Synack, a pioneer in offensive security innovation, unveiled its agentic AI architecture, Sara (Synack Autonomous Red Agent). Sara enhances Synack's premier Penetration Testing as a Service (PTaaS) platform to deliver proactive, risk-based security validation featuring a human-in-the-loop approach. By fusing autonomous AI capabilities with the expert human analysis of the Synack Red Team, organizations can autonomously reduce risk across their attack surface.

As threat actors increasingly adopt AI to develop, optimize and scale attacks, defenders must respond in kind. This next-generation platform embodies an AI-versus-AI model, where AI-powered validation—supervised and guided by human judgment—counters machine-driven reconnaissance and attacks. The result is a powerful, adaptive solution that mirrors real-world adversary behavior while minimizing risk and false positives.

"Security teams are no longer just fighting humans—they're defending against AI-enhanced adversaries," said Dr. Mark Kuhr, Synack co-founder and CTO. "With our Sara agentic AI and human-in-the-loop model, we equip defenders with the same level of intelligence and speed, turning the tables in this era of AI-versus-AI cybersecurity."

The Sara agentic AI architecture delivers scalable, adaptable assessment of attack surface risk. Sara Triage, a core component of Synack's new Active Offense product, is available immediately to provide autonomous triage of discovered vulnerabilities, validating those that are truly exploitable. Sara Pentest will follow later this year to conduct full-scope, objective-based penetration tests in concert with the Synack Red Team.

Sara's human-in-the-loop architecture ensures discovery of logic flaws, chained exploits and nuanced vulnerabilities, bridging the gap between automated detection and human intuition. The model's other benefits in the Synack platform include:

• Integrated Management of Human and Agent Testing: Human researchers and agents collaborate to reduce attack risk in one centralized interface.
• Scalable Human-in-the-Loop Analysis: 1,500+ security researchers are available on-demand for human analysis of AI-discovered findings.
• Agent Thinking Visibility: Easily review agentic AI decisions, including detailed 'proof of exploitability' information.
• Rapid Attack Surface Coverage: Flexibly deploy agent and human testing across the managed attack surface.
• Reporting and Analytics: Access real-time and historic analysis of agentic and human-led testing results to understand vulnerability root cause and drive corrective action.

Synack's AI-powered PTaaS platform aligns with modern security programs like Continuous Threat Exposure Management (CTEM) and supports global compliance frameworks. Its native integrations with Security Information and Event Management (SIEM), External Attack Surface Management (EASM), vulnerability management and ticketing systems help teams operationalize penetration testing findings in real time.