How AI Is Reshaping the Cybersecurity Market: Cyber Espada Founders on Autonomous Pentesting, DeFi Blind Spots, and a New Protection Model f...
AI
RND
DEFI
CYBER
SECURITY
Crypto hacks stopped being news long ago — they’ve become the norm. According to Chainalysis, hackers stole at least $3.4 billion in cryptocurrency in 2025, a 55% increase compared to the $2.2 billion stolen in 2024.
The industry responds the way it always has: demanding smart contract audits, hiring consultants, publishing postmortems. But most of the high-profile incidents of recent years — a $600M bridge exploit, an exchange breached through a contractor, a wallet drained through a key leak — had nothing to do with the contract itself.
Ilya Smyslov and Petr Tovanov have been working in offensive security for years. Their pentesting firm started receiving requests from crypto and fintech projects long before they deliberately targeted that market. Seeing sustained demand and the ceiling of manual scaling, they launched Cyber Espada — an autonomous system built on a fine-tuned AI model that runs a full external pentest of a web application in 3–4 hours instead of several weeks.
We spoke with both founders: Ilya explains why a bear market actually benefits cybersecurity and where the industry is systematically getting it wrong. Petr breaks down the product architecture and scaling roadmap.
ILYA SMYSLOV ON THE MARKET AND THE STATE OF THE INDUSTRY
— Ilya, welcome! We’re really glad to have you and Petr here. Tell us — why did you decide to launch a cybersecurity campaign right now? What has changed in the crypto and fintech space?
Hey! Thanks for having us. I’ve been in cybersecurity for a long time — four years ago I founded my own offensive security company doing pentests and audits. And this past year we’ve really felt a shift coming from crypto and fintech.
Before, a crypto project could operate with no audit at all and nobody said a word. Now everything has changed — exchanges won’t list you without a report, funds won’t come in without an audit, insurers won’t cover you without a review. Security has become mandatory.
And yet the entire industry is fixated on smart contract audits. Checked the contract — great job. But most real hacks don’t go through the contract at all. A $600M bridge was broken through a fake job interview. A wallet — through a key leak. An exchange — through a compromised contractor. Behind every DeFi project sits a regular website, a regular API, a regular database — and nobody checks those, but that’s exactly where hackers get in.
That’s what we do — we test everything around the contract. And we’re seeing enormous demand for it right now.
— Crypto markets are clearly in bearish territory — retail is leaving, people are getting disillusioned. How has that affected the cybersecurity industry? Fewer clients, less revenue?
A lot of people assume a bear market is bad for everyone, but in our space it’s the opposite. When the market is booming, everyone is rushing to launch and security is an afterthought. When it drops — the serious builders are the ones who stay, and they’re the ones investing in audits and proper processes.
We didn’t go looking for crypto clients — projects started coming to us through our existing company. One, then another, then a fifth. An exchange needed a report, a fund asked for an audit, a partner sent a security checklist. When we saw these weren’t random requests but a trend, we realized there was a serious market here.
And in a falling market, every hack hits much harder. When everything’s going up — you lose money, it hurts, but you move on. In a bear market, losing $10–20 million is the end of the project. There’s no coming back from that.
— What are the core pain points Cyber Espada solves? What do you hear from clients?
The number one thing we hear is: too expensive and too slow. A manual pentest starts at six thousand euros and takes a month. For a small team, that’s simply out of reach.
The second issue is contractors. Crypto projects work with a lot of external teams. One built the frontend, another the backend, a third configured the servers — and each one could have left a vulnerability. Keys in an open repository, a debug panel on production, a test endpoint someone forgot to close. The project has no idea. We find this kind of thing regularly — you call them and say “your backup bucket is publicly accessible,” and they say “that was the previous team, we didn’t know.”
The third issue is opacity. You pay a pentester, they disappear for three weeks and come back with a PDF. What they tested, how deep they went, how much coverage they had — unclear. We often hear: the last guys found three vulnerabilities, you find fifteen. It’s just a different approach.
— The cybersecurity market is large, with companies that have held leading positions for years. Who are your main competitors and how do you differentiate?
The market is big, but it’s divided into very different niches. There are solutions costing hundreds of thousands per year aimed at large corporations — that’s not our world. There are smart contract audit firms — we do something different. There are vulnerability scanners — cheap, but shallow. A scanner will check against a database of known issues and tell you “you have an outdated library.” But it won’t try to actually exploit it, won’t check business logic, won’t build an attack chain.
A full-scale pentest for small and medium businesses at a reasonable price — there’s almost nobody doing that. That’s exactly what we do. And what sets us apart is that we have a real, active team of pentesters behind the product. Not a research lab — people who have been breaking systems by hand for years and know what actually shows up in the wild. That’s a different quality of testing.
A full-scale pentest for small and medium businesses at a reasonable price — there’s almost nobody doing that. That’s exactly what we do.
— What is your first-mover advantage? Why will clients choose you?
We already work with crypto projects, we know their stack and typical weak points. No learning curve needed.
But more importantly — we understand that this market can’t be served manually. There are few good pentesters, they’re expensive, and each project takes weeks. But there are thousands of projects that need testing, and they can’t wait a month or pay tens of thousands.
So Petya and I decided to take all our experience — our methodologies, attack strategies, the team’s knowledge — and package it into a product. We built Cyber Espada. It’s a system that runs a complete external pentest. You provide a domain, you get a report with discovered vulnerabilities and proof of exploitation. Petya will explain how it works under the hood.
— How do you plan to acquire your first clients? Are there already commitments or pilots?
We have something most startups don’t — a working company, real clients, and a reputation. We don’t need to prove from scratch that we can do pentests.
Clients are already coming in through our main business. But manually we can only handle a few projects at a time, and demand is much greater. Cyber Espada is built specifically for that — so that any project can run a security check, not just those who can afford to pay for manual work.
We also see strong potential in partnerships with exchanges and funds — those who already require security reports from projects. We can be the tool they recommend.
— Tell us about your background — how did you get into cybersecurity and crypto? What did you do before?
I studied information security, but we started out doing custom software development. The classic story — write code, deliver it, pick up the next project. Then we tried cybersecurity and realized it was a different level entirely, both financially and in terms of the work itself. When you find a serious vulnerability in someone’s system, nothing compares to that feeling — not another custom app. I founded the company and we went all in on offensive security.
Petya and I have a clear division of responsibilities — he handles operations and the technical side, I handle business and strategy. In cybersecurity there’s usually an imbalance: either strong technical people who can’t sell, or good salespeople who don’t understand the product. We have both sides covered.
We didn’t target crypto — projects came to us, one after another. We saw demand growing and realized we couldn’t scale manually. We decided to build a product — and that’s how Cyber Espada was born.
PETR TOVANOV ON THE PRODUCT AND LAUNCH
— Petr, welcome! Please explain your system in detail. How does it work? What’s the architecture?
CyberEspada is an autonomous AI agent that tests the security of web applications from the outside, the way a professional pentester would. You provide a domain — you get a full report with discovered vulnerabilities and proof of their exploitation.
The key element is our unique attack-building pipeline. We don’t just point AI at a website and hope for the best. First, the system builds a complete strategy: target reconnaissance, mapping the attack surface, generating hypotheses — where to look for weaknesses and in what order. This is a deterministic, refined process based on the experience of our pentesters.
On top of that pipeline runs our AI — a proprietary fine-tuned language model focused on cybersecurity. It takes the structured plan and executes it at tremendous speed: generating non-standard test scenarios, adapting to the target’s defenses, verifying each finding.
The pipeline is the foundation. The model is the intelligence. Neither works without the other — together they are our core intellectual advantage.
— Does your product extend beyond crypto and fintech into other industries — traditional finance, gaming, e-commerce?
Absolutely. CyberEspada works with any web application — e-commerce, SaaS, fintech, crypto. The system doesn’t care about the industry; it tests the web application as a black box.
In our tests we’ve found serious vulnerabilities: full authorization bypass with access to all users’ data on a platform, remote code execution on a server through API injection, mass leakage of payment data through a business logic vulnerability. These aren’t theoretical risks — these are confirmed findings with proof.
At launch we’re focused on fintech and crypto because the cost of a single incident there is in the millions. But we plan to go beyond web: testing network infrastructure, mobile applications, API ecosystems. The attack pipeline is universal — we’ll scale it to new surfaces.
— Despite declining interest in crypto, hacks and thefts are happening more frequently. How do you address these threats in crypto and fintech? What’s different from traditional solutions?
Traditional scanners and white-label solutions work from the inside — they check configurations, cross-reference databases of known vulnerabilities. We work from the outside — the way a real attacker does.
The key difference is that we don’t just have a scanner — we have a full attack-building pipeline. The system first develops a testing strategy, then our fine-tuned model executes that strategy automatically. Like a professional pentester, only orders of magnitude faster. Where a specialist needs weeks — we finish in hours. And unlike scanners, we test business logic: authorization bypass, transaction manipulation, privilege escalation — things scanners fundamentally cannot find.
— How large is your team right now? Where are you planning to launch, and which markets are you targeting?
There are two co-founders, three developers, and a team of 16 pentesters. The pentesters are our key asset: they continuously monitor system results, improve the pipeline logic, and enrich attack strategies based on real-world experience. Effectively, the knowledge of 16 specialists is packaged into an automated product — and into our fine-tuned model.
We’re launching in markets where there’s a serious shortage of pentesters and growing regulatory pressure on businesses — which is practically everywhere. We’re starting with targeted pilots and scaling to international markets.
— What does the process look like for a client working with Cyber Espada? What does it cost and what do they get?
It’s simple: the client connects their domain, confirms ownership via a CNAME record — standard verification, a couple of minutes. Our attack pipeline launches, and within 3–4 hours the client receives a full report with verified vulnerabilities and recommendations.
The cost is $300 per scan. For comparison: a manual pentest starts at $6,000 and can cost several times more. We want to change this market — to make cybersecurity accessible not just to corporations with large budgets, but to startups, mid-sized businesses, any company with a web application.
We want to change this market — to make cybersecurity accessible not just to corporations with large budgets, but to startups, mid-sized businesses, any company with a web application.
— Share your plans for the near future. What’s on the roadmap for the next 3–6 months? What features are the priority and when do you plan to scale?
Three major directions. First — feature expansion: extending the pipeline to new surfaces — network infrastructure, mobile applications, APIs. Second — continuous model training: every scan makes it smarter, and we’re investing heavily in that. Third — expansion into international markets.
By 2027 we’re planning to become a unicorn. The cybersecurity market is growing at double-digit rates, autonomous solutions are the future of the industry, and we intend to take a leading position.
