Terra adds continuous testing for network infrastructure

Terra Security has added continuous exploitation validation for network infrastructure to its offensive security platform, extending coverage beyond web applications and AI systems.

The feature is now in public preview for Terra customers. It is designed to let security teams assess risks across infrastructure, applications and AI environments from one platform, with network findings shown alongside web and AI vulnerabilities in a single view.

Security testing has often been split across separate tools or providers, with network infrastructure assessed in one programme and web applications in another. AI systems have frequently sat outside regular testing regimes, even as companies connect more internal systems to external services through APIs and other integrations.

Expanding coverage

That separation is becoming harder to manage as attackers move across multiple parts of an organisation's technology estate during the same intrusion. Firms are also under pressure to keep pace with rapid infrastructure changes and the use of AI by attackers to automate reconnaissance and identify weaknesses more quickly.

Terra says its platform now spans three foundational areas: web applications, AI systems and network infrastructure. It uses AI agents, with human oversight, to carry out continuous testing and verify whether identified issues are actually exploitable.

The aim is to help security teams prioritise remediation for weaknesses that present a direct route to business impact, rather than large volumes of unverified findings. The platform also provides reporting and audit trails across the environments it tests.

Siloed testing

Fragmentation remains a longstanding problem in security operations. Large organisations often rely on a patchwork of vendors and internal teams for penetration testing, red teaming and application security reviews. That can leave findings in separate systems and slow remediation.

Terra argues this model does not reflect how attackers operate. Rather than testing one system in isolation, adversaries often chain weaknesses across internet-facing applications, internal networks and connected services to move laterally through an organisation.

"When we founded Terra, we believed that continuous, agentic offensive security across the full attack surface was a necessity," said Shahar Peled, Chief Executive Officer and Co-founder, Terra Security.

"AI-powered adversaries don't test one layer at a time, and neither should we. Today, Terra Platform covers all three foundational layers: web and internal applications, AI systems, and network infrastructure, with the same agentic AI platform and Human-in-the-Loop model across all of them. We're expanding the platformisation of offensive security and delivering the security outcomes that CISOs have been waiting years for."

Attack paths

The infrastructure testing addition comes as enterprise AI adoption creates more connections between external and internal systems. Each new integration can open another path between customer-facing services, third-party tools and core business systems, widening the range of potential attack routes.

The platform is designed to validate those routes continuously rather than through periodic tests. Terra says it verifies exploitability, ranks issues by business impact and supports remediation from the same environment.

The broader offensive security market has been evolving as companies seek more regular testing instead of annual or point-in-time assessments. At the same time, security leaders are trying to reduce the operational burden of managing multiple tools while producing consistent evidence for governance and compliance teams.

Unified visibility

Terra says service providers and large enterprises also want more unified records of testing activity across their environments. It says its model offers audit-ready execution records from each layer it covers.

Chief Technology Officer and Co-founder Gal Malachi said the aim was to test systems in the same interconnected way that attackers do. "Attackers don't test web apps in isolation, then networks in isolation. They chain exploits across surfaces to move laterally and maximize impact," he said.

"If your pentesting and red teaming are siloed, you're missing the exact attack paths that matter most. Platformization means testing how attackers actually operate. You need continuous visibility across all three surfaces, from a single source of truth, so you can see and validate the chains before attackers do."