Allseek and Haicker are joining Aikido. Together we’re building Aikido Attack: autonomous AI pentests that think like hackers and run in hours, not weeks.
Why does this matter?
Security must match the speed of modern software. Pentests today are valuable but bottlenecked by time, cost, and one-off nature. The future isn’t an annual PDFs, it’s continuous, autonomous systems executing alongside with hacker intuition.
That’s what these teams have been building.
- Allseek, the team that ran Aikido’s very first pen test, creates AI agents that act like real attackers, tracing the paths hackers would take.
- Haicker, founded by world champion hacker Philippe Dourassov and engineer Manaf Mhamdi Alaoui, transforms elite human hacking into autonomous systems.
A new model:
- Pentests in minutes, not weeks
- Continuous feedback with instant fix validation
- Context from white-, grey-, and black-box in one flow
- Autonomous agents running at scale
This is the future: continuous, autonomous agents with humans driving creativity. Faster, broader, accessible to every team, not just the Fortune 5000.
As Philippe put it:
“By teaming up, we are getting another step closer to making ‘unhackable’ possible.”
How it works
Autonomous pen testing isn’t just faster scanning, it’s a chain of specialized AI agents that mirror how hackers operate: exploring, probing, and validating step by step.
- Recon agents gather intel on systems, networks, and organizations
- Mapping agents chart attack surfaces - routes, parameters, tech stacks, versions.
- CVE hunters link known vulnerabilities to discovered versions.
- Exploit agents weaponize those findings.
- Web vulnerability agents that each specialize in specific vulnerability types - for example, one agent is fine-tuned to find cross-site scripting (XSS), while another is geared for SQL injections.
- Logic probing agents that identifies what the business logic behind the application is and then attempts to exploit it.
It’s a relay: one agent discovers, the next digs deeper. They adapt payloads, learn from outcomes, and validate context- like a hacker chains attacks together.
Aikido’s edge is context and coverage, Aikido Attack delivers a killer cocktail:
- White-box agents read your code
- Grey-box agents interpret how features behave
- Black-box agents test the live surface
- Add enrichment from Aikido wider platform, think: SAST, API scanning, CSPM, and attack surface mapping. Together, agents gain both depth + breadth, moving beyond pattern-matching to real autonomous reasoning.
The result: pen tests that don’t just find patterns, but think like hackers.
What changes today
With Aikido Attack, teams can:
- Launch a pen test in minutes (instead of weeks)
- Continuously retest issues as fixes ship
- Get actionable findings in hours, not PDFs every 6 months
- Access real continuous offensive security at a fraction of the cost
What this means for teams
- Developers: instant feedback, fewer bottlenecks, faster fixes
- Security leaders: continuous assurance instead of snapshots
- Pen testers: more space for creativity, focusing on the vulnerabilities AI can’t catch
The $6B pentest industry hasn’t kept pace. Reports take weeks, cost thousands, and are outdated before fixes land. Two-thirds of breaches exploit vulns unpatched for 90+ days.
The point: pen testing is critical, but overdue for reinvention. Human creativity is irreplaceable, yet 90% (mapping, probing, retesting) can and should be automated. Autonomous systems run continuously, on-demand, at a fraction of the cost, freeing humans for the hardest problems…and making continuous security an accessible reality.
Looking ahead
This is just the start of Aikido Attack. Pentests should be on-demand, continuous, and developer-friendly. Call it ‘no bullshit’ if you want ;) Early access is opening soon and we can’t wait to see how teams use it.
We're excited to welcome Wout Debaenst, Miel Verkerken, Arne Feys, Philippe Dourassov and Manaf Mhamdi Alaoui to the Aikido team.
Get early access → aikido.dev/attack/aipentest
.jpg)
.avif)
