BOSTON, June 02, 2026 (GLOBE NEWSWIRE) — SpartanX, the world’s only full-stack AI-powered autonomous red teaming platform, today announced the release of NodeX, its new Internal Attack Capability that extends SpartanX’s External Attack Platform. In parallel, the company released Targeted Attack Validation (TAV), which ingests findings from Tenable, Rapid7, Qualys, and more than 150 security tools, validates novel exploitations through chained attack paths, and reduces scanner noise to a small number of confirmed-exploitable, evidence-backed priorities.
A first for the market: end-to-end autonomous red teaming
Until today, every other autonomous red teaming platform has focused on the external attack surface: anything an attacker on the open internet can see. Internal validation has remained the domain of scheduled, human-led penetration tests, performed quarterly at best, and often not at all. With NodeX, the Internal Attack Capability, SpartanX deploys the same 500+ agent swarm that operates externally for some of the world’s leading organizations. NodeX’s agents enumerate Active Directory and Entra ID at depth, walk machine identities and service accounts, probe internal APIs and east-west segmentation, and exercise the orchestration layer of the customer’s AI agents and custom automation.
These agents operate under tight controls: scoped, fully audit-logged, non-destructive by default, and with humans (the customer) in the loop, so internal testing never puts production at risk.
Every finding is exploit-validated, with a chain of evidence that maps the actual attack path, prerequisites, and impacted assets. SpartanX:Defend can open remediation pull requests in GitHub and integrates with Jira, Slack, and the customer’s CI/CD pipeline.
“Attackers now operate at machine speed, powered by frontier AI models that are collapsing the window between vulnerability disclosure and working exploit. Most defenders still operate on a quarterly schedule. After two decades in offensive security, I have never seen a wider gap,” said Diego Spahn, Co-Founder and CEO of SpartanX. “We built SpartanX to allow defenders to move at the speed, scale, and capability they need to fight sophisticated attackers. Today, SpartanX delivers the world’s only full-stack autonomous AI platform to defend a CISO’s external and internal attack surfaces. Defending web apps, APIs and source code, networks and infrastructure, cloud, IAM and identity, and AI systems and LLMs is the standard CISOs deserve in 2026.”
Targeted Attack Validation: turning scanner noise into confirmed-exploitable priorities
Unlike exposure-management tools that score and correlate scanner output, TAV executes the actual attack against the customer’s environment and returns the working exploit chain. The difference is proof, not prioritization. TAV connects directly to Tenable, Rapid7, Qualys, Wiz, Snyk, Checkmarx, and more than 150 additional security tools. For every ingested finding, SpartanX runs an autonomous attack validation against the customer’s actual environment to produce evidence: the exploit chain, its prerequisites, impacted assets, and post-exploitation reach. The platform then maps the attack graph to surface composite chains across exploitable findings that no individual scanner can detect.
As the window between disclosure and exploitation shrinks, every CVE you ingested last week may already be actively exploited today. Continuous, exploit-validated testing is the only way to keep pace when the severity of a finding can change overnight.
Gartner has called out the precise gap that TAV closes: enabling faster remediation through tighter integration with application security and exposure management workflows. The same analysis concludes that patching every vulnerability is no longer viable for security teams, and identifies Continuous Threat Exposure Management, exposure validation, and continuous red teaming as the mature posture.
“This release is a milestone for the SpartanX engineering team,” said Alejandro Aguirre Soto, Co-Founder and CTO of SpartanX. “The same architecture that runs our external swarm now executes inside the customer environment with no loss of fidelity.”
Why this matters now
The 2026 threat landscape has moved past static scanning and quarterly red team engagements. Four independent industry signals define the new baseline, and SpartanX uniquely addresses each.
Signal 1: Exploitation is the #1 initial access vector. The Verizon 2026 Data Breach Investigations Report finds vulnerability exploitation became the leading initial access vector for the first time in the report’s 19-year history, at 31% (up from 20%). The IBM X-Force 2026 Threat Intelligence Index, published February 25, 2026, reports a 44% year-over-year increase in exploitation of public-facing applications. VulnCheck’s State of Exploitation 2026 (January 21, 2026) finds nearly 29% of known exploited vulnerabilities are weaponized on or before the day the CVE is published. SpartanX’s Answer: Exploitability Proof on Every Finding. Every vulnerability the platform reports ships with its unique exploit chain, auditable evidence, and post-exploitation reach. With SpartanX, customers act on validated risk, not CVSS lists.
Signal 2: Static, point-in-time testing is insufficient. Gartner has identified Continuous Threat Exposure Management as the mature posture, with continuous penetration testing, exposure validation, and red teaming as the operating model. The same analysis concludes that patching every vulnerability is no longer viable for security teams. SpartanX’s Answer: Continuous Testing and per-Customer Configurability. The 500+ agent swarm runs continuously, by schedule, on event, or on deploy across all six attack surfaces in parallel: web applications, APIs and source, networks and infrastructure, cloud, IAM and identity, and AI systems and large language models.
Signal 3: Prompt injection is a Critical-tier threat with no incumbent defense. Gartner ranks prompt injection among the highest-priority threats and recommends proactive red team testing of AI systems, with prompt injection coverage integrated throughout the AI development lifecycle. Google Threat Intelligence reported a 32% relative increase in indirect prompt injections from November 2025 to February 2026. SpartanX’s Answer: Dedicated AI Red Teaming Swarm. Proprietary agents execute direct and indirect prompt injection, jailbreaks, alignment bypasses, agentic goal hijack, and tool-abuse chains across LLMs, agent harnesses, tools, integrations, and orchestration layers as separately addressable surfaces.
Signal 4: Remediation is the bottleneck. Gartner has flagged the same gap: faster remediation through tighter integration with application security and exposure management workflows. SpartanX’s Answer: SpartanX Prioritizes Only Validated, Exploit-proven Findings and Automatically Opens Code-level Pull Requests in the Customer’s Repositories. Native integrations with GitHub, Jira, Slack, and CI/CD route the fix to the engineer who owns the code, with the exploit evidence attached to the pull request, ready to review and merge.
Across all four signals, the SpartanX platform delivers a single, end-to-end answer. Externally and internally. Six attack surfaces. 500+ AI agents. Every finding exploit-validated. Continuous by default. Code-level remediation. One platform.
“The buyers we talk to are not asking for more findings,” said Erik Hardy, President and COO of SpartanX. “They are asking for validated priorities they can actually act on. Internal Attack Capability and Targeted Attack Validation give them exactly that, with the evidence to convince their boards and the integrations to drive remediation through the systems their teams already use.”
About SpartanX
SpartanX is the world’s only full-stack AI-powered autonomous red teaming platform. The platform deploys 600+ AI agents (500+ red teaming agents plus 100+ supporting agents) across six attack surfaces simultaneously: web apps, APIs and source, networks and infrastructure, cloud, IAM and identity, and AI systems and large language models. Every finding is exploit-validated. SpartanX ships as two modules: SpartanX:Offense, the autonomous offensive operations engine, and SpartanX:Defend, post-discovery automation that opens pull requests in GitHub and integrates with Jira, Slack, and CI/CD.
SpartanX was founded by Diego Spahn (Co-Founder and CEO), Martin Voelk (Co-Founder and Chief AI Officer), and Alejandro Aguirre Soto (Co-Founder and CTO). Erik Hardy joined as President and Chief Operating Officer in April 2026. The company is backed by Venture Guides and headquartered in Boston. Learn more at spartanx.ai.
Media contact
Press Inquiries
press@spartanx.ai
spartanx.ai
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/2abf150e-8769-4af1-82db-43c4ff39947f
