Sprocket Security Launches Apex, an AI Penetration Testing Agent for…

News

Sprocket Security Launches Apex, an AI Penetration Testing Agent for Continuous, Human-Supervised Testing at Machine Speed

Madison, WI – June 30, 2026 – Sprocket Security, a continuous penetration testing platform, has launched Apex, its first AI penetration testing agent, to accelerate vulnerability discovery in web applications. Apex performs autonomous, context-aware, unauthenticated web application testing, surfacing exploitable vulnerabilities at machine speed. Apex is wired into the attack surface management platform Sprocket has been building since 2018 to capture real-world offensive testing knowledge. Each customer's assets, tech stack, complete testing history, and previous findings serve as context, allowing Apex to surface deep and complex vulnerabilities. Sprocket's expert human testers supervise the fleet of agents and validate findings so security teams can prioritize their response.

Contextual Offensive Security: AI and human testers for speed and quality

  • Apex reasons like a Sprocket pentester, forms a hypothesis, attempts exploitation to prove real impact, and re-tests every suspected issue before surfacing a finding.
  • Apex operates with full customer context: drawing on each organization's known web assets and complete findings history, eliminating duplicates and automatically flagging regressions if a remediated vulnerability reappears. Testing compounds. Each run builds on the last and calibrates severity to your environment.
  • A Sprocket pentester then reviews and validates results before publishing, so Apex findings clear two checks before reaching a customer's dashboard.

“Apex is built on everything Sprocket has learned running continuous penetration tests since 2018,” said Casey Cammilleri, Founder and CEO of Sprocket Security. “That history is the context that makes this agent good: every asset, test, and finding captured on our platform. Apex runs autonomously and our team supervises every result, so what reaches a customer is real, prioritized, and ready to act on.”

Apex Tests for Real Impact

Apex tests against the OWASP Top 10 categories and beyond, chaining smaller weaknesses into attack paths that demonstrate real, exploitable impact rather than theoretical risk. Apex writes an Attack Narrative for every run that documents what was tested, whether or not it produced a finding.

Apex runs inside Sprocket's SOC 2 environment under a zero-data-retention policy, on a model-agnostic harness built to adopt the best available models over time; customer data is never used to train models.

Additional AI agents are planned for release throughout 2026.

Full technical detail is available in the Apex overview.

About Sprocket Security

Sprocket Security provides a technology-powered continuous penetration testing platform. Named in GigaOm and Gartner reports this year, Sprocket continuously monitors customer environments and triggers hybrid testing based on each customer's dynamic attack surface and emerging threats. Unlike legacy penetration testing, Sprocket's continuous approach delivers real-time insights and adaptive security, giving organizations a security posture that reflects today, not their last test.




Media Contact

Marketing, Sprocket Security
marketing@sprocketsecurity.com

Continuous Human & Automated Security

The Expert-Driven Offensive
Security Platform

Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.

Watch Demo Request Quote

Expert-Driven Offensive Security Platform

  • Attack Surface Management
  • Continuous Penetration Testing
  • Adversary Simulations