Operant PTaaS

"Your website has vulnerabilities. We find them before hackers do — no IT team, no jargon, no $50K consultant."

Comment

Inspiration

Pranav experienced a personal data breach, and a close friend's business suffered repeated cyberattacks. We realised that as AI makes attacks faster, cheaper, and more sophisticated, founders and SME owners are being left behind — priced out of enterprise security tools and too busy to become experts themselves. There was no affordable, accessible solution built for them.

What it does

Operant is an AI-driven penetration testing agent that automatically scans web applications for fundamental to intermediate vulnerabilities. It delivers plain-English status reports and actionable fix recommendations — no security background required.

How we built it

We trained an MCP agent on cybersecurity data spanning real-world attack patterns, CTF challenges, and vulnerability databases. We then wrapped it in a frictionless Claude integration, reducing the barrier to entry to a single URL input.

Challenges we ran into

The hardest problem wasn't technical — it was human. Differentiating against well-funded competitors, and convincing optimistic founders that cybersecurity matters before something goes wrong. In an era of AI-accelerated threats, the industry's biggest challenge is that people don't act until they're already a victim.

Accomplishments that we're proud of

We built a penetration testing agent that outperforms most entry-level security graduates — in two days. It autonomously completes real-world hacking challenges across SQL injection, XSS, authentication bypass, and more.

What we learned

Building the product was the easier part. The real challenge in cybersecurity is getting people to care. Adoption happens after the breach, not before — and that's exactly the gap Operant exists to close.

What's next for Operant PTaaS

After building a strong foundation of case studies and reputation in the SME market, we plan to expand into high-value regulated sectors like healthcare — the industry that loses the most from breaches yet remains the most underprotected. Longer term, we will broaden into adjacent threat vectors including phishing protection, positioning Operant as the complete fundamental cybersecurity package for businesses that can't afford to be exposed.

Built With

Share this project:

Updates