UltraViolet Cyber has launched Solstice, an artificial intelligence platform for application penetration testing designed to work alongside its senior security practitioners.
The launch puts UltraViolet into a crowded application security testing market, where providers are trying to balance automation with human oversight. UltraViolet argues that many existing services either struggle to keep pace with software development cycles or rely too heavily on autonomous tools.
Solstice is built from UltraViolet's internal knowledge base, including runbooks, historical findings and engagement patterns gathered from more than 30,000 customer engagements. The platform is intended to support, rather than replace, human testers during application security reviews.
According to UltraViolet, Solstice uses specialist AI agents across more than 16 vulnerability classes, while practitioners focus on higher-judgment tasks. It also retains information from earlier assessments, including confirmed findings, false-positive patterns and application-specific behaviours, so later tests can draw on previous work.
The approach reflects a wider shift in cyber security as companies look to apply generative AI and related tools to labour-intensive testing and monitoring work. In application security, providers are under pressure to increase the speed and breadth of testing as organisations ship software more frequently.
Solstice sits within UltraViolet's broader "Power of Purple" operating model, which combines offensive and defensive security work. Under that model, information gathered during penetration testing is meant to inform threat detection, while defensive intelligence is meant to shape later offensive testing.
Aravind Venkataraman, Vice President of Technology at UltraViolet Cyber, described the product as a way to extend the work of experienced staff.
"Solstice is how UltraViolet puts AI to work for our pentesters - not as a replacement, but as the engine that scales their expertise," said Aravind Venkataraman, Vice President of Technology at UltraViolet Cyber. "We built it ourselves, grounded in years of UltraViolet engagement memory and our practitioners' own proven methodology. The AI proposes, and our expert decides. And because Solstice runs inside our Power of Purple operation, what our offensive team learns through AI directly sharpens what our defensive team detects. That closed loop - AI-augmented offense feeding AI-amplified defense - is something no point-solution vendor can deliver."
UltraViolet says this model should allow engagements to run about 20% faster while maintaining the same quality threshold. It also says the use of parallel AI agents should let testing teams assess vulnerability classes that might otherwise be dropped because of time limits.
Market pressure
The launch comes as buyers of cyber security services scrutinise claims around AI-led testing tools. Many businesses remain cautious about handing critical security decisions to autonomous systems, especially in regulated industries where context, judgement and auditability remain important.
That has created an opening for vendors offering hybrid models that keep humans in control while automating repetitive work. UltraViolet is positioning Solstice squarely in that segment, emphasising that experienced practitioners make the final decisions on findings and assessment outcomes.
According to the company, UltraViolet serves more than 400 Global 2000 enterprises and federal agencies. It says its operator base includes former US intelligence community personnel and that it uses a single team structure spanning red, blue and purple functions.
Ira Goldstein, Chief Executive Officer of UltraViolet Cyber, said the firm sees the platform as part of a broader security operations model.
"AI does not replace our pentesters, it amplifies them, and better pentests make every other part of the security operation smarter," said Ira Goldstein, Chief Executive Officer of UltraViolet Cyber. "We designed Solstice to deliver what serious security programs require: strategic and repeatable expertise on every engagement, every customer and every surface. The question every organization today should be asking themselves is, 'What is the right division of labor between the human expert and the machine?', and Solstice is our answer."
For UltraViolet, the test will be whether customers accept its argument that retaining memory from prior engagements, combined with a closer link between offensive and defensive teams, can produce more consistent application security assessments.
UltraViolet says Solstice carries forward "every confirmed finding, false-positive pattern and application-specific quirk," creating more consistent engagements.