Horizon3.ai's 'AI Hacker' Drives 102% Growth in New Cyber Arms Race

SAN FRANCISCO, CA – March 19, 2026 – Proactive security firm Horizon3.ai today announced a staggering 102% year-over-year increase in annual recurring revenue (ARR), a figure that underscores a seismic shift in how organizations are confronting cyber threats. The growth is powered by the rapid adoption of its flagship platform, NodeZero, an autonomous "AI hacker" designed to find and fix exploitable attack paths before real adversaries can.

The announcement comes as businesses and government agencies grapple with an increasingly automated and hostile digital landscape. With a valuation soaring past $1.5 billion and recognition as one of America's fastest-growing private companies, Horizon3.ai's trajectory suggests that the future of defense lies not in reaction, but in proactive, AI-driven validation.

The AI Arms Race Heats Up

At the heart of Horizon3.ai's success is NodeZero, which the company bills as "the world's most experienced AI hacker." The platform has autonomously executed over 225,000 production-safe penetration tests, not in sterile lab environments, but within the live, complex networks of hospitals, financial institutions, and critical infrastructure. This is a departure from traditional, human-led pentesting, which is often periodic, costly, and struggles to keep pace with dynamic IT environments.

NodeZero operates by mimicking the behavior of a human attacker. Using a combination of graph-based reasoning to map out environments and plan attack paths, classical machine learning to classify data, and carefully scoped Generative AI for analysis, the platform chains together vulnerabilities, misconfigurations, and credential weaknesses to build a complete picture of exploitability. It shows organizations not just a list of theoretical vulnerabilities, but the actual paths an attacker could take to compromise critical assets.

This approach is becoming critical in an era where malicious actors are also leveraging AI to scale their attacks. From AI-generated polymorphic malware that evades signature-based detection to hyper-realistic deepfake phishing campaigns, the offensive capabilities of cybercriminals are accelerating.

“The future isn’t humans reacting to AI-driven attacks. It’s AI fighting AI, with humans directing by exception,” said Snehal Antani, CEO and Co-Founder of Horizon3.ai, in the company's announcement. “We built the most experienced AI hacker first, and we are now using that experience to help organizations defend themselves at machine speed.” This vision of an AI-led defense is resonating, as evidenced by the company's 125% Net Dollar Retention, a metric indicating that existing customers are significantly expanding their use of the platform.

Scaling Security Through Strategic Partnerships

While the technology is the engine, Horizon3.ai's go-to-market strategy is the fuel for its explosive growth. A crucial element is its deep reliance on Managed Security Service Providers (MSSPs). Approximately 70% of the company's 5,200+ customers are serviced through these partners, a segment that is among its fastest-growing. In the last quarter alone, 32% of all new bookings originated from channel partners.

This channel-first model allows the company to scale globally while empowering MSSPs to enhance their own service offerings. In an industry grappling with a severe cybersecurity talent shortage, NodeZero acts as a force multiplier, enabling MSSP teams to conduct more assessments, more frequently, without a proportional increase in headcount. Partners leverage the platform to move beyond basic security services into higher-margin offerings like continuous validation, remediation advisory, and strategic consulting.

“MSSPs play a critical role, especially in international markets where local relationships and trust matter,” Antani noted. “They allow us to scale globally while enabling partners to build high-margin service offerings on top of NodeZero.”

Through its Vanguard Partner Program, Horizon3.ai provides MSSPs with multi-tenant licensing, go-to-market support, and specialized training, effectively embedding its technology within the broader cybersecurity service ecosystem. This strategy transforms NodeZero from a standalone product into a core platform upon which an entire channel can build profitable, high-value businesses, driving a virtuous cycle of adoption and growth.

Fortifying the Front Lines of Critical Infrastructure

The impact of this proactive security model is most pronounced in sectors where the stakes are highest. NodeZero is being deployed across the U.S. Defense Industrial Base (DIB), financial services, utilities, and manufacturing—sectors constantly in the crosshairs of nation-state actors and sophisticated cybercriminal groups.

These organizations face unique challenges, from protecting legacy operational technology (OT) to securing sprawling supply chains. The threat is not abstract; Horizon3.ai recently issued guidance on Iranian cyber activity targeting these very sectors, highlighting the need for defenses that can anticipate and disrupt specific adversary campaigns. NodeZero helps these organizations move from a compliance-driven, checklist mentality to a state of continuous, proven resilience.

For example, organizations within the DIB must comply with stringent mandates like the Cybersecurity Maturity Model Certification (CMMC). NodeZero provides a way to continuously validate security controls and prove their effectiveness against real-world attack techniques, helping suppliers reduce risk and protect sensitive national security information. The platform's FedRAMP® High Authorization further solidifies its position as a trusted solution for the public sector.

One documented use case involves the North Carolina Electric Cooperatives, which uses NodeZero for continuous penetration testing across 26 member cooperatives. This allows the critical energy provider to gain real-time visibility into its security posture and manage vulnerabilities proactively, hardening a vital piece of the nation's infrastructure against disruption. By focusing on what is actually exploitable, these organizations can prioritize their limited resources on fixing the weaknesses that pose the greatest business risk, ensuring they are prepared for the threats of today and tomorrow.

The company's rapid ascent, marked by a 19,939% three-year revenue growth that placed it 3rd on the Deloitte Technology Fast 500™, is a clear indicator of market demand. As attack surfaces expand and adversaries become more automated, the ability to continuously find, fix, and verify vulnerabilities is no longer a luxury but a fundamental requirement for cyber resilience. Horizon3.ai's success demonstrates that in the modern cyber battleground, the best defense is a relentlessly proactive, AI-powered offense.