NetSPI, a proactive cybersecurity company, launched AI-powered Continuous Pentesting, adding ongoing external and cloud testing to its PTaaS platform as enterprise attack surfaces shift between scheduled assessments.
The Minneapolis company disclosed two new service tracks, Continuous External Penetration Testing and Continuous Cloud Penetration Testing, alongside agentic Model Context Protocol integrations and an AI-accelerated platform for finding, prioritizing and remediating risk as environments change.
According to the firm, the launch is an extension of its human-led pentesting model rather than a replacement of testers with automation. NetSPI says the platform automates discovery, repetitive testing tasks and large-scale environment analysis, while consultants validate findings and focus on higher-impact weaknesses.
Addressing the gap between scans and annual tests
The service targets a gap in security testing. PCI Security Standards Council guidance distinguishes vulnerability scans from penetration tests, saying scans are typically automated and performed at least quarterly and after significant changes, while penetration tests identify ways to exploit weaknesses and are conducted at least annually and upon significant changes.
That same PCI guidance says significant changes can include infrastructure or application upgrades, modifications and new system components. It also says penetration testing after such changes is used to verify that assumed controls still work after the upgrade or modification.
Mandiant’s 2026 M-Trends report adds threat context for that shift. Exploits remained the most common initial infection vector for the sixth consecutive year, accounting for 32% of intrusions in Mandiant investigations, while global median dwell time rose to 14 days from 11 days.
Tracking a shifting cloud environment
NetSPI’s cloud track is built around that moving surface. Its cloud pentesting materials describe testing across AWS, Azure and Google Cloud from anonymous and authenticated perspectives, including configuration review, identity and access management policies, public-facing services and internal network-layer testing of virtual machines and services.
Integrating vulnerability data with AI agents
The Model Context Protocol (MCP) piece pushes the service into a newer workflow problem. MCP is an open-source standard for connecting AI applications to external systems, including data sources, tools and workflows.
Its specification says tools allow language models to interact with external systems such as databases, APIs and computations, while recommending human-in-the-loop controls for tool use.
NetSPI says its MCP integrations let customers automate risk-based workflows and decisions using engagement and vulnerability data. Its Penetration testing as a Service (PTaaS) product page also says MCP integrations allow an organization’s agents to access and act on NetSPI engagement and vulnerability data, with vulnerabilities routed between PTaaS and ticketing systems.
Filtering out false positives
The design puts the vendor’s false-positive argument at the center of the launch. Nabil Hannan, NetSPI field CISO, said continuous testing needs scale and accuracy “without the noise of thousands of false positives.”
Bryan Wiese, chief customer officer, said “automation only isn’t enough,” contending that AI-only solutions can overwhelm teams with raw vulnerabilities that lack context and prioritization.
Market growth and unanswered questions
The buying market is also moving toward recurring testing. MarketsandMarkets projects the PTaaS market will grow from $720 million in 2026 to $1.98 billion by 2031, a 22.6% compound annual growth rate.
The firm also expects cloud security pentesting to be the fastest-growing attack-surface segment, with a 25.8% CAGR during the forecast period.