Shikhil Sharma is the founder of Astra Security, a continuous Pentecostal platform. At the beginning of his career, Shikhil consulted many businesses, startups and banks about cybersecurity. After helping some top businesses secure their websites and applications, Shikhil pointed out how effective traditional pentesting works and founded Astra Security to help bridge the same facilitators. He cares a lot about building habits to form products and designing intuitive marketing activities.
Astra Security recently raised $2.7 million, AI-powered pestesting revolutionizing cybersecurity.
Your journey begins with consulting businesses and cybersecurity banks. What gaps have you identified on the five traditional stains that led to the creation of Astra security?
Traditional Pentecost is usually performed as a time exercise, usually triggered by regulatory requirements, or when a vulnerability is suspected, leaving the application vulnerable to hacking for a long time between appropriate pentests. The traditional quagmire, which is service-driven, is often packed with terminology with 500-page reports, but lacks actionable insights.
Communication is often unstructured, leaving stakeholders, developers, CTOs, CISOs, and even pentersers frustrated by the lack of seamless collaboration and clear remedial guidance. As AI increases the rate at which new code is pushed into production, traditional penetration testing methods cannot keep up. This led to us creating Astra Security, a continuous offensive Pentecostal platform.
Astra Security is designed to make cybersecurity “super simple” for SMEs. How is your approach different from traditional security solutions on the market?
SMEs need simple and effective security, which will not slow them down. That’s where Astra stands out safely. Our approach revolves around ease of use, automation, actionable insights, and keeping security expanding. Every few months, there is a new abbreviation that includes CSPM, SSPM, CTEM and ASPM, which is difficult for mid-sized businesses to keep up with. At Astra, we offer all these features without naming anything fantasy to keep the platform user-friendly.
Our platform is integrated directly into the CI/CD pipeline, providing real-time alerts and directing remediation, so no team of dedicated security experts can maintain protection.
What are the most innovative AI-driven security features that Astra develops as cybercriminals lead?
Astra’s AI-powered offensive security engine is designed to detect, relate and remediate scoped vulnerabilities. Our platform leverages AI-driven attack simulations through threat modeling, constantly scanning infrastructure and mimicking real-world hacking strategies, even the most complex threats. We provide a friendly bot, “Astranath”, which has a background of every vulnerability in the customer stack and helps developers fix vulnerabilities quickly.
Astra Security provides “continuous stains”. How is this different from traditional mud and why is this transformation needed?
Unlike traditional one-time testing, Astra’s continuous Pentecostal platform can be both real-time and proactive. Our AI-driven platform continuously scans infrastructure, detects vulnerabilities and simulates real-world attacks, providing instant alerts, risk priorities, and AI-driven remediation so developers can resolve issues faster. As cyber threats continue to evolve every day, businesses are unable to wait for the next test in a few months. Astra combines AI automation with expert verification to ensure 24/7 protection and reduce exposure.
Your platform has identified more than 110,000 vulnerabilities per month. Can you share insights on some of the most surprising or critical vulnerabilities found?
The actual number of vulnerabilities we determine each month is over 200,000. We still see injection-based attacks and attacks such as SQL and script attacks that have been around for years but are still among the best discoveries on our platform. Surprisingly, broken access control is widespread and many applications are susceptible to impact. We were able to see this at a large scale after the Beta’s broken access control scanner module was started internally. Another thing that surprised us was how many times in the unintentional secret keys of customer-oriented code from stripes, slacks, to email service provider keys – we’ve seen it all.
What role do human security researchers play in Astra’s AI-driven Pentagon Platform? How do automation and human expertise complement each other?
At Astra, AI Automation and Astra security experts work together to conduct accurate, feasible and real-time security assessments. While AI accelerates vulnerability detection and automates attack simulations, our security researchers bring a deep background, validation and innovative analyses to ensure no key flaws are noted. We believe penters can now play a more important role and no longer need to spend time reporting lower vulnerabilities time and time, focusing on actual critical potential attacks.
As the complexity of cloud environments grows, how does Astra security evolve to protect modern SaaS and cloud-based infrastructure?
Our platform proactively scans cloud workloads, APIs and identities, detects misconfigurations, privilege escalation risks, and real-world attack vectors. Astra ensures that enterprises can scale safely (without damaging agility) through Deep Cloud integration, automatic compliance checks, and securely embedded in CI/CD pipelines.
Your background includes participating in a highly anticipated bug bounty program. What is your most memorable discovery of vulnerability?
One of my most memorable vulnerability discoveries in Bounty Journey is identifying important authentication bypasses and injection attacks on major market platforms. The flaw allows an attacker to access user accounts with invalid credentials, which may expose sensitive financial data. What makes this discovery stand out is its real-world impact – it is exploited and can lead to massive financial fraud. Responsible for disclosure to ensure that vulnerabilities are patched before any damage occurs.
You will be actively involved in cybersecurity and speak frequently in industry events. What role does community engagement play in shaping Astra’s mission?
Community engagement is key to Astra’s mission. Interacting with security professionals, developers, and CISOs helps us understand emerging challenges first-hand. These insights directly impact our product innovations, ensuring we build solutions that are not only cutting-edge but practical, effective and aligned with industry needs. At Astra, we have built 403 circles – we have an exclusive community of over 100 CTOs and CISOs, where security leaders share experiences, exchange insights, and seek guidance from their peers in cybersecurity.
Where are you seeing Astra security five years from now, and what is your ultimate vision for its impact on the cybersecurity industry?
Five years from now, Astra will be at the forefront of AI-driven offensive security, keeping the industry standard ongoing. Our goal is to eliminate traditional, reactive security methods by providing businesses with an automated, intelligent security engine that detects, prioritizes and helps remediate vulnerabilities in real time. Astra will shape the future of proactive cybersecurity, helping businesses move beyond regular security testing to always be protected with AI-driven protection.
Thanks for your excellent interview, and readers who hope to learn more should visit Astra Security.
