“Attackers are already using AI to find and exploit vulnerabilities faster than ever,” said Zayne Zhang, founder of Hacktron. “Most companies are still testing security like it’s a quarterly exercise. We’re building a system that tests every code change like a real attacker would, so teams can move fast without shipping risk.”

Competitive Hacking Background Shapes the Company’s Approach

Unlike many cybersecurity startups founded around enterprise software experience alone, Hacktron’s roots come directly from offensive security competitions.

From DEF CON Challenges to Enterprise Vulnerability Discovery

The founding team has participated in and won multiple DEF CON Capture the Flag (CTF) competitions while also presenting research at conferences, including DEF CON and Black Hat.

That experience has already translated into real-world vulnerability discoveries.

According to the company, its researchers have identified and responsibly disclosed flaws affecting software and infrastructure used by enterprise organizations, including vulnerabilities tied to BeyondTrust Remote Support, GitHub, GitLab, Cloudflare-related frameworks, and Vercel’s Next.js ecosystem.

Hacktron also said it recently uncovered critical weaknesses in the widely used OAuth2 Proxy project, underscoring risks surrounding open-source infrastructure commonly deployed across enterprise environments.

The company has additionally provided security testing support for high-growth technology organizations, including Perplexity AI and Supabase, using the same AI-assisted methodology that now powers its broader platform.

AI Changes the Speed of Both Attacks and Defense

The company’s launch lands amid growing industry concern that artificial intelligence is compressing the time between vulnerability discovery and exploitation.

Security Teams Face Growing Pressure to Keep Pace

In many enterprise environments, security teams are already managing expanding application ecosystems, cloud-native architectures, and increasingly rapid release schedules.

Hacktron argues that conventional scanning tools often struggle to keep pace because they tend to focus on known weaknesses or predefined signatures rather than identifying complex exploit paths.

Its platform combines AI with attacker-inspired testing methods designed to evaluate every pull request and code modification, identify exploitable weaknesses, reduce unnecessary alert noise, and assist developers with remediation guidance while changes are still being built.

That shift reflects a wider transition inside application security, where organizations are increasingly prioritizing context-aware testing approaches capable of finding meaningful weaknesses before production releases occur.

“The best security founders don’t think like defenders, they think like attackers,” said Scott Sage, co-founder and partner at Crane Venture Partners. “AI is changing the economics of both building and breaking software, and Hacktron is creating what modern software teams will need to succeed.”

Community Reach Becomes Part of the Growth Strategy

Beyond technical expertise, Hacktron enters the market with something many early-stage cybersecurity startups struggle to build: a direct audience.

Security Education and Research Play a Bigger Role

Team member Fabian Faessler has built a YouTube following approaching one million subscribers, giving the company a built-in channel to developers, security researchers, and technical communities.

Hacktron said it plans to expand educational content alongside product development, including publishing deeper analysis tied to recent OAuth2 Proxy findings as part of a broader effort to share real-world vulnerability research.

The approach reflects a larger trend among cybersecurity startups that increasingly blend technical credibility, research transparency, and community engagement to establish trust with developers and enterprise buyers alike.

Early Customer Adoption Gives the Startup Momentum

For a company still in its early stages, Hacktron has already begun seeing signs that the market is paying attention.

The startup said it generated close to $240,000 in revenue during its first nine months, suggesting that some organizations are already looking for alternatives to conventional security testing models that often happen only a few times a year.

That early traction matters because many engineering teams are under pressure to release software quickly without creating additional security blind spots. In practice, that has left companies searching for ways to catch meaningful vulnerabilities earlier in the development cycle instead of waiting for scheduled reviews after code has already moved deeper into production.

Hacktron said the newly raised capital will be used to grow both its engineering and offensive security talent, while also helping the company refine the platform and expand its reach.

The timing may work in its favor. As software release cycles become faster and attackers experiment with AI to uncover weaknesses more quickly, security teams are increasingly questioning whether traditional testing rhythms are still enough. Startups promising continuous validation – particularly those built by practitioners with offensive security experience – are beginning to attract closer attention from both enterprise buyers and investors looking at where application security is headed next.

Research and Intelligence Sources:Hacktron

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com