Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Agari Video


Agari is a leading cybersecurity company, that protects people and businesses from advanced phishing attacks. The Agari Email Trust Platform is the industry’s only AI driven defense system that models authentic, trustworthy communications to protect humans from being deceived by cyberattacks such as phishing, ransomware and business email compromise (BEC).

A​ ​Security​ ​Product​ ​Firm​ ​Seeks​ ​A​ ​Modern​ ​Pentest ​as​ ​a​ ​Service​ ​Partner

As a leading cybersecurity company, Agari needs to ensure that its products are both secure and compliant with its customers’ third-party risk management requirements. However, traditional pentesting wasn’t providing the company with the full spectrum of diverse testing techniques, varying skill sets, and full test coverage they desired.

Chris​ ​Haag,​ ​Senior Director​ ​of​ ​Engineering​ ​at​ ​Agari,​ ​wanted to continue to expand the Agari security program while ensuring that he and his team were focusing on the critical mission: make email the safest form of communication their customers have. Chris wanted to partner with a pentesting solution that goes beyond traditional pentesting services to deliver more accurate and faster results against new and emerging threats.

Chris’ search led him to Cobalt’s​ ​Pentest ​as​ ​a​ ​Service​ ​approach.

"We wanted to move away from traditional pentesting services. We still want a relationship with our pentesters, but want to leverage a broader, more diverse pool for testing talents. Cobalt’s services give us a balanced approach for both requirements."

Modern​ ​Email​ ​Trust​ ​Platform​ ​Partners​ ​With​ ​Cobalt’s​ ​Pentest ​as​ ​a​ ​Service

Agari decided on Cobalt’s Pentest as a Service platform to ensure security compliance, as well as help elevate their application security to the next level.

Agari engaged with Cobalt for two web application tests a year, each including:

  • 2 weeks of assessment, penetration testing and analysis from 1 CISSP certified lead pentester supported by 2 technically skilled pentesters/domain experts
  • Coverage of OWASP top 10 + Application logic
  • Access to the pentesting team for questions all year
  • Re-test and patch verification of the vulnerabilities found
  • Access to Cobalt Central - A SaaS platform to work with individual findings and communicate with the pentesters
  • A summary report to share with customers and other teams

Bringing​ ​Effortless​ ​Communication,​ ​Prioritization,​ ​And​ ​Human​ ​Ingenuity​ ​Back​ ​To Pen​testing

Through its engagement with Cobalt, Agari saw these benefits through their Cobalt experience:

  • Effortless​ ​and​ ​transparent​ ​communication.​ ​The Agari engineering team received information from the pentesters almost immediately after the assessment was deployed. Agari’s engineers were engaged on Cobalt’s SaaS platform, where they had real-time access to issues found and could ask the testers questions directly. This eliminated much of the back and forth emails and discussions that the security team must facilitate, which saved many man hours and contributed to expediting the entire test and remediation process.
  • Human​ ​ingenuity.​ Agari found that the Cobalt testers’ findings were thorough and creative. It was apparent that the testers understood what the product was supposed to do and thought through the interaction model extensively before they started the tests.These were not run-of-the-mill tests, but were crafted specifically for the protocols and business logics of the product, which the Agari team found “delightfully inventive”.
  • Accurate​ ​vulnerability​ ​findings.​ ​The Cobalt results were accurate, targeted and actionable. Agari found that by utilizing the Cobalt findings, they were able to prioritize and execute the remediation tasks quickly, saving hours or sometimes days of effort in triage, validation, and prioritization.

"Previously, I worked with a more traditional pentesting company and they put together a report, but that information wasn’t all that actionable or compelling. When​ ​you contrast​ ​that​ ​with​ ​what​ ​we​ ​got​ ​back​ ​from​ ​Cobalt​ ​-​ ​it’s​ ​completely​ ​different.​ ​From the beginning, as issues arose - my team could see them, react to them, get them back into the sprint backlogs and start working through them without waiting around for the report. With Cobalt, it was eye opening what pentesting could be."


With the Cobalt Pentest / Platform, Agari has received:

  • A modern Pentest as a Service approach
  • Transparent and efficient communication throughout the entire process
  • Access to a global set of knowledgeable pentesters and experts
  • Better testing coverage of applications
  • Deeper, more accurate results
  • Actionable information to aid remediation prioritization
  • A higher ROI compared to traditional services

"Now that I’ve seen the Cobalt results, I’d say that our [Agari] system is demonstrably more secure as a result of what these pentesters have done.​ ​It’s​ ​also​ ​energized​ ​my faith​ ​in​ ​third-party​ ​pen​testing.​ Cobalt’s Pentest offers actionable data for businesses looking to go beyond the compliance checkbox. For any companies looking to partner with an out-of-the-box pentesting solution, I highly recommend Cobalt’s Pentest as a Service solution."


  • Finding an alternative solution to traditional pentesting services to ensure better coverage, deeper testing, and faster results to meet third-party risk assessment requirements of customers.


  • Annual Cobalt penetration test
  • Globally sourced security expertise
  • Creative and collaborative testing methods


  • Improved process efficiency - Agari saved hours, or in some cases days, in the end to end process of detection and remediation of vulnerabilities
  • Accessible and transparent communication throughout the entire process
  • Selective skill set matching- Hand-picked security testers from a global pool to match a company’s technology stack
  • A collaborative platform where developers can easily communicate with testers, track individual findings, and quickly resolve flagged issues