Pentera

Pentera is an American cybersecurity software company, specializing in automated security validation solutions. Originally founded as Pcysys in 2015, the company later rebranded as Pentera in 2021. Pentera has entities in the US, Germany, UK, Israel, Dubai, and Singapore.^[1][2][3][4]

Pentera

Industry	Cybersecurity
Founded	2015 (as Pcysys)
Founder	Dr. Arik Liberzon, Arik Faingold
Headquarters	Boston, USA
Area served	Hamburg, Germany London, England Singapore Dubai, UAE Tel Aviv, Israel
Key people	Amitai Ratzon (CEO), Dr. Arik Liberzon (Co-founder and CTO), Ran Tamir (CPO), Aviv Cohen (CMO), Tzurit Golan (Chief People Officer)
Products	Pentera Core, Pentera Surface, Credential Exposure Module, RansomwareReady Module, Security Validation Advisory services
Number of employees	360 (January 2025)
Website	pentera.io

Products

Pentera develops automated security validation software designed to test cybersecurity defenses against real-world attack techniques. The platform enables organizations to identify exploitable vulnerabilities, validate security controls, and prioritize remediation to reduce cyber risk.^[5][6][7]

The Pentera software employs algorithms to test across the entire IT environment, including the internal and external network attack surfaces, on-premises and cloud-based. The platform is designed to perform automated emulation of ethical attack techniques such as remote code execution, password cracking, and data exfiltration. The platform does not require the installation of software agents on the network’s endpoints, making it compatible with most enterprise systems and security service providers.^[8]

The Pentera platform includes the following products:

• Pentera Core — Maps, tests, and validates the security controls of the organization’s internal network.^[9][10]
• Pentera Surface — Maps, tests and validates the security controls of the organization’s external-facing assets exposed to the internet.^[11]
• Pentera Cloud — Maps, tests, and validates the security controls across cloud-native infrastructures, emulating real-world attack techniques such as privilege escalation, credential exposure, and lateral movement to assess an organization’s cloud security posture.^[12]

Additionally, these products can be enhanced by modules:

• Pentera RansomwareReady — Validates the organization’s resilience against the latest known ransomware attacks by testing exploitation paths and security controls.^[13][14]
• Pentera Credentials Exposure — leverages data of real-world leaked credentials sources to identify compromised credentials from the dark web, encrypted storage, and internal sources to analyze potential attack pathways across the organization's internal and external attack surfaces.^[15][16]

Technology & Testing Approach

Like other solutions, Penteras automated security validation covers identity management, misconfigurations, unpatched vulnerabilities, and credential exposure risks. However the automated process uses real-world attack techniques, to emulates adversarial attack paths, both externally and internally. It doe not require to install agent software.

Security Research Divison

Pentera Labs is the company's research division, dedicated to monitoring cyber threats, vulnerabilities, and attack techniques. The team actively contributes to threat intelligence research, publishes findings, and integrates security insights into the Pentera platform. Its publications are available for cyber defenders to identify, analyze, emulate, and mitigate new adversary tactics and techniques in the wild.^[2]

Pentera Labs also disclosed newly discovered "zero day" vulnerabilities and contributed to adversary tactics techniques and procedures (TTPs) to the MITRE ATT&CK matrix.^[17][3]

Notable Pentera Labs research

• Fortinet CVE-2024-47574 – a critical authentication bypass vulnerability discovered in January 2024 that allowed attackers to gain administrator privileges without authentication. Pentera Labs reported the issue to Fortinet, leading to an official security patch.^{[18][19][20][21]}
• Microsoft Azure Functions XSS Vulnerability – a cross-site scripting (XSS) vulnerability found in January 2023, affecting Microsoft Azure Functions. Reported by Pentera Labs and later patched by Microsoft.^[22]
• "135 Is the New 445" vulnerability (September 2022) – discovered a technique that enables lateral movement across networks via Windows TCP port 135, an attack path previously less monitored than traditional SMB-based exploits.^[23]
• VMware Zero-Day Vulnerabilities (March 2022) – discovered two zero-day vulnerabilities (CVE-2022-22948 & CVE-2021-22015) in VMware vCenter, impacting 500,000+ enterprise environments globally. The findings led to security patches issued by VMware.^[24]

Funding

Pentera relies on venture capital. To date, the company has raised $190 million in primary funding:

• Seed funding (2015-2018): Raised $5 million.^[25][26]
• Series A (November 2019): Raised $10 million from AWZ Ventures and Blackstone Group.^[25]
• Series B (September 2020): Raised $25 million^[27] from Insight Partners, AWZ Ventures, and Blackstone Group.^[26][28][29]
• Series C (January 2022): Pentera became a unicorn raising $150 million, out of which $75 million in primary, from K1 Investment Management, Evolution Equity Partners, and Insight Partners. This funding round brought Pentera's valuation to $1 billion.^[30][31]
• Series D (March 2025): Raised $60 million, led by Evolution Equity Partners, with participation from Farallon Capital Management.^[32][33]

Pentera has experienced significant growth since its Series C round, increasing Annual Recurring Revenue (ARR) by more than 300% and expanding its customer base by 200%. The funding supports research and development, AI-driven security validation capabilities, and U.S. market expansion.^[34][35][36]