, a cybersecurity startup specializing in artificial intelligence-driven penetration testing, today announced it has raised $2.7 million in early-stage funding to enhance its AI capabilities and expand its cloud offerings.
Launched in 2018, Astra provides a platform that simplifies the cybersecurity process of penetration testing, or pentesting, which is the simulated process of attacking a computer network from the perspective of a malicious actor to discover vulnerabilities.
With the advent of AI code generation and the increase of continuous delivery practices, more code is being shipped than ever before, along with those increasing lines of codes the “attack surface” for vulnerabilities and exploits to hide has also enlarged. AI has also become popular among hackers to probe for potential cracks in code. Astra uses AI to think like attackers.
Last year, Astra’s pentesting platform uncovered almost 5,500 vulnerabilities per day for its customers. The company said this number is expected to triple before the end of the year.
“We’re building Astra as a one-of-a-kind continuous pentest platform which emulates hacker behavior and performs AI-driven attacks just like a hacker does,” said Shikhil Sharma, co-founder and chief executive of Astra Security, told SiliconANGLE in an interview. “So across your web apps, APIs, cloud, we scan all your infrastructure for vulnerabilities, just like a hacker would.”
Traditional pentesting only happens periodically, such as yearly or quarterly, explained Sharma, and produces long-winded vulnerability reports about the system. A pentest is usually led by a team of human experts who attempt to penetrate the system to discover vulnerabilities from the outside by acting as malicious attackers in order to exploit the system.
Astra differs in that it can be triggered at any time as pentest-as-a-service and its AI-powered scanners can be integrated directly into development lifecycle processes. That means it can be called upon whenever a new feature has gone live, during the delivery process, after a vendor update or any time there’s a reason to believe something may have changed.
“We built an underlying AI-powered ‘offensive scanning engine,’ as we call it,” said Sharma. “The beauty of it is that it’s able to very neatly correlate vulnerabilities across various targets. And of course, building detection rules for web apps and cloud APIs is super-easy with it, and now we are actually on to creating rules or detections also using AI, and eventually, we plan on giving that ability to our customers.”
The automated AI scanner triggers immediately but Astra also employs a team of security engineers to back up the AI threat engine. During the planning stage, the AI suggests offensive threat cases tailored for the scope of the pentest to ensure the best possible use of their time while the AI does the grunt work. Any vulnerabilities discovered by the cybersecurity experts, which weren’t uncovered by the scanning engine, are quickly built as new detections and added as training for the AI.
Sharma said this vulnerability discovery loop means that the AI-driven offensive scanning engine remains human expert-powered and gets continuously updated with numerous potential sources of exploits. The company also uses updates from publicly disclosed databases of security flaws and other sources, but very little beats actual hands-on training.
When asked what AI models are used under the hood, Sharma said he couldn’t reveal exactly which one but said, “It’s one of the big ones.” Astra doesn’t skimp on the use of generative AI either: If developers want to fix a particularly bad vulnerability quickly, they have access to a chatbot called Astranaut.
“It has context about the vulnerability being fixed and the technology stack of the customer, hence it is able to give actionable answers to questions,” Sharma said. “Still, if developers need support from a security expert, they can comment under the vulnerability, and experts will reply within 24 to 48 hours. For Slack lovers, there’s also a way to sync this entire conversation to Slack threads about each vulnerability.”
Last year, more than a quarter of Astra’s customers were midsized and large organizations, including Loom Inc., Sunglass Hut, HackerRank, Mamaearth, the University of Cambridge, CompTIA and Prime Healthcare. The company’s customer base comprises more than 800 engineering teams across more than 70 countries.
Sharma called the funding, led by Emergent Ventures, a growth round for the company, saying that Astra will use the funds to double down on providing AI to developers and security engineers to build better vulnerability detections. Neon Fund, Better Capital, Blume Ventures and PointOne Capital also participated in the round.
Images: , Astra Security
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU