What is Infiltra.ai?
Infiltra.ai is an automated penetration testing
platform built around specialized autonomous agents that replicate the methodology of an experienced
human pentester.
Do I need to install sensors or agents?
No. Infiltra is a cloud based platform. Scans run on
demand or on schedule from your selected region.
What can I test with Infiltra.ai?
Web applications (black-box and authenticated) and
APIs.
For APIs, we recommend importing an OpenAPI (Swagger) definition file or Postman collection to map
endpoints for testing.
Is it safe to run against production environments?
Yes. Infiltra includes "Production Mode" guardrails
that exclude disruptive exploit vectors. You can also configure request rate throttling (RPS) to
ensure the scan stays within your infrastructure's load capacity.
Can I schedule recurring scans or integrate them into
my workflow?
Absolutely. You can schedule assessments to run daily,
weekly, or on a custom recurring basis, or trigger them via API/Webhooks as part of your CI/CD/CS
process
for continuous assurance.
How is my data protected?
We implement Tenant Specific Encryption Key (TSEK)
architecture.
This ensures cryptographically isolated environments for all sensitive configuration metadata.
In addition, each scan runs in an isolated processor environment which is destroyed on
scan completion to avoid context spill between scans or customers.
Do you support SSO and ticketing integrations?
SSO is on the roadmap. You can export findings as
JSON/CSV today. Native Jira/ServiceNow integrations are planned.
What kind of reporting does Infiltra provide?
We provide persona-based reporting that includes
executive summaries for leadership and technical reproduction evidence, complete with payloads, to
help developers remediate findings quickly.
What standards do you align to?
OWASP Top 10 and SANS 25. Findings are severity-scored
using CVSS and mapped to categories for reporting.
How do you reduce false positives?
Standard scanners identify vulnerabilities based on
signatures. Infiltra uses autonomous agents that attempt to chain and execute exploits in a safe way
to provide evidence of impact. Findings can be marked as False Positive or Closed, preserving an
audit trail.
How does Infiltra handle newly discovered "Zero-Day"
vulnerabilities?
While vulnerability signatures are regularly updated,
our team also monitors various threat intelligence feeds to ensure our agents are regularly updated
with the latest offensive security research and attack vectors.
How does Infiltra support automated testing for apps
that require MFA?
We have specifically implemented Browser agents with
vision models to handle complex authentication
workflows by managing session states and persistent logins, allowing for deep, automated testing
even in environments protected by Multi-Factor Authentication.
Do you detect privilege escalation issues?
Yes. Infiltra Agents attempt horizontal and vertical
privilege
escalation when a foothold is established, and re-scan from the elevated context where applicable.
Can Infiltra detect complex logic flaws like IDORs?
Yes. Our autonomous agents perform multi-step reasoning
to replicate a human pentester's methodology, specifically testing for logic flaws like IDOR by
attempting unauthorized context switches.