In recent years, HackerSec has built three fronts that advanced in parallel. A new pentest methodology combining offensive artificial intelligence with specialized human validation. A proprietary AI agent capable of executing the first layer of attack in real environments. And a platform where all of this converges into a continuous operation for the client.
Today we officially launched the initiative that unifies these three fronts: HackerSec.ai.
What is HackerSec.ai
It is HackerSec's applied research initiative in offensive cybersecurity with artificial intelligence. A unique front that brings together everything we have been developing internally.
Yaga, the offensive AI agent that executes the first layer of the pentest. Pentest AI-First, the proprietary methodology that combines artificial intelligence and human experts in sequence. And the HAS Platform, where clients monitor the entire operation in real-time.
Think of hackersec.ai less as a product page and more as the research foundation upon which we are building the next generation of offensive cybersecurity.
Why treat this as a research initiative
Offensive cybersecurity is at a decisive moment. On one side, automated tools that run scanners and promise "automated pentests" without any real reasoning capability. On the other, new platforms attempting to push for 100% autonomous pentests, removing the human pentester from the entire equation.
Both extremes have clear limits. Scanners do not think. Autonomous agents without validation make mistakes that can be costly in real environments with complex business rules.
HackerSec believes in a different path. A model where offensive artificial intelligence and human experts work together, each in their area of strength. And to build this path rigorously, we need to treat the endeavor as what it is: applied research, with method, continuous evaluation, and iteration.
"The future of offensive cybersecurity will not be defined by who automates the most. It will be defined by who consistently combines machine speed with human depth."
comments Andrew Martinez, CEO of HackerSec
The three fronts that make up the initiative
Each of the three fronts that form HackerSec.ai already exists, operates, and delivers results within the company. The initiative is what gives coherence to the whole.
Yaga is the offensive AI agent developed internally by HackerSec. It performs technical reconnaissance, interprets the context of the application, conducts real exploits within the defined scope, and produces findings with evidence before any results reach the client. It is not a scanner with a new name, nor an interface of prompts over a language model. It is an agent that operates on web applications, APIs, networks, cloud environments, mobile, IoT, and systems with AI and LLM.
Pentest AI-First is the methodology that structures how Yaga and human pentesters act in sequence. The artificial intelligence executes the first offensive layer. Each finding goes through a layer of technical validation. The human pentester deepens the analysis by exploring attack chains, business logic, and scenarios that require real offensive reasoning.
The HAS Platform is where this operation takes concrete form for the client. Vulnerabilities appear with technical descriptions, CVSS scores, evidence of exploitation, and remediation recommendations. The client manages fixes, requests retests, generates reports, and integrates with Jira, Slack, Microsoft Teams, and MCP, connecting the security operation to the rest of the tools the company already uses.
The technical evaluation
To ensure that this approach is not just theoretical, we subjected the model to a controlled technical evaluation. In 600 scenarios from the OWASP TOP 10, the combined operation of Yaga with human validation achieved 98% accuracy, compared to 91.2% for pure autonomous agents in the same test set.
The false positive rate was at 2%. A number that is only possible when there is a human layer validating each finding before it enters the client's final report.
These numbers matter. But they are just the current snapshot. The hackersec.ai initiative exists precisely to evolve this evaluation over time, test against new AI models as they emerge, expand scenarios, and publish what we learn.
An initiative open to collaboration
HackerSec.ai was built to grow beyond the company's borders. Quality applied research benefits from new scenarios, external perspectives, and the confrontation with problems that come from outside our radar.
That’s why the initiative is open to collaboration with partner cybersecurity companies of HackerSec, who face the same challenges we do and want to evolve alongside the operation.
Partner companies can integrate Pentest AI-First into their offensive cybersecurity operations, gain early access to new modules of the HAS platform, propose new evaluation scenarios for Yaga, and participate in the initiative's evolution cycles before the public launch.
We are building this together with the ecosystem. And we believe that the next generation of offensive cybersecurity will be made exactly this way.
What comes next
Applied research does not end with a launch. It begins with it.
HackerSec.ai will continue to evolve as new AI models, new offensive techniques, and new contexts emerge in the market. Today the three pillars are Yaga, Pentest AI-First, and HAS. Tomorrow they could be four, five, or the same three operating at completely different levels.
Offensive cybersecurity needs to evolve alongside what it is defending. And that only happens when real artificial intelligence and human experts operate as a single system.
To learn more about the initiative in detail, visit hackersec.ai. To see the operation in practice, check out the HAS Platform.