Prescient Security, a specialized provider of penetration testing and offensive security services, officially launched Cait™ (Cacilian AI) on May 12, 2026 — an autonomous, context-aware AI pentester designed for continuous security testing. Simultaneously, the company announced the unification of Cacilian® as its flagship Penetration Testing as a Service (PTaaS) platform.
This dual launch represents a major evolution in application security testing, moving organizations from periodic, point-in-time pentests to a truly continuous, hybrid model that combines the speed and scale of AI with the depth and creativity of human experts.
“Security and engineering leaders are under immense pressure to prove they’re testing continuously — not just once a year before an audit,” “Cait behaves like a consistent, tireless pentester that works 24/7. It explores applications like a human, runs on a recurring schedule, and delivers high-quality, exploit-validated evidence that teams can actually reuse for SOC 2, ISO 27001, PCI DSS, and customer due diligence.”
Fabrice Mouret, Co-Founder and CEO at Prescient Security.
The unified Cacilian platform now serves as the single control plane where security teams can manage both AI-driven continuous testing via Cait and expert-led manual pentests.
Conditions Driving This Launch
Software development velocity has reached unprecedented levels, with many organizations deploying code multiple times per day or week, rendering traditional annual or quarterly pentests largely ineffective.
Point-in-time penetration tests lose relevance almost immediately after completion as new features, code changes, and configurations are introduced.
Compliance frameworks and customer requirements are increasingly demanding evidence of continuous security testing rather than periodic snapshots.
Security teams face severe resource constraints and cannot scale manual pentesting efforts to match the speed of modern DevOps and CI/CD practices.
Traditional automated vulnerability scanners produce high volumes of noise with limited context and almost no exploit validation.
Auditors, customers, and regulators are demanding credible, reusable, and up-to-date evidence of ongoing security controls.
Engineering teams strongly resist security tools and processes that slow down velocity or require them to leave their familiar development workflows.
The expanding attack surface created by complex modern applications, APIs, and agentic AI systems requires more frequent and sophisticated testing.
Organizations need a practical hybrid solution that delivers both the scale of AI and the intelligence of human pentesters for high-risk findings.
What AppSec Penetration Testing Looked Like Before
Prior to the launch of Cait and the unified Cacilian platform, application security testing was dominated by traditional point-in-time penetration tests. These engagements were typically scheduled as annual, semi-annual, or release-specific projects, often tied to compliance deadlines or major product launches.
A team of human pentesters would spend several weeks testing the application, produce a detailed report, and then hand it over to the security or engineering team. Once the report was delivered and remediations completed, the application would often go untested for many months. Any new features, code changes, configuration updates, or third-party integrations introduced after the test created immediate security blind spots.
Manual pentests provided high-quality, creative, and business-contextual findings, but they were extremely expensive, slow to schedule, and difficult to repeat frequently. On the other hand, automated vulnerability scanners offered speed and broad coverage but suffered from very high false positive rates, shallow analysis, and almost no ability to chain vulnerabilities or validate real-world exploitability.
Security teams were constantly forced to make difficult trade-offs: accept significant gaps in coverage between tests, dramatically increase spending on manual pentests, or rely on noisy scanner data that overwhelmed engineering teams. Compliance and audit teams faced recurring challenges when asked to provide current evidence of effective security controls. Many organizations ended up with outdated reports during audits or customer security reviews, leading to findings, delayed deals, and increased risk exposure. The entire process was episodic, reactive, and poorly aligned with the realities of continuous software delivery.
What AppSec Penetration Testing Looks Like Now
With the introduction of Cait and the unified Cacilian platform, Prescient Security has fundamentally transformed how organizations approach penetration testing. Cait operates as an always-on, autonomous AI pentester that continuously explores target applications, reasons through complex attack paths, identifies high-impact vulnerabilities, and validates exploits — all on a recurring schedule without requiring new project initiation each time.
The unified Cacilian platform now serves as the single pane of glass and command center for all testing activities. Security teams can seamlessly orchestrate both Cait’s continuous AI-driven testing and Prescient’s expert human pentesters for deep-dive, high-complexity assessments. The platform provides real-time visibility into testing coverage, intelligent finding prioritization, workflow automation, and consolidated reporting that combines AI and human results into clear, audit-grade deliverables.
Organizations can now maintain consistent, ongoing test coverage across their critical applications and APIs. Cait re-tests automatically after code changes or deployments, while human experts focus on the most complex logic, business workflows, and high-risk areas that require creativity and deep contextual understanding. Findings are presented with clear exploit evidence, business impact analysis, and remediation guidance, making them far more actionable and reusable for compliance, customer due diligence, and internal risk management.
Our Take
AI Security Take
Prescient Security’s launch of Cait and the unification of Cacilian marks a major milestone in the evolution of AI-powered offensive security. By introducing a truly continuous, context-aware AI pentester that works alongside human experts, Prescient has created a practical hybrid solution that addresses the fundamental mismatch between modern development speed and traditional security testing cadences.
What makes this offering particularly compelling is its focus on producing high-quality, exploit-validated findings rather than overwhelming teams with low-confidence noise. Cait’s ability to reason, explore, and validate attacks at scale, combined with Cacilian’s centralized management and human oversight for complex issues, creates a balanced approach that respects both security rigor and engineering velocity.
In today’s environment, where compliance requirements, customer expectations, and regulatory scrutiny increasingly demand evidence of continuous security controls, this type of solution is becoming essential rather than nice-to-have. Organizations can now move away from the outdated “test once or twice a year” model toward a more mature, continuous security validation program without proportionally increasing headcount or sacrificing quality.
The launch also highlights the growing maturity of AI applications in offensive security — moving beyond simple vulnerability scanning into genuine autonomous reasoning and exploit chaining. As threat actors continue to adopt AI tools themselves, defensive teams need equally capable, continuous testing capabilities to keep pace.
Prescient Security’s approach stands out by emphasizing credible, reusable evidence that satisfies auditors, customers, and internal stakeholders while integrating smoothly into existing development processes. This combination of innovation and practicality positions the company strongly in the rapidly evolving PTaaS and AI security testing market.
