Shikhil Sharma is the Founding father of Astra Safety – a steady pentesting platform. On the very onset of his profession, Shikhil consulted plenty of companies, startups & banks on cyber safety. After serving to some high companies safe their web sites & apps, Shikhil famous how in-effective conventional pentesting was, and based Astra Safety as an enabler to assist bridge the identical. He deeply cares about constructing behavior forming merchandise and designing intuitive advertising campaigns.
Astra Safety just lately raised $2.7 million to revolutionize cybersecurity with AI-Pushed pentesting.
Your journey began with consulting companies and banks on cybersecurity. What gaps did you establish in conventional pentesting that led to the creation of Astra Safety?
A standard pentest is commonly executed as a point-in-time train, it is often triggered by regulatory necessities or when a vulnerability is suspected, leaving the purposes weak to hacks for an prolonged interval between due pentest. Conventional pentesting, which is service-driven, typically overwhelms clients with 500-page reviews crammed with jargon however missing actionable insights.
Communication is usually unstructured, leaving stakeholders, builders, CTOs, CISOs, and even pentesters annoyed by the dearth of seamless collaboration and clear remediation steering. With AI rising the speed at which new code is being pushed into manufacturing, the normal penetration testing method fails to maintain up. This led us to create Astra Safety, a steady offensive pentesting platform.
Astra Safety goals to make cybersecurity “tremendous easy” for SMEs. How does your method differ from conventional safety options out there?
SMEs want easy, efficient safety that doesn’t gradual them down. That’s the place Astra Safety stands out. Our method is constructed round ease of use, automation, actionable insights, and making safety steady at scale. Each few months there’s a brand new acronym of instruments starting from CSPM, SSPM, CTEM, and ASPM, which mid-sized companies discover troublesome to maintain up with. At Astra, we provide options from all of those with out naming them something fancy, to maintain the platform user-friendly.
Our platform integrates straight into the CI/CD pipeline, offering real-time alerts and guided remediation so groups with out devoted safety consultants can keep protected.
What are among the most revolutionary AI-driven safety features Astra has developed to remain forward of cybercriminals?
Astra’s AI-powered offensive safety engine is designed to detect, correlate, and remediate vulnerabilities at scale. Our platform constantly scans infrastructure by leveraging AI-driven assault simulations by way of menace modeling, mimicking real-world hacker ways to uncover even probably the most refined threats. We provide a pleasant bot, “Astranaut,” which has the context of every vulnerability within the buyer’s stack, and helps builders repair vulnerabilities shortly.
Astra Safety affords “steady pentesting.” How does this differ from conventional pentesting, and why is that this shift crucial?
Astra’s steady pentesting platform makes safety real-time and proactive, in contrast to conventional one-off checks. Our AI-powered platform constantly scans infrastructure, detects vulnerabilities, and simulates real-world assaults, offering prompt alerts, danger prioritization, and AI-driven remediation so builders can repair points quicker. With cyber threats evolving day by day, companies can’t afford to attend months for the subsequent take a look at. Astra combines AI automation with professional validation, guaranteeing 24/7 safety and decreased danger publicity.
Your platform has recognized over 110,000 vulnerabilities monthly. Are you able to share insights on among the most stunning or crucial vulnerabilities you’ve found?
The precise variety of vulnerabilities we establish each month is 200,000+. We nonetheless see injection-based assaults like SQL and scripting assaults which have been round for years remaining among the many high findings on our platform. Surprisingly, damaged entry management is widespread, with many purposes weak to it. We had been capable of see this at scale after we launched a damaged entry management scanner module in beta internally. One other factor that surprises us is what number of instances unintentionally secret keys are dedicated to customer-facing code, from Stripe, Slack, to e mail service supplier keys – we have seen all of it.
What position do human safety researchers play in Astra’s AI-powered pentesting platform? How do automation and human experience complement one another?
At Astra, AI automation and Astra’s safety consultants work hand in hand to ship exact, actionable, and real-time safety assessments. Whereas AI accelerates vulnerability detection and automates assault simulations, our safety researchers carry deep context, validation, and revolutionary evaluation, guaranteeing no crucial flaw goes unnoticed. We consider pentesters now have an much more essential position to play, and not must spend time reporting low-hanging vulnerabilities repeatedly, however specializing in precise crucial potential assaults extra.
With cloud environments rising in complexity, how is Astra Safety evolving to guard fashionable SaaS and cloud-based infrastructures?
Our platform proactively scans cloud workloads, APIs, and identities, detecting misconfigurations, privilege escalation dangers, and real-world assault vectors. Astra ensures companies can scale securely – with out compromising agility – with deep cloud integrations, automated compliance checks, and safety embedded into CI/CD pipelines.
Your background consists of taking part in high-profile bug bounty packages. What was your most memorable vulnerability discovery?
One among my bug bounty journey’s most memorable vulnerability discoveries was figuring out a crucial authentication bypass and injection assault in a serious market platform. The flaw allowed attackers to entry person accounts with out legitimate credentials, doubtlessly exposing delicate monetary information. What made this discovery stand out was its real-world affect—had it been exploited, it might have led to large-scale monetary fraud. Accountable disclosure ensured the vulnerability was patched earlier than any harm occurred.
You’re actively concerned in cybersecurity and infrequently converse at business occasions. What position does group engagement play in shaping Astra’s mission?
Group engagement is vital to Astra’s mission. Interacting with safety professionals, builders, and CISOs helps us perceive rising challenges firsthand. These insights straight affect our product improvements, guaranteeing we construct options that aren’t solely cutting-edge but in addition sensible, efficient, and aligned with business wants. At Astra, we’ve constructed The 403 Circle—our unique group of 100+ CTOs and CISOs, the place safety leaders share experiences, change insights, and search steering from friends on the frontlines of cybersecurity.
The place do you see Astra Safety 5 years from now, and what’s your final imaginative and prescient for its affect on the cybersecurity business?
5 years from now, Astra can be on the forefront of AI-driven offensive safety, making steady pentesting the business normal. Our aim is to remove the normal, reactive method to safety by offering companies with an automatic, clever safety engine that detects, prioritizes, and helps remediate vulnerabilities in real-time. Astra will form the way forward for proactive cybersecurity, serving to companies transfer past periodic safety testing to always-on, AI-powered safety that scales with them.
Thanks for the nice interview, readers who want to be taught extra ought to go to Astra Safety.
