the funding as a growth round for the business, which was led by Emergent Ventures, and claimed that Astra will use the funds to double down on providing AI to developers and security engineers to create better vulnerability detections. Neon Fund, Better Capital, Blume Ventures and PointOne Capital also participated in the round.
Images: , Astra Security
We value your support and ensure that the content is always FREE.
One click below supports our mission to provide free, deep, and relevant content.  ,
Join the community that includes more than 15, 000# CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU