Cobalt’s mission is to make security a collaborative and dynamic process, embedding it into all aspects of an organization’s operations. The company aims to connect the global application security community with businesses, empowering development, security, and operations teams to create a secure environment. A primary goal for Cobalt is to help organizations operate without fear and innovate securely. Cobalt pioneered the Pentest as a Service (PtaaS) model, which pairs a SaaS platform with an exclusive community of highly vetted pentesters to improve upon traditional penetration testing.
Cobalt has established a strong market reputation as a leader in the PtaaS space. The company is known for the speed and quality of its pentests, which help organizations identify and remediate vulnerabilities across their changing attack surfaces. Customers and industry analysts recognize Cobalt for its continuous, collaborative, and on-demand penetration testing capabilities. This approach allows businesses to integrate security testing with their development processes, leading to faster remediation times and a higher return on investment for their security budgets.
Offerings, Capabilities, and Integrations
Cobalt provides a Pentest as a Service (PtaaS) platform that combines a SaaS platform with a community of vetted pentesters. This approach is designed to be more agile and efficient than traditional penetration testing models. Cobalt’s platform allows for faster pentest launches, real-time collaboration with testers, and streamlined workflows, which helps to reduce the time it takes to identify and remediate vulnerabilities. The company offers a flexible credit-based consumption model, allowing customers to purchase testing hours and use them as needed. This gives Cobalt a competitive edge by providing on-demand access to a global talent pool of security experts, enabling organizations to scale their testing efforts up or down as required.
Cobalt’s platform integrates with a variety of development and security tools, including Jira, GitHub, Slack, and ServiceNow, to automate workflows and provide a more holistic view of an organization’s security posture. The Cobalt API allows for further integration of its PtaaS platform data into other systems for more comprehensive analysis. These integrations help to embed security testing more tightly into the software development lifecycle (SDLC).
Products and Services
Cobalt’s core offering is its Pentest as a Service (PtaaS) platform, which provides access to a community of vetted security experts for on-demand testing. The company offers a range of penetration testing services to identify and mitigate risks. Its flagship services are centered around its comprehensive pentesting capabilities.
- Pentest Services: Cobalt provides a variety of penetration testing services, including those for web applications, AI and LLM, internal and external networks, and mobile applications.
- Application Security: The company offers services such as secure code review and dynamic application security testing (DAST) to help development teams build secure software.
- Network & Cloud Security: Cobalt provides cloud configuration reviews and attack surface management to secure an organization’s perimeter and cloud infrastructure.
- InfoSec & SOC Services: The company offers services like red teaming and digital risk assessments to test system defenses against real-world attack scenarios.
- Agile Pentesting: A newer offering, this service allows for focused testing of specific areas of an asset, such as a new feature release, to more closely align with DevOps workflows.
Target Customers
Cobalt’s target customers range from startups to large enterprises across various industries. The company’s flexible and scalable model is designed to meet the needs of fast-moving product development teams, as well as organizations with stringent compliance requirements. Over 1,300 customers utilize Cobalt’s services.
Cloud Integrations and Marketplaces
Cobalt offers several integrations with major cloud platforms to streamline security workflows and embed vulnerability data into existing systems. The company’s offensive security services are also applicable to environments hosted on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
- Microsoft Azure: Cobalt integrates with Microsoft Azure DevOps, allowing users to push findings from penetration tests as work items directly into Azure DevOps Boards. An integration with Azure Security Center is also available for OAuth setup. In the Microsoft Azure Marketplace, Cobalt provides an application that enables single sign-on (SSO) through Microsoft Entra ID.
- Amazon Web Services (AWS): Cobalt has an API-key-based integration with AWS Security Hub. This allows for the creation of orchestrations within Cobalt using AWS Security Hub actions and triggers. While Cobalt’s security services can be used to assess AWS environments, it does not have a direct product listing on the AWS Marketplace.
- Google Cloud Platform (GCP): Cobalt integrates with Google Security Command Center via OAuth, requiring credentials from the Google Cloud Console dashboard to set up. Cobalt’s security experts are experienced in testing environments on GCP. Cobalt does not have a listing on the Google Cloud Marketplace.
Key People
- Chief Executive Officer: Sonali Shah
- Chief Marketing Officer: Lisa Matherly
- Chief Information Security Officer: Andrew Obadiaru
- Senior VP of Finance: Martin Rannje
- Senior VP of Product: Jason Lamar
- Chief People Officer: Rosie Carley
- Chief Technology Officer: Gunter Ollmann
- Chief Revenue Officer: Chris Essex
- Co-Founder & Engineer: Christian Hansen
- Co-Founder & Chief Product Architect: Jakob Storm
- Co-Founder & Cobalt Board Member: Jacob Hansen
- Co-Founder: Esben Friis Jensen
Key Facts
- Headquarters Location: San Francisco, California, United States.
- Number of Employees: Approximately 500-508.
- Annual Revenue: Estimated between $75 million and $131.4 million.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No.
Analyst Recognition
Gartner has recognized Cobalt in its Hype Cycle for Security Operations and Hype Cycle for Application Security reports. Within these reports, Gartner identifies Pentest as a Service (PtaaS) as an emerging technology that assists organizations in strategically mitigating risks and operating effective security programs. Cobalt is named as a representative vendor within the PtaaS category.
There is no information available from Forrester, IDC, or Everest Group regarding the recognition of Cobalt.
