Riverbank Sends AI Agent Swarms to Hack You Before the Bad Guys Do

The Macro: Pentesting Is Expensive, Slow, and Incomplete

I am going to describe a process that most companies go through at least once a year, and almost none of them are happy with. A company hires a penetration testing firm. The firm assigns a team of two to four security researchers. Those researchers spend one to three weeks probing the company’s systems, applications, and network infrastructure for vulnerabilities. They write a report. The company receives a PDF that is 80 pages long and contains a mix of critical findings, medium-severity issues, and observations that amount to “you should probably update this library.” The bill is somewhere between $30,000 and $200,000. The company fixes the critical items, ignores the medium ones, and repeats the process next year.

This is the $3 billion penetration testing market in a nutshell. It is dominated by firms like CrowdStrike, Rapid7, Bishop Fox, NCC Group, and Synack. The work is labor-intensive, time-constrained, and fundamentally limited by how many hours of skilled human attention you can buy. A good pentester might spend forty hours on your external network, find a dozen interesting attack paths, and write them up. But your external network has thousands of potential attack surfaces. Forty hours covers a fraction of them.

Vulnerability scanners like Nessus, Qualys, and Tenable try to bridge this gap with automation, but they are essentially pattern matchers. They check for known vulnerabilities, missing patches, and misconfigurations. They do not think creatively. They do not chain together three low-severity findings into a high-severity attack path the way a skilled human attacker would. They are useful but insufficient.

The gap between what scanners find and what human pentesters find is where most real breaches happen. The attacker who compromises your organization is not exploiting the CVE that Nessus flagged. They are chaining together a misconfigured S3 bucket, a leaked API key in a public GitHub repo, and a privilege escalation in an internal tool that nobody thought to test because it was “internal only.”

The industry knows this is a problem. Bug bounty platforms like HackerOne and Bugcrowd crowdsource the work to thousands of researchers, which helps with coverage but creates its own issues around noise, duplicate reports, and inconsistent quality. Automated breach and attack simulation tools like SafeBreach and AttackIQ test specific scenarios but require significant configuration. Nobody has combined the creativity of a skilled human attacker with the speed and coverage of automated scanning. Until now, maybe.

The Micro: An NSA Operator Building Attack Agents

Carter Pry founded Riverbank after working at the NSA. That is the kind of background that either makes you take a cybersecurity startup very seriously or makes you worry about what exactly is being built. In this case, it is the former. Pry is building AI agent swarms that conduct offensive security operations: the same kind of probing, testing, and exploitation that human red teams perform, but at machine speed and machine scale.

The company came through Y Combinator’s Summer 2025 batch. The team is currently one person, which sounds absurd for a cybersecurity company until you consider that the entire product thesis is that AI agents can do work that previously required teams of humans. If you are building a tool that replaces pentesting teams, having a small team yourself is at least internally consistent.

Riverbank’s approach combines AI agents with human operators. The agents handle the broad, repetitive work of probing attack surfaces, identifying potential vulnerabilities, and mapping out attack paths. Human operators provide oversight, validate findings, and handle the creative, high-judgment aspects of offensive security that AI cannot yet replicate. This is not fully autonomous hacking. It is augmented hacking, where the AI does the legwork and the humans do the thinking.

The market positioning is smart. At $3 billion, penetration testing is large enough to support multiple approaches, and the labor constraint is real. There are not enough skilled pentesters in the world to meet demand. CrowdStrike and Rapid7 compete for the same pool of talent. Training a good offensive security researcher takes years. AI agents do not solve the expertise problem entirely, but they can dramatically change the ratio of expert-hours to attack-surface-covered.

The industries Riverbank targets include traditional enterprise security, IoT security, and broader cybersecurity applications. IoT is particularly interesting because IoT devices are notoriously undertested and deployed at massive scale. A swarm of AI agents systematically testing thousands of IoT endpoints is the kind of problem that is perfectly suited for automation and completely impractical for human pentesters.

The Verdict

I think Riverbank is sitting on one of the clearest market opportunities in cybersecurity. The demand for offensive security testing exceeds the supply of qualified humans to perform it. AI agents are the obvious answer. The question is whether the agents are good enough to find vulnerabilities that matter, not just the ones that scanners already catch.

The solo founder risk is real but mitigated by the YC backing and the ex-NSA credibility. Pry does not need to convince customers that he understands offensive security. He needs to convince them that his AI agents understand it too.

Thirty days, I want to see the first customer engagements and whether the agent swarms are producing findings that customers consider valuable. Sixty days, how Riverbank’s output compares to a traditional pentest engagement in terms of coverage and severity of findings. Ninety days, the question is pricing: can Riverbank undercut traditional pentesting firms while delivering comparable or better results? If the answer is yes, this becomes one of the fastest-growing companies in cybersecurity. The talent shortage in offensive security is not getting better. Automation is not optional. It is inevitable.