Hacktron Raises $2.9M to Automate Security Testing

Hacktron, a San Francisco cybersecurity startup founded by Zayne Zhang, Mohan Pedhapati, and Harsh Jaiswal, raised $2.9 million in a pre-seed financing round, according to a GlobeNewswire press release replicated across Business Insider and other outlets. The round was led by Crane Venture Partners with participation from Project Europe, Vercel Ventures, Plug and Play Ventures, and Cambridge Enterprise Ventures, per TheSaaSNews and GlobeNewswire.

Hacktron says its product continuously tests software for vulnerabilities by running deep, attacker-style checks on every code change rather than relying on periodic manual penetration testing. The GlobeNewswire release quotes founder Zayne Zhang: "Attackers are already using AI to find and exploit vulnerabilities faster than ever. Most companies are still testing security like it is a quarterly exercise. We are building the system that tests every code change like a real attacker would so teams can move fast without shipping risk." The company has publicly disclosed vulnerabilities in widely used software and infrastructure and reports customer engagements with companies including Perplexity AI and Supabase, per the press release.

Per the GlobeNewswire release, Hacktron combines AI with offensive security techniques to continuously analyze pull requests and code updates, aiming to identify exploitable vulnerabilities and reduce false positives. The public materials list prior disclosures affecting enterprise and developer tooling, and the release describes the platform as integrating into modern development workflows to run checks at the pace of code changes.

Industry observers note a growing trend of embedding security earlier in CI/CD pipelines to reduce time-to-fix and merge friction. Automated, attacker-style testing that simulates exploitation paths can improve signal-to-noise compared with surface-level static analysis, but integrating such systems into developer workflows typically raises operational questions around false positive rates, triage load, and remediation guidance. For practitioners: evaluating such tools requires looking at vulnerability precision, integration with existing ticketing and CI systems, and how findings map to actionable remediation steps.

Editorial analysis: The funding and product positioning fit a broader wave of startups that combine generative and other AI techniques with domain expertise to scale specialized security tasks. With AI tooling lowering the cost of vulnerability discovery, organizations increasingly favor continuous testing that aligns with rapid deployment cycles. That said, the press materials are primarily promotional; independent benchmark data or third-party audits would be needed to validate claims about detection accuracy and operational impact.

Observers should track independent evaluations of false positive and false negative rates, how the platform integrates with popular CI/CD providers, and whether Hacktron publishes a repeatable methodology or datasets for benchmarking. Also watch for partnerships with developer-platform vendors and any public advisories the company files, which will reveal the types of vulnerabilities the tooling surfaces in practice.