Agentic AI Drives Continuous Security Validation, Terra Security Wins AWS Competency

Terra Security said this week it has achieved Amazon Web Services Security Competency status for Autonomous Security Validation, a milestone the company says validates its agentic AI approach to continuous penetration testing.

Terra Security CEO Shahar Peled framed the shift away from episodic testing in plain terms. “The era of manual, point-in-time penetration testing is ending,” Peled said. “Autonomous, continuous validation is the new standard.” Terra said AWS also recognized its product as an “Agentic AI” offering as part of the new Autonomous Security Validation use case.

The announcement follows a broader industry move toward agentic systems that can plan, execute, and reason across multi-step security workflows. Picus Security highlighted that trend in Frost & Sullivan’s Frost Radar: Automated Security Validation, 2026, where Frost & Sullivan named Picus Security the Innovation Index Leader and called out agentic capabilities as a differentiator, according to Frost & Sullivan’s report. For more detail on the differences between agentic AI and other AI agents, see this internal primer on agentic AI vs agents.

Terra described how its platform works. The company said its agentic workflows autonomously identify and safely exploit vulnerabilities, produce proof-of-impact reports, retest systems as software changes, and integrate with CI/CD pipelines. “Our AI-native system continuously reasons about application behavior, safely executes controlled exploitation paths, and produces verifiable, exploit-driven findings aligned to real business risk,” Terra CTO Gal Malachi said.

Terra provided concrete performance claims. The company said its approach can reduce testing cycles from four to six weeks down to two to four hours, and expand coverage from about 15 percent of an application to full coverage. Terra attributed these metrics to its autonomous testing engine and continuous white-box analysis.

Industry customers echoed the need for continuous approaches. Iain Paterson, chief information security officer at WELL Health, told Terra he believes point-in-time testing is insufficient in modern development environments. “Point-in-time testing simply doesn’t hold up in modern development environments,” Paterson said, adding that Terra’s platform combines continuous visibility, ongoing code review, and human oversight to reduce false positives.

AWS commented on the broader significance of agentic testing. Brian Mendenhall, worldwide head of Security and Identity Partner Specialists at AWS, said Terra’s AWS Security Competency achievement shows how AI-driven testing is growing in importance. “Terra Security’s AWS Security Competency achievement in Autonomous Security Validation demonstrates its leadership in AI-driven security testing,” Mendenhall said, noting the value of integration with CI/CD pipelines for customers building at development velocity.

Security vendors and researchers argue that agentic validation only works with accurate, connected data. Picus Security and other vendors have emphasized the need for a unified security data layer that matches assets, exposures, and control effectiveness, because an autonomous agent needs real context to produce meaningful, prioritized findings, Picus Security said in its commentary on validation workflows.

Terra, which emerged from stealth less than a year ago, said it gained AWS recognition within nine months of joining the AWS Partner Network. The company listed investors including Felicis, Dell Technologies Capital, SYN Ventures, Lama Partners, Underscore VC, SVCI and Capital One Ventures in its disclosure.

What this means for defenders, according to Terra and industry observers, is less manual orchestration of tests and faster, evidence-driven decisions about which vulnerabilities truly matter. Terra and Picus both positioned agentic validation as a way to close the exposure gap that appears when development moves faster than traditional testing cadences.

As vendors push autonomous testing into production workflows, security teams will face questions about data integration, safe execution, and how to retain human oversight. Terra said its platform preserves human review to limit false positives, while AWS pointed to the value of partner validation for customers evaluating these new tools. Teams can also follow an AI security and compliance checklist to address data integration, safe execution, and oversight when adopting agentic validation.

For organizations considering agentic validation, Terra emphasized continuous coverage and CI/CD integration as key selling points, while Frost & Sullivan’s market analysis highlighted agentic features as an emerging differentiator in automated security validation, according to the Frost Radar report.

#AISecurity #AgenticAI #PenTesting #CloudSecurity #DevSecOps