Additional Info

Company size (employees)100 to 499
Type of solutionService


Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model. With a globally distributed team Cobalt is transforming pentesting by providing streamlined processes, developer integrations, and on-demand pentesters who have undergone rigorous vetting. With Cobalt, customers can build their pentest program in as little as five minutes and start a pentest in 24 hours.

Fueled by a global talent pool of certified freelancers, Cobalt’s Pentest as a Service (PtaaS) platform delivers actionable results that empower agile teams to pinpoint, track, and remediate software vulnerabilities.

Key Benefits of using a PtaaS:

–Ability to start a pentest in as little as 24 hours and stay agile with development cycles

–Built-in analytics to report on the health of your pentest program

–Communicate in real-time with pentesters to improve efficiency and eliminate traditional back and forth email

–Findings populate your developer’s backlog with Jira/GitHub integrations so that vulnerabilities are addressed in tandem with your SDLC.

The above list encompasses how businesses benefit from PtaaS. However, it also impacts the security community more broadly by activating a network of practitioners who are empowered based on skills, not location.

At Cobalt, this marketplace — known as the Cobalt Core — surfaces opportunities for passionate hackers who love breaking things and want reliable income.

Cobalt has turned the old school bug bounty model on its head by asking, “What if, instead of pitting people against each other, we encouraged collaboration? What if we gave businesses the ability to ‘spin up’ a team that’s tailor-made to the specifications of their engagement?”

The answer: we would be unleashing the true power of PtaaS, enabling customers to work smarter, develop faster, and with less risk. We’d be delivering on the promise of a more secure world.

How we are different

2020 was a landmark year for Cobalt. The company conducted over 1,500 pentests and found over 12,500 vulnerabilities among its 700+ customers while maintaining an average NPS score of 70. Revenue grew by 59% YoY and in August Cobalt raised $29M in Series B funding.

3 ways Cobalt’s PtaaS approach epitomized innovation and creativity in the pursuit of solving real-world customer challenges:

--Collapsing timelines to better fight cybercrime. Cobalt is on a mission to be the interface to the global security workforce, empowering security practitioners based on skills, not location. We are breaking the industry stranglehold held by legacy security consultancies, who have acted as gatekeepers to the world of penetration testing (sometimes called “ethical hacking”).

--Activating a diverse global talent base. Consultancies choose testers for an engagement based on who has capacity and time, when really it should be based upon whose hacking expertise is the best fit. The Cobalt philosophy is that, though automation and AI are disruptive forces in the world of enterprise tech, when it comes to pentesting the manual element will never become obsolete. There are entire classes of issues that can only be discovered manually, by humans. The smart pentester is a combination of both. We use technology to empower people, which produces the best of both worlds.

--Bringing pentesting into the DevSecOps continuum. Software has become decentralized and developers push enhancements at warp speed, releasing monthly, weekly, daily. Pentesting, is not agile. It creates a schism between security and engineering teams-- because a pentest does not fit the scrum approach. You cannot run one on demand. At least, not until Cobalt came along. By upending the traditional pentest model, Cobalt created a better way to enable SaaS businesses to maintain agile software development practices without sacrificing security.