Shikhil Sharma is the Founding father of Astra Safety – a steady pentesting platform. On the very onset of his profession, Shikhil consulted a variety of companies, startups & banks on cyber safety. After serving to some high companies safe their web sites & apps, Shikhil famous how in-effective conventional pentesting was, and based Astra Safety as an enabler to assist bridge the identical. He deeply cares about constructing behavior forming merchandise and designing intuitive advertising and marketing campaigns.
Astra Safety not too long ago raised $2.7 million to revolutionize cybersecurity with AI-Pushed pentesting.
Your journey began with consulting companies and banks on cybersecurity. What gaps did you establish in conventional pentesting that led to the creation of Astra Safety?
A standard pentest is commonly performed as a point-in-time train, it is normally triggered by regulatory necessities or when a vulnerability is suspected, leaving the purposes weak to hacks for an prolonged interval between due pentest. Conventional pentesting, which is service-driven, usually overwhelms clients with 500-page experiences stuffed with jargon however missing actionable insights.
Communication is often unstructured, leaving stakeholders, builders, CTOs, CISOs, and even pentesters annoyed by the dearth of seamless collaboration and clear remediation steering. With AI growing the speed at which new code is being pushed into manufacturing, the normal penetration testing method fails to maintain up. This led us to create Astra Safety, a steady offensive pentesting platform.
Astra Safety goals to make cybersecurity “tremendous easy” for SMEs. How does your method differ from conventional safety options available in the market?
SMEs want easy, efficient safety that doesn’t sluggish them down. That’s the place Astra Safety stands out. Our method is constructed round ease of use, automation, actionable insights, and making safety steady at scale. Each few months there’s a brand new acronym of instruments starting from CSPM, SSPM, CTEM, and ASPM, which mid-sized companies discover tough to maintain up with. At Astra, we provide options from all of those with out naming them something fancy, to maintain the platform user-friendly.
Our platform integrates immediately into the CI/CD pipeline, offering real-time alerts and guided remediation so groups with out devoted safety consultants can keep protected.
What are among the most modern AI-driven security measures Astra has developed to remain forward of cybercriminals?
Astra’s AI-powered offensive safety engine is designed to detect, correlate, and remediate vulnerabilities at scale. Our platform repeatedly scans infrastructure by leveraging AI-driven assault simulations through risk modeling, mimicking real-world hacker ways to uncover even essentially the most subtle threats. We provide a pleasant bot, “Astranaut,” which has the context of every vulnerability within the buyer’s stack, and helps builders repair vulnerabilities shortly.
Astra Safety affords “steady pentesting.” How does this differ from conventional pentesting, and why is that this shift essential?
Astra’s steady pentesting platform makes safety real-time and proactive, in contrast to conventional one-off checks. Our AI-powered platform repeatedly scans infrastructure, detects vulnerabilities, and simulates real-world assaults, offering on the spot alerts, threat prioritization, and AI-driven remediation so builders can repair points sooner. With cyber threats evolving every day, companies can’t afford to attend months for the subsequent take a look at. Astra combines AI automation with professional validation, making certain 24/7 safety and diminished threat publicity.
Your platform has recognized over 110,000 vulnerabilities per 30 days. Are you able to share insights on among the most shocking or essential vulnerabilities you’ve found?
The precise variety of vulnerabilities we establish each month is 200,000+. We nonetheless see injection-based assaults like SQL and scripting assaults which have been round for years remaining among the many high findings on our platform. Surprisingly, damaged entry management is widespread, with many purposes weak to it. We have been in a position to see this at scale after we launched a damaged entry management scanner module in beta internally. One other factor that surprises us is what number of occasions unintentionally secret keys are dedicated to customer-facing code, from Stripe, Slack, to electronic mail service supplier keys – we have seen all of it.
What function do human safety researchers play in Astra’s AI-powered pentesting platform? How do automation and human experience complement one another?
At Astra, AI automation and Astra’s safety consultants work hand in hand to ship exact, actionable, and real-time safety assessments. Whereas AI accelerates vulnerability detection and automates assault simulations, our safety researchers deliver deep context, validation, and modern evaluation, making certain no essential flaw goes unnoticed. We imagine pentesters now have an much more essential function to play, and not must spend time reporting low-hanging vulnerabilities repeatedly, however specializing in precise essential potential assaults extra.
With cloud environments rising in complexity, how is Astra Safety evolving to guard fashionable SaaS and cloud-based infrastructures?
Our platform proactively scans cloud workloads, APIs, and identities, detecting misconfigurations, privilege escalation dangers, and real-world assault vectors. Astra ensures companies can scale securely – with out compromising agility – with deep cloud integrations, automated compliance checks, and safety embedded into CI/CD pipelines.
Your background consists of collaborating in high-profile bug bounty applications. What was your most memorable vulnerability discovery?
One in every of my bug bounty journey’s most memorable vulnerability discoveries was figuring out a essential authentication bypass and injection assault in a serious market platform. The flaw allowed attackers to entry person accounts with out legitimate credentials, probably exposing delicate monetary information. What made this discovery stand out was its real-world affect—had it been exploited, it may have led to large-scale monetary fraud. Accountable disclosure ensured the vulnerability was patched earlier than any injury occurred.
You’re actively concerned in cybersecurity and infrequently converse at trade occasions. What function does neighborhood engagement play in shaping Astra’s mission?
Group engagement is vital to Astra’s mission. Interacting with safety professionals, builders, and CISOs helps us perceive rising challenges firsthand. These insights immediately affect our product improvements, making certain we construct options that aren’t solely cutting-edge but in addition sensible, efficient, and aligned with trade wants. At Astra, we’ve constructed The 403 Circle—our unique neighborhood of 100+ CTOs and CISOs, the place safety leaders share experiences, alternate insights, and search steering from friends on the frontlines of cybersecurity.
The place do you see Astra Safety 5 years from now, and what’s your final imaginative and prescient for its affect on the cybersecurity trade?
5 years from now, Astra will probably be on the forefront of AI-driven offensive safety, making steady pentesting the trade commonplace. Our aim is to eradicate the normal, reactive method to safety by offering companies with an automatic, clever safety engine that detects, prioritizes, and helps remediate vulnerabilities in real-time. Astra will form the way forward for proactive cybersecurity, serving to companies transfer past periodic safety testing to always-on, AI-powered safety that scales with them.
Thanks for the nice interview, readers who want to be taught extra ought to go to Astra Safety.