Pentera Hits $100M ARR, Signals New Era for Proactive Cyber Defense

BOSTON, MA – January 06, 2026 – In a significant milestone for the cybersecurity industry, AI-powered security validation firm Pentera announced it has surpassed $100 million in Annual Recurring Revenue (ARR), becoming the first company in the Adversarial Exposure Validation (AEV) market to achieve so-called “Centaur status.” The achievement caps a landmark year for the company, marked by strategic acquisitions, major product launches, and rapid global expansion, signaling a broader market shift towards proactive, automated security.

The Centaur designation, typically reserved for private software companies reaching the $100 million ARR threshold, is widely seen by investors and analysts as a mark of a mature, de-risked business with proven product-market fit. While other cybersecurity firms have reached this milestone in adjacent sectors, Pentera's announcement solidifies the growing importance of its specific niche: helping organizations continuously test their defenses against real-world attack techniques.

"Becoming the first adversarial testing company to surpass $100 million in ARR is the result of focus, commitment and a great product-market fit," said Amitai Ratzon, CEO of Pentera, in a statement. He noted that over 1,200 enterprises now use the platform to validate their security posture, from core infrastructure to emerging AI platforms, often without needing to increase security headcount.

The Maturing Market for Exposure Validation

Pentera’s financial success is a powerful indicator of the evolution occurring within enterprise security. For years, organizations have relied on periodic vulnerability scans and manual penetration tests, which often produce long lists of theoretical weaknesses without clear prioritization. The Adversarial Exposure Validation market represents a fundamental shift towards a more dynamic and evidence-based approach.

Industry analysts at Gartner define AEV technologies as those that provide "consistent, continuous and automated evidence of the feasibility of an attack." This approach consolidates disciplines like Breach and Attack Simulation (BAS) and automated red teaming into a unified strategy. Instead of just identifying a potential vulnerability, AEV platforms like Pentera's attempt to safely exploit it, mapping out potential attack paths and proving which exposures pose a genuine, immediate risk. This allows security teams to prioritize remediation efforts on the threats that matter most.

This methodology is a cornerstone of the Continuous Threat Exposure Management (CTEM) framework, a holistic security strategy gaining significant traction. Gartner predicts that by 2026, organizations prioritizing their security investments based on a CTEM program will be three times less likely to suffer a breach. Pentera's growth reflects this trend, as it competes in a vibrant ecosystem alongside other AEV players like Picus Security, Cymulate, and SafeBreach, all pushing enterprises to adopt a continuous, proactive security posture.

Fueling Growth with Strategic Acquisitions and Innovation

Pentera's ascent to Centaur status was significantly accelerated by a series of strategic moves in 2025, beginning with a $60 million Series D funding round early in the year. The company put the capital to immediate use, completing two key acquisitions that expanded the scope of its platform from simply identifying exposures to orchestrating their resolution.

First, the acquisition of AI-powered remediation platform DevOcean led to the launch of Pentera Resolve. This new module extends the platform's capabilities by automatically transforming validated security findings into actionable remediation plans. By consolidating findings, enriching them with context, and triggering fixes through more than 100 native integrations with IT and security tools, Resolve aims to close the loop between validation and remediation, ensuring every identified gap is tracked until it is verifiably closed.

Second, Pentera acquired offensive security firm EVA Information Security, a move that directly enabled the launch of Pentera Offensive Security Services. This new offering provides expert-led red team engagements focused on high-impact and complex environments that automated tools may struggle with, such as the business logic of enterprise applications, complex authentication flows, and the security of AI models. This human-led service complements the automated platform, offering a comprehensive approach to testing an organization's most critical assets.

AI's Double-Edged Sword in Cybersecurity

Underpinning Pentera's strategy is a deep investment in artificial intelligence, reflecting a critical industry dynamic where AI is both a weapon and a shield. The company has enhanced its platform with AI-powered reporting to surface security posture trends and guide priorities. It also introduced AI-based Web Attack Testing, which features adaptive payload generation and PII-aware attack chaining, designed to mimic the increasingly sophisticated, AI-assisted threats that defenders now face.

This focus on AI extends to securing AI itself. The introduction of Pentera Offensive Security Services for AI systems acknowledges that as organizations increasingly deploy AI models, they are also creating new, poorly understood attack surfaces. By offering expert validation for these systems, Pentera is positioning itself to help clients navigate this new frontier of risk.

Further cementing its leadership in responsible AI, Pentera became the first AEV vendor to achieve ISO/IEC 42001 certification. This new international standard, published in late 2023, provides a framework for an Artificial Intelligence Management System (AIMS), ensuring that AI is developed and used responsibly and ethically. Achieving this certification so early demonstrates a proactive commitment to AI governance, a critical differentiator in a field where trust and transparency are paramount.

A Year of Global Expansion and Recognition

Pentera's financial and product milestones were supported by aggressive operational growth throughout 2025. The company expanded its global footprint with new offices in Colorado, Madrid, and Tel Aviv, while simultaneously growing its U.S. team by over forty percent. This expansion aims to provide localized support for its growing international customer base.

To lead these efforts, the company appointed industry veteran Bart Hammond as its first Chief Customer Officer, tasking him with scaling global operations and ensuring a strong customer experience at every stage. This focus on customer success was validated by external recognition, including being named a Leader in the 2025 QKS SPARK Matrix for Exposure Management.

The combination of financial success, technological innovation, and strategic expansion paints a clear picture of a company capitalizing on a major inflection point in the cybersecurity market. As enterprises move away from reactive, compliance-driven security, the demand for measurable, continuous, and automated validation of their defenses is intensifying, creating a fertile ground for growth that Pentera has successfully tapped.