Assail Inc. has launched Sidewinder, an advanced offensive security platform built on a 31 billion-parameter AI model capable of independently verifying and correcting its vulnerability assessments. This marks a significant evolution from its predecessor, Ares, turning traditional manual pentesting into an autonomous, plan-driven process.

  • Sidewinder uses a 31B-parameter model to audit and fix its own detection errors.
  • The platform employs 12 autonomous agents managing a persistent knowledge graph.
  • It supports cloud and on-prem deployments for diverse security postures.

What happened

Assail Inc. unveiled Sidewinder, a revamped offensive security AI platform that builds on its earlier product, Ares, introduced in January. Unlike its predecessor, which followed a fixed scanning script, Sidewinder features a chat-first, plan-driven design. It coordinates 12 autonomous agents to continuously explore and test a target’s attack surface, updating its approach as new data emerge.

Powered by a newly fine-tuned 31 billion-parameter model trained on nearly three decades of pentesting expertise from Assail’s CEO and chief AI officer, the system independently verifies vulnerabilities. It uses a real browser to interact with modern web applications and runs full attack chains mapped to the MITRE ATT&CK framework for comprehensive risk understanding.

Why it matters

Traditional penetration testing approaches are costly, manual, and quickly become outdated as software changes. Sidewinder’s autonomous auditing capabilities aim to eliminate common limitations by continuously testing in a manner similar to real adversaries, deeply scrutinizing results to reduce false positives and repair detection gaps without human input.

By doing so, it fills a critical gap between theoretical security assessments and live exploit paths that attackers use. This continuous validation can significantly enhance an organization’s ability to manage security risks proactively and keep pace with fast-changing environments, as noted by a security manager using the tool.

What to watch next

Assail is showcasing Sidewinder at the ISC2 Security Congress in Colorado this October, signaling its commitment to drive adoption among security professionals. How the platform performs in varied real-world deployments, both managed in major clouds like AWS, Azure, and Google Cloud, and in sensitive on-premise air-gapped environments, will be important to observe.

Future developments likely include further improvements to autonomous reasoning, expanding the persistent knowledge graph capabilities, and integrating more sophisticated exploit techniques. Stakeholders will be watching to see how well Sidewinder can scale its self-correcting features to reduce operational security gaps across diverse industries.

Source assisted: This briefing began from a discovered source item from SiliconANGLE. Open the original source.
How SignalDesk reports: feeds and outside sources are used for discovery. Public briefings are edited to add context, buyer relevance and attribution before they are published. Read the standards

Related briefings