ThreatMate has introduced Kraken Pentester, a new agentic penetration testing platform designed specifically for managed service providers (MSPs) and managed security service providers (MSSPs). The company is showcasing the platform live at Kaseya Connect Global 2026, taking place April in Las Vegas. Kraken represents a shift from traditional automated penetration testing tools by incorporating an AI reasoning engine capable of dynamically adapting its actions during an engagement. Instead of executing predefined scripts, the platform follows an observe orient decide act model, enabling it to analyze findings in real time and determine the most effective next steps similar to how human attackers operate.

The platform is designed to go beyond identifying isolated vulnerabilities by autonomously chaining them into full attack paths. For example, when detecting a server-side request forgery (SSRF) vulnerability, Kraken can leverage it to extract credentials, access cloud storage, identify SSH keys, and escalate privileges across environments. This approach allows organizations to better understand how vulnerabilities could be exploited in real-world scenarios.

Anup Ghosh said that while automated penetration testing has become a baseline expectation, it often lacks the ability to simulate real adversarial behavior. He emphasized that Kraken aims to provide deeper insights by replicating how attackers think and operate, delivering more actionable intelligence beyond standard vulnerability reports.

At the core of Kraken is a ReAct (Reasoning + Acting) architecture, where AI models continuously evaluate previous results, plan subsequent actions, and execute targeted tests using a suite of offensive security tools. The platform can perform multiple iterative steps within a single engagement, refining its approach based on each outcome.

A key differentiator is its ability to execute cloud-native attack chains. Kraken can move from web-layer vulnerabilities to full cloud infrastructure compromise across platforms such as Azure and AWS, demonstrating how attackers could escalate access through interconnected systems. Additionally, the platform incorporates a “compound learning” capability, maintaining a knowledge base of past engagements to improve effectiveness over time.

Kraken is also designed to integrate into MSP workflows, offering end-to-end testing from initial target input to a comprehensive report. The output includes executive summaries, detailed attack chain analyses, evidence, and prioritized remediation guidance. Real-time visibility into the AI’s reasoning process and attack progression is also provided during engagements. The launch reflects a broader trend in cybersecurity toward AI-driven offensive and defensive tools, as organizations seek more advanced methods to validate security in increasingly complex cloud and hybrid environments.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com  



🔒 Login or Register to continue reading