Penetration testing is starting to change as security teams and service providers look for ways to test environments more frequently. Traditional pentests are usually run as periodic engagements. Testers assess the environment, produce a report, and the process repeats months later. In fast-changing cloud and application environments, that approach can leave long gaps where new vulnerabilities appear but remain untested.
Terra Security is trying to address that challenge with the launch of Terra Portal, an agentic gateway that allows AI-driven testing to run continuously while human pentesters supervise the process. The platform acts as an execution layer where autonomous agents perform testing tasks and security experts step in when deeper analysis or controlled exploitation is required.
The goal is to shorten the time between discovering vulnerabilities and fixing them. In many organizations, that cycle can take weeks or months. Terra says its model is designed to reduce that gap significantly while allowing testing to run continuously as environments evolve.
Pentesting Is Moving Toward Continuous Testing
Pentesting has traditionally been delivered as a project. Testers scope an environment, spend several weeks probing it for weaknesses, deliver a report, and then disengage until the next testing cycle.
But modern applications change frequently. New features, APIs, and infrastructure updates mean that the results of a test can quickly become outdated.
Agentic testing models aim to address that issue by allowing reconnaissance, attack surface mapping, test execution, and validation to run continuously through AI agents supervised by human testers.
“Attackers are already using AI to probe environments continuously, they’re not attacking once a year. But traditional pentesting still operates on that periodic model, leaving long windows of exposure between tests,” said
Shahar Peled, CEO and co-founder of Terra Security. “Terra closes that gap by combining AI agents with human pentesters, so testing can run continuously while experts stay in control of execution and safety. Through the Terra Portal, pentesters supervise agents that map attack surfaces, validate vulnerabilities, and prioritize real risks as environments change.”
For security teams, this means testing can keep pace with the environment rather than restarting every six or twelve months.
How the Agentic Workflow Works
Terra Portal operates as a gateway where AI agents and human testers work within the same testing workflow.
Ambient AI agents handle many of the operational tasks that typically take up large portions of a pentester’s time. These include reconnaissance, attack surface discovery, code review, test case generation, reachability analysis, and documentation. The agents can also help validate whether vulnerabilities are exploitable and assist with remediation guidance.
When testing requires deeper judgment or carries higher operational risk, human testers step in using Copilot AI agents. These tools allow pentesters to run controlled exploitation attempts, validate findings, and produce reports while maintaining oversight of the AI-driven process.
Because both humans and agents operate within the same system, testing can continue without restarting when new changes appear in the environment.
What It Means for MSSPs
For MSSPs and security consultancies, agentic pentesting platforms could change how offensive security services are delivered.
Many pentesting firms still operate on a project-based services model tied directly to billable hours. That limits how many environments a team can test and often restricts the scope of engagements.
Agentic platforms allow providers to supervise AI-driven testing across multiple customer environments at once, enabling continuous validation instead of one-time testing engagements.
“Agentic platforms fundamentally change the economics and delivery model of offensive security services,” said
Anna Sarnek, VP of Business & Strategy at Terra Security. “Instead of project-based pentests tied to human hours, MSSPs can deliver continuous security validation where human experts govern AI-driven testing at scale. That allows providers to expand coverage across many more customer environments while improving margins and moving to recurring service models. Importantly, MSSPs don’t need to build this technology themselves. They can focus on the governance, expertise, and customer relationships that define their business.”
This model can allow providers to expand testing coverage across more applications and customers without increasing staff at the same rate.
MSSPs Play a Big Role in Continuous Offensive Security
Even with increased automation, human pentesters remain a central part of offensive security programs. AI agents can handle execution at scale, but human experts guide attack strategies, validate complex vulnerabilities, and interpret results.
Platforms like Terra shift pentesters toward supervising and guiding testing campaigns rather than running every task manually.
“Continuous pentesting works best when it combines AI execution with human oversight, and that’s where MSSPs and consultancies play a critical role,” said
Gev Hadari, Head of Adversary Services at Terra Security. “They bring the adversarial thinking that turns automated testing into real attack campaigns. This includes guiding agents toward meaningful targets, validating exploitable paths, and uncovering the risks that actually matter to the business.”
Hadari said service providers also play an important governance role in continuous testing programs.
“The result is continuous visibility into exploitable risk, faster prioritization of fixes, and a much shorter exposure window between vulnerability introduction and remediation,” he said. “In practice, it forces attackers to work harder because defenders are validating their security posture continuously rather than periodically.”
Terra Portal highlights how security testing is starting to change. Applications are updated more often, and attackers are using automation to probe systems continuously. Testing systems once or twice a year is no longer enough for many organizations. Continuous testing that combines AI tools with human expertise can help security teams and MSSPs find and validate vulnerabilities faster while monitoring more of their environments.
