It's official—we are thrilled to be back for a fourth consecutive year as a Leader in the GigaOm Radar for Pentesting as a Service (PTaaS). This incredible accomplishment reinforces our reputation while validating the hard work we've put into maintaining the quality of our PTaaS services and constantly improving our platform to keep pace with the latest offensive security trends.
| 2022 | 2023 | 2024 | 2025 |
 |
|
 |
 |
Last year, we announced the ”three-peat”—a feat only achieved by a few of the all-time great sports teams. We honestly weren't sure how to top that... until we did.
If you know the classic song, you can finish this jingle: Three in a row, go for one more… Go for it, connect four!
So, what exactly is the GigaOm Radar Report?
GigaOm is a leading independent industry research firm that provides technical, operational, and business advice for IT and security leaders. This year's radar report for PTaaS examines 16 of the top pentesting as a service (PTaaS) solutions, comparing different offerings against critical capabilities and key business criteria. The goal is simple: to provide a comprehensive market overview, and an in-depth look at each solution, to help you make the most informed investment decision for your security program.
The key business criteria measured in the report includes attributes like:
- Flexibility: Ability to adapt testing methodologies, schedules, and scopes to meet diverse organizational needs and changing security landscapes.
- Scalability: Ability to efficiently handle increasing volumes of testing across growing and evolving IT infrastructures.
- Speed: The rapidity with which security tests can be initiated, executed, and reported, as well as the timeliness of vulnerability detection and remediation.
- Risk reduction: Effectiveness in identifying, prioritizing, and mitigating security vulnerabilities, thereby lowering an organization's overall cybersecurity risk.
- Cost: The total financial investment required for implementation, operation, and maintenance of the service, including both direct and indirect expenses.
With so many options, why go with PTaaS?
The GigaOm Radar report is crystal clear on this: traditional testing just isn't cutting it anymore.
The report highlights that the PTaaS model directly addresses fundamental business priorities. From a leadership perspective, this means gaining real-time insight into security weaknesses, which facilitates forward-thinking risk management and minimizes the potential expenses of a data breach. By digitizing and optimizing security workflows, PTaaS also substantially decreases costs compared to conventional testing. Furthermore, the report notes that the model supports ongoing regulatory adherence through regular, thorough security evaluations—a critical consideration in today's compliance-focused environment.
Finding threats and exposures horizontally, vertically, and diagonally
The 2025 GigaOm Radar for Pentesting as a Service (PTaaS) shows that in a landscape of escalating digital threats, PTaaS has become a strategic asset. It enables executive leadership to strengthen their enterprise security framework while advancing core business priorities like expansion, operational excellence, and organizational adaptability.
GigaOm's research also points to the swift evolution of the PTaaS market. Current developments include the rise of advanced AI-powered testing solutions, superior compatibility with existing security and development platforms, and more refined reporting and analytical tools. We're seeing providers increasingly deliver complete holistic security offerings that blend continuous assessment with complementary security functionalities.
Connecting the dots between Security and Compliance
Offensive security testing shouldn’t feel like a board game. Let us connect the dots between vulnerabilities, exploits, and validated exposures. Thinking like an attacker, we do the work so you can stay secure and reduce risk.
“The Cobalt Offensive Security Solution integrates multiple security testing components across application security, network and cloud security, and specialized engagements. Key offerings include pen testing, Dynamic Application Security Testing (DAST), Secure Code Review, Attack Surface Monitoring, Network pen testing, Red Teaming, and specialized AI & LLM pen testing services. The solution enables organizations to launch new engagements within 24 hours through its network of 450 vetted security professionals.”
Four recommendations for selecting the right PTaaS vendor
GigaOm also provides a helpful framework for selecting the best pentest as a service vendor, suggesting leaders focus on four main recommendations:
- Start by assessing your primary objectives: Are you seeking compliance attestation, genuine security improvement, or both? This fundamentally impacts vendor selection.
- Evaluate solutions against your specific technology stack, development methodology, and security maturity.
- Consider implementation complexity and required resources.
- Request detailed demonstrations focusing on your specific use cases rather than generic presentations.
Ultimately, the report concludes that the most strategic approach is to select a vendor whose roadmap aligns with your own security evolution—a partner who can meet your immediate needs and support your organization's growth in security maturity, technology adoption, and compliance.
Closing the box after another great win
No one likes a sore winner. While we definitely feel the need to boast about this accomplishment, we’re also humbled and honored to be included in this report. Anytime someone does research on something you do well, you want to be in the mix. At Cobalt, PTaaS is our core business. It’s the technology and approach we pioneered over a decade ago. To still be the leading PTaaS provider in the space means a great deal to us.
We also do more than pentesting. With a full suite of offensive security services, we’re here to help you discover and validate exposures across your production applications and internet-facing networks, so your teams can identify and reduce risk. As the GigaOm report highlights: “Cobalt’s Offensive Security Solution combines human expertise with technology to provide continuous security testing capabilities.”
Schedule a call today to see how our human-led, AI-powered pentesting and offensive security services can help your team identify threats before attackers do. Afterall, someone will uncover your vulnerabilities. Shouldn't it be you?
