Shikhil Sharma is the Founding father of Astra Safety – a steady pentesting platform. On the very onset of his profession, Shikhil consulted quite a lot of companies, startups & banks on cyber safety. After serving to some prime companies safe their web sites & apps, Shikhil famous how in-effective conventional pentesting was, and based Astra Safety as an enabler to assist bridge the identical. He deeply cares about constructing behavior forming merchandise and designing intuitive advertising campaigns.
Astra Safety not too long ago raised $2.7 million to revolutionize cybersecurity with AI-Pushed pentesting.
Your journey began with consulting companies and banks on cybersecurity. What gaps did you establish in conventional pentesting that led to the creation of Astra Safety?
A standard pentest is usually finished as a point-in-time train, it is normally triggered by regulatory necessities or when a vulnerability is suspected, leaving the functions weak to hacks for an prolonged interval between due pentest. Conventional pentesting, which is service-driven, usually overwhelms prospects with 500-page reviews stuffed with jargon however missing actionable insights.
Communication is often unstructured, leaving stakeholders, builders, CTOs, CISOs, and even pentesters pissed off by the dearth of seamless collaboration and clear remediation steering. With AI rising the speed at which new code is being pushed into manufacturing, the standard penetration testing strategy fails to maintain up. This led us to create Astra Safety, a steady offensive pentesting platform.
Astra Safety goals to make cybersecurity “tremendous easy” for SMEs. How does your strategy differ from conventional safety options out there?
SMEs want easy, efficient safety that doesn’t gradual them down. That’s the place Astra Safety stands out. Our strategy is constructed round ease of use, automation, actionable insights, and making safety steady at scale. Each few months there’s a brand new acronym of instruments starting from CSPM, SSPM, CTEM, and ASPM, which mid-sized companies discover tough to maintain up with. At Astra, we provide options from all of those with out naming them something fancy, to maintain the platform user-friendly.
Our platform integrates instantly into the CI/CD pipeline, offering real-time alerts and guided remediation so groups with out devoted safety consultants can keep protected.
What are a number of the most modern AI-driven security measures Astra has developed to remain forward of cybercriminals?
Astra’s AI-powered offensive safety engine is designed to detect, correlate, and remediate vulnerabilities at scale. Our platform repeatedly scans infrastructure by leveraging AI-driven assault simulations through menace modeling, mimicking real-world hacker ways to uncover even essentially the most refined threats. We provide a pleasant bot, “Astranaut,” which has the context of every vulnerability within the buyer’s stack, and helps builders repair vulnerabilities rapidly.
Astra Safety gives “steady pentesting.” How does this differ from conventional pentesting, and why is that this shift crucial?
Astra’s steady pentesting platform makes safety real-time and proactive, in contrast to conventional one-off exams. Our AI-powered platform repeatedly scans infrastructure, detects vulnerabilities, and simulates real-world assaults, offering immediate alerts, danger prioritization, and AI-driven remediation so builders can repair points quicker. With cyber threats evolving every day, companies can’t afford to attend months for the following take a look at. Astra combines AI automation with skilled validation, making certain 24/7 safety and lowered danger publicity.
Your platform has recognized over 110,000 vulnerabilities per 30 days. Are you able to share insights on a number of the most shocking or vital vulnerabilities you’ve found?
The precise variety of vulnerabilities we establish each month is 200,000+. We nonetheless see injection-based assaults like SQL and scripting assaults which have been round for years remaining among the many prime findings on our platform. Surprisingly, damaged entry management is widespread, with many functions weak to it. We have been capable of see this at scale after we launched a damaged entry management scanner module in beta internally. One other factor that surprises us is what number of occasions unintentionally secret keys are dedicated to customer-facing code, from Stripe, Slack, to e-mail service supplier keys – we have seen all of it.
What position do human safety researchers play in Astra’s AI-powered pentesting platform? How do automation and human experience complement one another?
At Astra, AI automation and Astra’s safety consultants work hand in hand to ship exact, actionable, and real-time safety assessments. Whereas AI accelerates vulnerability detection and automates assault simulations, our safety researchers convey deep context, validation, and modern evaluation, making certain no vital flaw goes unnoticed. We imagine pentesters now have an much more vital position to play, and now not need to spend time reporting low-hanging vulnerabilities repeatedly, however specializing in precise vital potential assaults extra.
With cloud environments rising in complexity, how is Astra Safety evolving to guard fashionable SaaS and cloud-based infrastructures?
Our platform proactively scans cloud workloads, APIs, and identities, detecting misconfigurations, privilege escalation dangers, and real-world assault vectors. Astra ensures companies can scale securely – with out compromising agility – with deep cloud integrations, automated compliance checks, and safety embedded into CI/CD pipelines.
Your background consists of taking part in high-profile bug bounty packages. What was your most memorable vulnerability discovery?
Considered one of my bug bounty journey’s most memorable vulnerability discoveries was figuring out a vital authentication bypass and injection assault in a significant market platform. The flaw allowed attackers to entry person accounts with out legitimate credentials, doubtlessly exposing delicate monetary knowledge. What made this discovery stand out was its real-world impression—had it been exploited, it may have led to large-scale monetary fraud. Accountable disclosure ensured the vulnerability was patched earlier than any harm occurred.
You’re actively concerned in cybersecurity and sometimes communicate at business occasions. What position does neighborhood engagement play in shaping Astra’s mission?
Neighborhood engagement is vital to Astra’s mission. Interacting with safety professionals, builders, and CISOs helps us perceive rising challenges firsthand. These insights instantly affect our product improvements, making certain we construct options that aren’t solely cutting-edge but additionally sensible, efficient, and aligned with business wants. At Astra, we’ve constructed The 403 Circle—our unique neighborhood of 100+ CTOs and CISOs, the place safety leaders share experiences, change insights, and search steering from friends on the frontlines of cybersecurity.
The place do you see Astra Safety 5 years from now, and what’s your final imaginative and prescient for its impression on the cybersecurity business?
5 years from now, Astra might be on the forefront of AI-driven offensive safety, making steady pentesting the business commonplace. Our aim is to eradicate the standard, reactive strategy to safety by offering companies with an automatic, clever safety engine that detects, prioritizes, and helps remediate vulnerabilities in real-time. Astra will form the way forward for proactive cybersecurity, serving to companies transfer past periodic safety testing to always-on, AI-powered safety that scales with them.
Thanks for the nice interview, readers who want to study extra ought to go to Astra Safety.