Ridge Security has once again pushed the boundaries of offensive security innovation with the launch of RidgeGen, an agentic AI framework that elevates automated testing into true autonomous security validation. Announced from the company’s headquarters in Milpitas, California, RidgeGen represents the next major evolution of Ridge Security’s flagship product, RidgeBot, transforming it into a multi-agent ecosystem capable of intelligent, context-aware, and collaborative threat discovery.
With this release, Ridge Security positions RidgeBot as more than a vulnerability scanner or automated pen-testing tool. Instead, RidgeBot—powered by RidgeGen—acts as an autonomous agent that learns, adapts, and executes sophisticated offensive operations across IT, OT, and even AI-driven infrastructures.
“RidgeBot powered by RidgeGen helps our customers maintain a more confident and secure posture against breaches and ransomware attacks by reducing both false positives and false negatives in security,”
— Lydia Zhang, President and Co-founder, Ridge Security.
Agentic AI Comes to Security Validation
The term “agentic AI” refers to artificial intelligence systems that operate with autonomy—able to make contextual decisions, plan multi-step actions, and collaborate with other agents toward a shared goal. RidgeGen embodies this concept within a security context, enabling RidgeBot to orchestrate its own reconnaissance, exploit chaining, and threat modeling.
By combining the reasoning power of large language models (LLMs) with RidgeBot’s proven, domain-specific expertise, RidgeGen allows for unprecedented adaptability in security testing. Traditional automation excels at repeatable, predefined tasks—but struggles when novel or unknown attack vectors arise. RidgeGen bridges this gap by allowing RidgeBot to dynamically assess new environments and craft custom exploit strategies in real time.
This agentic approach marks a turning point for Continuous Threat Exposure Management (CTEM), the emerging discipline that focuses on continuously identifying, testing, and validating an organization’s exposure to real-world cyber risks.
Beyond Web Apps: Expanding the Attack Surface
Unlike conventional testing tools limited to websites or web applications, RidgeBot’s RidgeGen-powered framework extends across hosts, networks, APIs, OT environments, and AI systems. This broad reach reflects the growing complexity of modern enterprise infrastructure—where cloud services, operational technology, and machine-learning components often coexist and overlap.
By addressing this diverse landscape, RidgeGen gives CISOs and security teams a unified offensive testing capability that reflects real-world attack surfaces. It can uncover weaknesses that might otherwise go unnoticed—especially those hidden within complex dependencies or emerging AI-driven systems.
“It allows security teams to expand security testing beyond 1-day exploits to uncover zero-day vulnerabilities specific to their environment,”
— Lydia Zhang, Ridge Security.
The framework’s contextual intelligence enables RidgeBot to reason about relationships between systems, identify potential exploit chains, and simulate coordinated attack campaigns—tasks that previously required human red-team expertise.
Benchmark Performance: DEFCON 2025 Results
At a private preview event in San Jose on September 25, Ridge Security demonstrated RidgeGen’s capabilities in action. Attendees witnessed the framework’s multi-agent architecture performing collaborative reconnaissance and dynamic exploit chaining—highlighting how RidgeBot’s AI agents share intelligence and adapt their tactics mid-operation.
During the same event, Ridge Security announced results from the DEFCON 2025 Benchmark Bakeoff, where RidgeBot achieved an impressive 88% benchmark completion rate—outperforming other leading web security testing tools, which scored 38% and 82%, respectively.
Even more notable, RidgeBot accomplished this without generating a single false positive while sharply reducing false negatives—an achievement that underscores the precision and reliability of RidgeGen’s AI-driven reasoning.
The demonstration also included advanced attack simulations, such as JWT (JSON Web Token) confusion attacks, which have plagued enterprises in previous high-profile breaches. RidgeGen’s ability to autonomously identify and model these complex attack vectors demonstrates how AI can move beyond static testing to emulate sophisticated adversarial behavior.
The rise of AI-enabled threat actors has forced defenders to adopt equally advanced technologies to stay ahead. According to Charles Kolodgy, principal at Security Mindsets, Ridge Security’s approach exemplifies this next step in cyber defense evolution.
“Cybersecurity lives in a dynamic environment, and if you do not improve, you will be left behind,” Kolodgy said. “Ridge Security is providing the innovation that allows security teams to stay ahead of AI-powered threat actors. RidgeGen seamlessly integrates specially trained AI into RidgeBot to improve precision discovery and protection capabilities without creating ghost alerts (false positives and negatives).”
By reducing noise in vulnerability data, RidgeGen helps security professionals focus on what truly matters—mitigating real exposures rather than chasing false alarms. This refinement of automation directly supports the principles of CTEM, where speed and accuracy determine how effectively an organization can manage its cyber risk posture.
A Step Toward True Autonomy
RidgeGen represents more than an incremental upgrade; it is a foundational shift in how organizations can approach security validation. Earlier this year, Ridge Security’s RidgeBot 5.2 introduced a preliminary version of RidgeGen as a specialized Generative AI (GenAI) module trained on security-specific data. The latest release, however, fully embeds that intelligence into a multi-agent framework, creating what the company calls a “comprehensive agentic AI ecosystem.”
This ecosystem allows RidgeBot to perform more like a human red-team operator—collecting reconnaissance data, hypothesizing potential exploits, testing those hypotheses, and adapting strategies based on real-time feedback. Each AI agent can specialize in a different function, such as vulnerability prioritization, lateral movement, or privilege escalation, while collaborating with others for coordinated testing.
The result is a platform capable of scaling offensive testing in both scope and sophistication without requiring additional human labor—a critical advantage in an era of cybersecurity talent shortages.
Continuous Threat Exposure Management (CTEM) depends on ongoing visibility, testing, and validation. Yet many organizations struggle to sustain these processes at the speed and complexity of modern digital operations. RidgeGen addresses this challenge by embedding adaptive intelligence into the testing pipeline itself.
By automating the reasoning and decision-making aspects of attack simulation, RidgeBot powered by RidgeGen helps organizations transition from scheduled testing to continuous validation—where every change in infrastructure, configuration, or environment can be automatically evaluated for new risk exposure.
For CISOs, this means faster detection of potential weaknesses, fewer blind spots, and greater confidence in remediation priorities.
Looking Ahead
As AI continues to reshape both sides of the cybersecurity battlefield, Ridge Security’s RidgeGen positions the company squarely at the forefront of AI-driven security validation. By merging domain-specific offensive expertise with the adaptive learning capabilities of agentic AI, Ridge Security is redefining what it means to test, measure, and harden enterprise defenses.
Whether in IT networks, operational technology environments, or AI-enabled applications, the introduction of RidgeGen signals a new era—one where security testing systems don’t just automate tasks but think, adapt, and collaborate like skilled human adversaries.
In a landscape where speed, intelligence, and accuracy define survival, RidgeGen may very well be the framework that ushers in the age of autonomous defense.
About Ridge Security
Ridge Security, a leader in AI-powered offensive security, develops products that help enterprises strengthen their defenses against evolving cyber threats. Its technologies integrate advanced artificial intelligence to enhance the precision and efficiency of security validation. Learn more at www.ridgesecurity.ai.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information. BSM is cited as one of Feedspot’s top 10 cybersecurity magazines.