Synack makes Sara AI Pentesting generally available

Synack said it has made Sara AI Pentesting generally available, describing the offering as a continuous security validation approach built around agentic AI and human validation. The company tied the update to a gap between how much of an organization’s attack surface is tested and how quickly exploitable risks can change.

Synack said traditional penetration testing is constrained by time, cost, and human bandwidth, which limits which systems receive testing. It also pointed to faster vulnerability discovery and exploitation when AI is used, arguing that security coverage needs to keep pace with modern conditions.

Sara, described as the Synack Autonomous Red Agent, combines agentic AI with human validation. Synack said that during early deployments beginning in October 2025, Sara demonstrated identification and exploitation of a chain of three serious vulnerabilities, including a SQL injection exposing credentials, a password reset flaw enabling account takeover, and a stored cross-site scripting vulnerability, with findings validated and reported in a form ready for remediation.

Synack said the company made Sara available through the Synack PTaaS Platform and listed it across major cloud marketplaces, including AWS Marketplace, Microsoft Marketplace, and Google Cloud Marketplace. “The problem isn’t a lack of tools, it’s a lack of coverage,” said Jay Kaplan, CEO and Co-founder of Synack. “Attack surfaces are expanding faster than organizations can test them, while AI is accelerating how vulnerabilities are discovered and exploited. Sara AI Pentesting changes that equation by expanding coverage with AI and then using human validation to ensure that what’s found actually matters.”