RunSybil is an AI-native offensive security platform that autonomously chains IAM misconfigurations, container escapes, and CI/CD secret exposures into full attack paths — operating black-box against live cloud environments the same way a real attacker would, with no source code or agent credentials required.
What Is RunSybil? The AI-Native Pentesting Platform Explained
RunSybil is an AI-native penetration testing platform founded in 2023 by Ari Herbert-Voss — OpenAI’s first security research hire — and Vlad Ionescu, formerly of Meta’s Red Team X. The company raised $40M in a Series A in March 2026, backed by Khosla Ventures, the Anthropic Anthology Fund, Menlo Ventures, Conviction, and Elad Gil, with angels from OpenAI, Palo Alto Networks, Stripe, and Google. The product centers on an autonomous AI agent called Sybil that operates against live cloud environments in pure black-box mode — no source code, no privileged credentials, no static playbook. Sybil observes what access it can gain, adapts its attack path accordingly, and chains multiple vulnerability classes together the way an actual human attacker would. This is a fundamentally different model from legacy automated scanners that run pre-defined scripts or check configuration against a compliance checklist. The platform specifically targets the attack surface that dominates modern cloud breaches: IAM misconfiguration, non-human identities (NHIs), container workloads, and CI/CD pipeline secrets — the four categories that together account for over 80% of cloud security incidents in 2026.
The founding team’s pedigree matters here. Herbert-Voss spent years modeling adversarial AI at OpenAI before pivoting to offensive security tooling. Ionescu ran red team operations at Meta at enterprise scale. The combination shows in the product philosophy: RunSybil treats pentesting as an inference problem, not a rule-matching problem. Sybil generates hypotheses about what a lateral movement chain might look like, tests them, and updates based on what it observes — the same loop a skilled red teamer runs, but automated and continuous.
Core Capabilities: IAM Misconfigs, Container Escapes, and CI/CD Secret Exposure
RunSybil’s core capabilities center on the three attack surfaces most frequently exploited in modern cloud breaches: IAM policy misconfigurations, container and Kubernetes privilege escalation, and secrets exposed through CI/CD pipelines. Over 80% of cloud breaches involve misconfigured IAM policies, excessive permissions, or compromised credentials, and non-human identities — service accounts, CI runners, workload identities — now outnumber human users by 80:1 in mature cloud environments, with most carrying no automatic expiry and broader permissions than their actual function requires. RunSybil’s Sybil agent is purpose-built to find and chain these misconfigurations in a way static scanners cannot: it requests real tokens, attempts real role assumptions, and validates actual exploitability rather than theoretical risk.
IAM Attack Surface Analysis
Sybil enumerates cloud IAM configurations — AWS IAM, GCP IAM, Azure RBAC — and then actively tests which permissions are exploitable from the attacker’s current position. Rather than flagging every policy that deviates from least-privilege (which produces thousands of low-signal findings), it identifies which specific misconfigurations create an actionable privilege escalation path. The distinction matters: a iam:PassRole permission on a Lambda execution role is low risk in isolation but catastrophic if that role can assume an admin-level role elsewhere. Sybil maps these chains automatically.
Container and Kubernetes Exploitation
82% of container users now run Kubernetes in production, and nearly 9 in 10 organizations reported a Kubernetes-related security incident in the prior year. RunSybil targets the entire container attack surface: privileged container misconfigurations, host path mounts, service account token scope, network policy gaps, and runtime API exposure. It tests for container escape paths — writable host mounts, privileged namespaces, kernel capability abuse — and chains successful container escapes into subsequent IAM or node-level privilege escalation.
CI/CD Pipeline Secret Exposure
Build pipelines are the new crown jewels. GitHub Actions, GitLab CI, CircleCI, and similar systems routinely expose secrets via environment variables, artifact stores, or misconfigured OIDC trust policies. Sybil specifically probes CI/CD pipeline configurations for exposed secrets, over-broad OIDC audience claims, and pipeline-to-cloud privilege relationships that create implicit lateral movement paths from source control into production infrastructure.
How Sybil Works: Agentic Black-Box Testing Step by Step
Sybil, RunSybil’s core AI agent, operates as a closed-loop offensive security system that begins from an attacker-equivalent starting position — a single low-privilege credential or network endpoint — and autonomously plans, executes, and adapts multi-step attack chains. Unlike traditional automated scanners that match known vulnerability signatures, Sybil reasons about what it observes, generates hypotheses about reachable attack paths, and updates its strategy based on each action’s outcome. This agentic loop runs continuously, not as a point-in-time scan, which means Sybil catches vulnerabilities introduced by configuration drift between scheduled assessments. The platform reports results as an attack graph: each node is an action Sybil took, each edge is the permission or misconfiguration that made the action possible. Security teams see not just what is vulnerable, but the precise chain of steps an attacker would follow to reach their most sensitive assets.
Step 1: Reconnaissance and Surface Mapping
Sybil begins by enumerating the exposed attack surface: cloud account metadata, publicly accessible endpoints, IAM entities and their attached policies, container registries, and pipeline configurations. It builds an internal graph of resources and their relationships before attempting any exploitation.
Step 2: Hypothesis Generation
Based on the surface map, Sybil generates a prioritized list of candidate attack chains — sequences of actions that, if each step succeeds, would result in privilege escalation or lateral movement. This is the AI-native layer: rather than running every possible check, Sybil reasons about which chains are most likely exploitable given what it has observed.
Step 3: Active Exploitation and Adaptation
Sybil executes the highest-priority chain, records the result, and updates its internal model. If a iam:CreateRole attempt is blocked by an SCP, it eliminates that branch and pivots to alternatives. If a Kubernetes service account token proves to have cluster-admin scope, it extends the chain to enumerate all resources accessible from that position. Each result informs the next action — the same feedback loop that makes human red teamers effective.
Step 4: Attack Graph Reporting
Results are delivered as an interactive attack graph with full action replay, finding severity scores, and remediation guidance mapped to the specific misconfiguration (not just a generic “fix IAM policies” recommendation). Reports are exportable for compliance evidence and integrate with ticketing systems for remediation tracking.
RunSybil vs. Pentera vs. NodeZero: Head-to-Head Comparison
RunSybil, Pentera, and NodeZero represent the three dominant approaches to automated enterprise pentesting in 2026, and they differ substantially in architecture, target environment, and cost model. Pentera costs approximately $120,000 per year and targets on-premises and hybrid environments with a broad vulnerability coverage model. NodeZero operates via a single agentless Docker container, requires no persistent credentials, has executed over 170,000 pentests, and became the first AI to solve the GOAD benchmark in 14 minutes — outperforming GPT-4o and Gemini 2.5 Pro on that benchmark. RunSybil is the newest entrant, the most cloud-native of the three, and specifically optimized for AWS/GCP/Azure environments with Kubernetes workloads and GitHub/GitLab-based CI/CD pipelines. The right choice depends primarily on where your attack surface lives.
| Feature | RunSybil | Pentera | NodeZero |
|---|---|---|---|
| Architecture | Agentic AI (Sybil) | Automated scanner + AI | Agentless Docker container |
| Primary Target | Cloud-native (AWS, GCP, Azure) | On-prem / hybrid | Hybrid / cloud |
| Kubernetes Testing | Deep | Limited | Moderate |
| IAM Chain Analysis | Core feature | Basic | Moderate |
| CI/CD Pipeline Testing | Yes | Limited | Limited |
| Black-box Mode | Pure black-box | Credentials required | Agentless |
| Pricing | Custom (Series A, ~enterprise) | ~$120K/year | Flat unlimited subscription |
| Onboarding | ~2 weeks to first report | 4–6 weeks | Days |
| On-prem Coverage | Weak | Strong | Moderate |
| Enterprise Scale Validation | Limited (newer product) | Extensive | 170,000+ pentests |
When to Choose RunSybil
RunSybil is the strongest choice for organizations running cloud-native infrastructure on AWS, GCP, or Azure with significant Kubernetes footprint and GitHub/GitLab-based CI/CD. If your primary concern is the IAM misconfiguration → container escape → lateral movement chain, and you want continuous testing rather than quarterly point-in-time scans, RunSybil’s agentic model is the most purpose-built for that use case.
When to Choose NodeZero
NodeZero is better validated at enterprise scale and offers a simpler deployment model (single container, no credentials). If you need rapid deployment, broad coverage across hybrid environments, and an established track record, NodeZero is the safer enterprise bet for 2026.
When to Choose Pentera
Pentera remains the strongest option for organizations with substantial on-premises infrastructure or mixed legacy/cloud environments. Its ~$120K price point is steep but reflects a mature product with deep on-prem coverage that neither RunSybil nor NodeZero matches.
Pricing, Onboarding, and Integrations
RunSybil’s pricing is not publicly listed — the company uses an enterprise sales model consistent with other Series A security startups targeting mid-market and enterprise buyers. Based on competitor positioning and the $40M raise, the platform is priced at the enterprise tier, likely in the $50K–$150K annual range depending on cloud account scope and assessment frequency. The onboarding timeline is approximately two weeks from initial access grant to first full attack report, which is faster than Pentera’s typical 4–6 week deployment but requires coordination with the RunSybil customer success team to configure Sybil’s initial access scope and connect cloud account roles.
Supported Cloud Integrations
- AWS: IAM, EC2, ECS, EKS, Lambda, S3, Secrets Manager, CodePipeline
- GCP: Cloud IAM, GKE, Cloud Run, Secret Manager, Cloud Build
- Azure: RBAC, AKS, Container Instances, Key Vault, Azure DevOps
- CI/CD: GitHub Actions, GitLab CI, CircleCI, Jenkins
- Ticketing: Jira, ServiceNow, Linear
Continuous vs. Point-in-Time
One of RunSybil’s most operationally significant features is continuous assessment. Traditional pentests run quarterly or annually; in the interim, configuration drift, new deployments, and IAM policy changes create unvalidated exposure. Sybil runs continuously, which means a misconfigured IAM role created Tuesday at 3am is tested by Wednesday morning — not at the next scheduled engagement.
Pros, Cons, and Final Verdict: Is RunSybil Right for Your Cloud Stack?
RunSybil is one of the most technically credible AI-native pentesting platforms available in 2026, built by a founding team with genuine offensive security expertise at OpenAI and Meta scale, backed by investors who understand the AI security space. Its core strength — agentic IAM chain analysis and container security testing in pure black-box mode — is directly aligned with the attack surface responsible for the majority of cloud breaches. For cloud-native engineering organizations running AWS or GCP with Kubernetes and GitHub Actions, RunSybil tests the exact risk surface that keeps security teams awake at night. The $4.44M average breach cost from cloud misconfiguration alone makes a continuous agentic testing platform economically defensible against almost any enterprise pricing. The primary weaknesses are product maturity (founded 2023, limited independent enterprise-scale validation), on-premises coverage (essentially absent), and the early-stage sales process that comes with any pre-IPO security vendor. Organizations requiring broad hybrid coverage or on-prem network pentesting should evaluate NodeZero or Pentera alongside RunSybil.
Pros
- Purpose-built for cloud-native IAM + container attack surface
- Agentic black-box testing: no static playbooks, adapts dynamically
- Two-week onboarding to first full attack report
- Continuous assessment catches configuration drift between scheduled tests
- Founded by OpenAI and Meta Red Team veterans with real offensive security credibility
- $40M Series A backing signals runway and continued R&D investment
Cons
- Limited independent enterprise-scale validation (newer product)
- No meaningful on-premises or legacy infrastructure coverage
- Pricing is enterprise-only with no self-serve tier
- Feature set still maturing relative to Pentera’s decade-plus track record
- Regional data residency options unclear at Series A stage
Final Verdict
For cloud-native organizations on AWS, GCP, or Azure running Kubernetes workloads and CI/CD pipelines, RunSybil is the most purpose-built agentic pentesting platform available in 2026. The IAM chain analysis and container escape testing capabilities are genuinely differentiated from static scanners. For organizations with on-prem or hybrid environments, start with NodeZero and revisit RunSybil as the product matures.
FAQ
What is RunSybil used for? RunSybil is an AI-native penetration testing platform that autonomously tests cloud infrastructure for IAM misconfigurations, container escape paths, and CI/CD pipeline secret exposure, using an agentic AI model that adapts its attack strategy based on what access it gains in real time.
How does RunSybil differ from traditional automated scanners? Traditional scanners match known signatures against static configurations. RunSybil’s Sybil agent starts from a low-privilege position, generates hypotheses about exploitable attack chains, executes them against live systems, and adapts based on results — the same loop a human red teamer runs, but automated and continuous.
How does RunSybil compare to NodeZero and Pentera? RunSybil is the most cloud-native of the three, with the deepest IAM and Kubernetes coverage. NodeZero is more validated at enterprise scale and easier to deploy. Pentera leads on on-premises and hybrid infrastructure. Choose RunSybil for pure-cloud environments, NodeZero for hybrid, and Pentera if on-prem coverage is a requirement.
What cloud platforms does RunSybil support? RunSybil supports AWS, GCP, and Azure, with integrations for Kubernetes (EKS, GKE, AKS), serverless functions, container registries, and CI/CD pipelines including GitHub Actions, GitLab CI, CircleCI, and Jenkins.
Who founded RunSybil and when did they raise funding? RunSybil was founded in 2023 by Ari Herbert-Voss (OpenAI’s first security research hire) and Vlad Ionescu (Meta Red Team X). In March 2026, the company raised $40M in a Series A led by Khosla Ventures, with participation from the Anthropic Anthology Fund, Menlo Ventures, Conviction, and Elad Gil.