Resilient Cyber Resilient Cyber w/ Snehal Antani - AI and Autonomous Pen Testing
4 snips
Oct 3, 2025 Snehal Antani, Co-founder and CEO of Horizon3.ai, is an expert in autonomous penetration testing and proactive security. He delves into the evolution of AI in pen testing, highlighting the importance of balancing human intuition with automated processes. Snehal shares insights on the critical bottleneck of remediation and discusses the rise of threat-informed defense strategies. He also emphasizes the risks posed by misconfigurations and the necessity of securing software tools. Horizon3’s growth reflects a market shift towards continuous testing, showcasing innovation in automated remediation.
AI Snips
Chapters
Books
Transcript
Episode notes
Prioritize By Exploitability And Impact
- Test exploitability by actually trying to exploit issues with defenses enabled instead of relying on CVE lists alone.
- Assess threat actor pressure and precise business impact before prioritizing fixes.
One Misconfigured EDR Led To Domain Admin
- In a 14,000-host engagement, misconfigured Defender agents enabled credential theft and full domain compromise.
- The root cause was posture and hygiene, not CVEs or missing patches.
Security Tools As Attack Surface
- Many enterprise tools (backup, observability, security) are high-value attack surfaces due to privileged access and poor hardening.
- Future enterprise products should minimize persistent agents, limit credentials, and be instrumentable to reduce blind spots.
