MindFort Raises $3M Seed and Launches Autonomous Pentesting Agents That Learn From Each Run

MindFort launched its autonomous pentesting platform on Product Hunt on April 28, backed by a $3M+ seed round led by Soma Capital with participation from Y Combinator, 468 Capital, CRV, Sandwith Ventures, and Blast.

Continuous Pentesting via Agent Swarms

MindFort deploys autonomous agents that run penetration tests on web applications either on a set schedule or triggered by every CI/CD push. The agents chain discovered vulnerabilities into validated findings with working proofs of exploit, then ship fixes as pull requests through native GitHub, Linear, and Jira integrations, according to the company’s Product Hunt listing.

The core differentiator is recursive learning: the agents improve with each execution cycle, adapting their attack patterns based on what they find. MindFort frames this as mimicking how human attackers refine techniques over time, applied to continuous automated assessment rather than the traditional model of annual or quarterly manual pentests.

The Market Context

MindFort enters a security testing market where the gap between deployment frequency and assessment frequency has widened. Teams shipping code multiple times per day still often rely on periodic manual penetration tests that leave coverage gaps between assessments. Autonomous agents running on every push collapse that gap by matching test cadence to deployment cadence.

The competitive field includes established players like Synack, which runs a crowdsourced red team platform with autonomous agent capabilities, and newer entrants like the open-source pentest-ai-agents toolkit, a collection of 28 Claude Code subagents covering the full penetration testing lifecycle released this week.

The Funding Stack

The investor mix of Soma Capital, Y Combinator, and CRV signals early institutional confidence in autonomous security agents as a category. MindFort’s approach of closing the loop from discovery through remediation (shipping fixes, not just reports) targets the operational bottleneck where most vulnerability findings stall: the handoff from security team to engineering team.