Terra Security gains first AWS nod for AI threat tests

Terra Security has become the first AWS partner approved for the newly launched Autonomous Security Validation use case under the AWS Security Competency programme, in the Application Security category.

AWS has also recognised Terra as an Agentic AI product and positioned it as a validated offensive security platform in that category. Terra received recognition across both AWS Security and AWS AI Competencies within nine months of joining the AWS Partner Network.

AWS Security Competency status is part of a wider programme that identifies partners with demonstrated technical proficiency and customer success against defined use cases. In application security, those use cases include areas such as static code analysis and security validation methods that run alongside modern software delivery workflows.

Shift in testing

Terra is pitching its platform into a market reshaped by faster software release cycles and more frequent updates. Many organisations now ship changes weekly or faster, while security testing often lags behind those cadences. That mismatch has become a common source of tension between engineering teams focused on shipping code and security teams tasked with reducing risk.

In a statement, Shahar Peled, CEO and cofounder of Terra Security, said organisations are moving away from periodic security reviews and towards continuous validation.

"The era of manual, point-in-time penetration testing is ending. Autonomous, continuous validation is the new standard. Being the first AWS partner validated for Autonomous Security Validation and achieving differentiated recognition across both AI and Security in under a year reflects the maturity of our agentic AI platform and the accelerating demand for scalable offensive security."

Penetration testing has traditionally relied on time-boxed engagements that sample parts of an application. That model can struggle when applications change frequently and are distributed across multiple services. In parallel, software teams have adopted continuous integration and delivery practices, with changes merged and deployed in short cycles.

Terra describes its product as an agentic Continuous Threat Exposure Management platform. The system runs AI-driven penetration testing workflows that discover and exploit vulnerabilities, generates proof of impact, and repeats testing as code changes or behaviours shift in production environments.

How it works

Terra contrasted its approach with established SAST and DAST tooling, arguing that these tools often prioritise speed while producing findings that lack exploit validation. It also pointed to the high volume of alerts that can require manual triage.

Terra says its autonomous testing reduces typical testing cycles from four to six weeks to two to four hours, and increases coverage from around 15 percent to full application coverage. Its messaging emphasises verified exploitation paths and proof of impact, rather than theoretical weaknesses.

WELL Health, a healthcare company, described its use of the platform in terms of visibility and oversight, framing it as "white box penetration testing with ongoing code review" with human checks on outputs.

"Point-in-time testing simply doesn't hold up in modern development environments," said Iain Paterson, CISO at WELL Health. "Terra gives us continuous visibility through white box penetration testing with ongoing code review. As AI can dramatically increase the depth and frequency of testing, what truly sets Terra apart is the human oversight that ensures safety and trust. We've received meaningful, critical findings without being inundated by false positives, which is essential for a healthcare organization operating at scale."

AWS partner track

Terra traced its relationship with AWS to its participation in the AWS and CrowdStrike Cybersecurity Startup Accelerator. That work expanded through its progression in the AWS Partner Network and culminated in the Security Competency recognition for Autonomous Security Validation.

AWS uses the competency structure to map customer requirements to partner offerings in specific technical and industry segments. In cloud environments, partners often integrate with development pipelines and security services, which can influence adoption decisions for organisations that standardise on AWS tooling for build, deploy, and monitoring workflows.

Brian Mendenhall, WW Head, Security & Identity Partner Specialists at AWS, linked the competency recognition to autonomous vulnerability discovery and validation alongside software delivery processes.

"Terra Security's AWS Security Competency achievement in Autonomous Security Validation demonstrates its leadership in AI-driven security testing," said Brian Mendenhall. "Terra's ability to autonomously discover, exploit, and validate vulnerabilities at machine speed while integrating seamlessly with CI/CD pipelines makes them an invaluable partner for AWS customers looking to secure applications at development velocity."

Gal Malachi, CTO of Terra Security, said the platform's architecture centres on continuous reasoning about application behaviour and controlled exploitation, with findings tied to business risk.

"This recognition validates the technical architecture we built from day one," said Malachi. "Our AI-native system continuously reasons about application behavior, safely executes controlled exploitation paths, and produces verifiable, exploit-driven findings aligned to real business risk. We look forward to deepening our integrations with AWS and continuing to advance autonomous security innovation."

Terra is backed by investors including Felicis, Dell Technologies Capital, SYN Ventures, Lama Partners, Underscore VC, SVCI, and Capital One Ventures, and says it is continuing work on integrations with AWS.