Startups > Horizon3.ai

Horizon3.ai

Horizon3.ai automates penetration testing at machine speed with autonomous attack simulation.
Series D $186M total Founded 2019 San Francisco, California 217 employees
Horizon3.ai provides NodeZero, an autonomous penetration testing platform that safely executes real attack techniques at scale without agents or network disruption. The platform discovers and exploits vulnerabilities by chaining attack paths together—exactly as real attackers would—across internal networks, external surfaces, cloud infrastructure (AWS, Azure, Kubernetes), and web applications. Built by veterans in tech and military, it's trusted by 3,000+ organizations including Fortune 500 companies and national defense partners who need continuous proof of their security posture.
Problem solved
Organizations lack continuous, real-world proof of whether their security controls actually stop attackers, leaving critical vulnerabilities undiscovered until exploited.
Target customer
Fortune 500 enterprises, national defense agencies, managed security service providers (MSPs), healthcare providers, and critical infrastructure operators requiring continuous penetration testing and vulnerability validation across hybrid cloud and on-premises environments.
Website LinkedIn Crunchbase Twitter / X
Founders
S
Snehal Antani
CEO & Co-Founder
Former CTO of JSOC, CTO at Splunk, and CIO at GE Capital with 18 U.S. patents in data processing, cloud computing, and virtualization.
M
Matt Hartley
Chief Revenue Officer
Previously held CRO roles at HYPR and iboss, and served as VP of Americas Sales at Forescout.
C
Chris Corbett
Head of Engineering
Former NASA scientist with background in computational astrophysics, cybersecurity, and AI; led teams at Planet Labs and JPL, co-developer of Signal iOS app.
Funding history
Series D $100M May 2025 Led by New Enterprise Associates (NEA) · SignalFire, Craft Ventures, 9Yards Capital, Qualcomm Ventures
Total raised: $186M
Industries
Artificial Intelligence (AI) Cyber Security Enterprise Software Machine Learning Network Security
Pricing
Quotation-based licensing model with per-IP pricing (e.g., £40/IP annually for up to 2,500 IPs in UK Government pricing). MSP and flexible partner licensing available for scaling concurrent pentests. Starting price not publicly disclosed.
Notable customers
3,000+ organizations worldwide including Fortune 500 companies, national defense partners, North Carolina Electric Cooperatives (NCEC), JTI Cybersecurity, global governments, major healthcare providers. Used in NSA's Continuous Autonomous Penetration Testing (CAPT) program.
Integrations
Amazon Web Services (AWS), Azure, Kubernetes, OWASP Top 10 web application testing frameworks
Tech stack
jQuery Migrate (JavaScript libraries) jQuery (JavaScript libraries) core-js (JavaScript libraries) MediaElement.js (Video players) RSS Open Graph DocuSign WordPress (Blogs) Site Kit (Analytics) Zoominfo (Analytics) Google Analytics (Analytics) Linkedin Insight Tag (Analytics) HSTS (Security) Google Font API (Font scripts) Nginx (Reverse proxies) WP Rocket (Caching) PHP (Programming languages) Cloudflare (CDN) 6sense (Marketing automation) Salesforce Marketing Cloud Account Engagement (Marketing automation) MySQL (Databases) Reddit Ads (Advertising) Linkedin Ads (Advertising) Google Tag Manager (Tag managers) Divi (Page builders) Salesforce (CRM) Yoast SEO Premium (SEO) Yoast SEO (SEO) Amazon Web Services (PaaS) WP Engine (PaaS) CookieYes (Cookie compliance) Google Optimize (A/B Testing) Amazon SES (Email) Greenhouse (Recruitment & staffing)
Website
horizon3.ai/
Competitors
AttackIQ
AttackIQ focuses on attack simulation and validation; Horizon3.ai performs actual exploitation and chaining of real vulnerabilities at machine speed.
SafeBreach
SafeBreach emphasizes breach and attack simulation; Horizon3.ai is fully autonomous without human-directed scenarios.
XM Cyber
XM Cyber focuses on attack path analysis; Horizon3.ai autonomously executes and exploits those paths in production.
CyCognito
CyCognito targets external attack surface management; Horizon3.ai provides comprehensive internal and external pentesting in one platform.
Why this matters: Horizon3.ai represents a fundamental shift in cybersecurity from human-led pentesting to autonomous, continuous attack simulation at machine speed—backed by $186M funding and trusted by defense agencies and Fortune 500 companies. Its recent achievement solving Active Directory compromise in 14 minutes demonstrates how AI is reshaping offensive security, making this a critical watch for enterprises rethinking their vulnerability management.
Best for: Enterprise security teams, MSPs, and critical infrastructure operators who need continuous, autonomous proof that their security controls stop real attacks without manual pentesting overhead.
Use cases
Continuous Vulnerability Validation for Critical Infrastructure
North Carolina Electric Cooperatives used NodeZero to continuously validate security across 26 cooperatives' critical energy infrastructure. The platform automatically discovered vulnerabilities, enabled real-time remediation tracking, and provided proof of fix without disrupting operations—essential for CISO compliance in regulated industries.
Scaling Pentesting for MSP Clients
JTI Cybersecurity automated pentesting across multiple client environments using NodeZero's elastic licensing model, eliminating the need for manual penetration testers for each client engagement. This allowed them to offer continuous testing at scale with faster vulnerability discovery and remediation.
Government Security Program Validation
In the NSA's Continuous Autonomous Penetration Testing (CAPT) program, NodeZero discovered 50,000+ vulnerabilities across defense networks with 70% remediation rate, demonstrating capability to achieve domain compromise in as little as 77 seconds—proving the urgency of active security validation.
Cloud Infrastructure Risk Assessment
Organizations use NodeZero to autonomously test Kubernetes clusters, AWS, and Azure environments for misconfigurations, IAM weaknesses, and chained attack paths—surfacing cloud-native vulnerabilities that traditional scanners miss before attackers exploit them.
Alternatives
AttackIQ Choose AttackIQ if you need more human-guided attack scenarios and validation reporting; choose Horizon3.ai if you need fully autonomous, continuous exploitation without manual direction.
SafeBreach Choose SafeBreach for breach simulation templates across broad security controls; choose Horizon3.ai for autonomous real-world attack path discovery and actual exploitation.
XM Cyber Choose XM Cyber for visualization of attack paths; choose Horizon3.ai if you need autonomous execution and proof of impact of those paths.
FAQ
What does Horizon3.ai do? +
Horizon3.ai's NodeZero platform autonomously executes real penetration tests in production, safely discovering and exploiting vulnerabilities by chaining attack paths together exactly as real attackers would. It tests internal networks, external surfaces, cloud infrastructure (AWS, Azure, Kubernetes), and web applications—all without agents or network disruption—and provides proof of impact and remediation status.
How much does Horizon3.ai cost? +
Horizon3.ai uses a quotation-based licensing model priced per IP address (e.g., £40/IP annually for up to 2,500 IPs). MSPs and partners get flexible, elastic licensing to scale concurrent pentests. Starting price and exact enterprise pricing require contacting sales.
What are alternatives to Horizon3.ai? +
AttackIQ (attack simulation and validation), SafeBreach (breach and attack simulation), XM Cyber (attack path analysis), and CyCognito (external attack surface management) are key competitors. Most focus on simulation or analysis; Horizon3.ai stands out for autonomous real-world exploitation at scale.
Who uses Horizon3.ai? +
Horizon3.ai is trusted by 3,000+ organizations globally: Fortune 500 companies, national defense partners, critical infrastructure operators (electric cooperatives, healthcare), MSPs, and government agencies. Notable mentions include use in NSA's Continuous Autonomous Penetration Testing (CAPT) program.
How does Horizon3.ai compare to AttackIQ? +
Both validate security, but AttackIQ relies on pre-built attack scenarios and human direction, while Horizon3.ai is fully autonomous—it discovers vulnerabilities, chains them together, and actually exploits them without manual guidance. Horizon3.ai executes real attacks at machine speed; AttackIQ simulates them based on defined tactics.
Does NodeZero disrupt production systems? +
No. NodeZero safely executes real attacks without agents, configuration changes, or network disruption, running autonomous pentests in production environments at scale. It performs actual exploitation but with built-in safeguards to prevent harm.
What makes Horizon3.ai unique? +
Horizon3.ai is the first autonomous penetration testing platform to perform actual attack execution (not just simulation) and chain together real vulnerabilities at machine speed, covering internal networks, external surfaces, cloud infrastructure, and web applications—all in one self-service platform. Its AI solved the Game of Active Directory (GOAD) in 14 minutes, exemplifying its autonomous capabilities.
Tags
autonomous penetration testing vulnerability management attack simulation continuous security testing cloud security Kubernetes security adversarial exposure validation AI-driven security