Horizon3.ai is making it easier for MSSPs and MSPs to adopt its autonomous offensive security platform by making it available on the Pax8 Marketplace, a go-to cloud site for vendors and channel partners.
The startup said its flagship NodeZero offensive security platform is now on the online market, the latest in a series of announcements from the company dating back to last year as it looks to expand its presence in a highly competitive market.
The channel is key to that effort, according to
Marc Inderhees, vice president of channels and alliances at Horizon3.ai.
“Pax8 gives us reach into the MSP ecosystem without friction,” Inderhees told MSSP Alert. “Partners can now discover, buy, and deploy NodeZero like any other SaaS tool, no procurement hurdles, no heavy lift. For Horizon3.ai, it means faster adoption. For partners, it’s a new revenue stream built around offensive security and measurable results.”
NodeZero is an AI-powered platform that offers autonomous penetration testing to help organizations and service providers to continuously and safely emulate bad actor behavior and real-world cyberattacks on systems, networks, and applications so they can find and harden weak spots in their defenses. It identifies exploitable attack paths, misconfigurations, and credentials, and documents the findings at every step.
“Organizations don’t need more alerts, they need proof,” Inderhees said. “NodeZero performs real attacks to expose what’s actually exploitable, not just what’s theoretically risky. For MSPs and MSSPs, that’s a game-changer. They can now deliver pentesting and risk validation at scale, without needing a fulltime red team. It’s a way to prove value, reduce client risk, and drive better security outcomes.”
Going on the Offensive
Such capabilities are important to such service providers, who are charged with protecting clients but haven’t had access to offensive tools that can help, Inderhees said.
“With NodeZero, they can offer pentesting as a service, validate fixes, test defenses continuously, and more,” he said. “They move from passive monitoring to active security, finding real issues and helping clients fix them before attackers do.”
Such tools come under a range of categories, such as threat emulation, adversary emulation, and breach and attack simulation (BAS), but the goals are essentially same: to securely emulate real-world attacks to identify gaps in security before threat actors can exploit them.
Scanning is Not Enough
“Reactive security – scanning and patching – has been widely practiced for decades,”
XM Cyber, which offers its own set of simulation and emulation tools,
wrote in a blog post. “Today’s environment requires more. It’s not enough to scan for vulnerabilities and conduct episodic penetration testing. You need full visibility across the entire spectrum of security environments, and it has to be continuous in nature. Anything less and you are accepting more risk than you need to.”
BAS platforms allow “organizations to play offense by playing defense. Instead of waiting for the worst to happen and hoping your defenses are robust enough to deter any attack, simulating cyber-attacks allows you to test those defenses under real-world conditions.”
The global automated BAS market is expected to grow from $953.3 million this year to more than
$10.5 billion by 2033, driving the growing number and sophistication of cyberattacks and the expanding regulatory environment. The list of established vendors includes Picus Security, AttackIQ, Cymulate, and IBM’s Security Randori Recon.
An Aggressive Push
Horizon3.ai is looking to muscle its way deeper into the market. In the last half of 2024, the San Francisco-based company rolled out
three new offerings on its platform: a pentest for Kubernetes containers; NodeZero Tripwires, for dropping deceptive assets along attacks paths during a pentest; and NodeZero Insights, which unifies data from the continuous penetration testing.
This year, Horizon3.ai
unveiled its Vanguard Partner Program and
gained FedRAMP High Authorization, giving it the ability to sell its platform to federal government agencies. In addition, in late May, the six-year-old vendor announced it
raised $100 million, building on the $40 million in Series C funding it collected in 2023, and said there are more than 3,000 organization using NodeZero.
Growing the Channel
Horizon3.ai executives said the new funding will help the company continue to add NodeZero innovations and scaling its federal business. Some of it also will be used to grow its channel efforts to meet demand in the Americas as well as Asia, Europe, the Middle East, and Africa.
Adding the platform to the Pax8 Marketplace is part of that push.
“Our partners are beginning to act as the offensive security team for their clients,” Inderhees said. “NodeZero gives them the ability to test, validate, and prove risk across any environment, without agents or manual tuning. Now that it’s on Pax8, they can integrate it directly into their stack, making it easier to deliver high-impact security outcomes at scale.”
