Founded in 2022, Astrolabe Security is a research-driven company building the tools CTOs and CISOs actually love. We've been on both sides — as attackers and defenders — and we build like it.
Security testing used to be something you did once a year, right before an audit. You hired a firm, waited 6 weeks for a PDF report, read the first two pages, filed the rest, and called it done. Nothing actually changed.
We built Astrolabe because we believed security had to work the way modern engineering teams actually work — continuously, at dev speed, with findings that go directly into Jira instead of a shared drive folder.
Today, 1,000+ companies run security testing on every sprint. Their developers fix vulnerabilities without leaving their workflow. Their auditors get compliance evidence automatically. And their CTOs sleep easier knowing their apps are actually secure — not just certified once.
We've moved fast, shipped real things, and stayed laser-focused on what matters: helping engineering teams find and fix vulnerabilities before attackers do.
Founded in Lavon, TX with a single thesis: security testing should work the way modern software teams work — continuously and at dev speed. First 5 customers signed within 60 days of incorporation.
Launched our first automated DAST scanner with 5,000+ test cases and CI/CD integration. First company to offer authenticated scanning with TOTP MFA bypass out of the box. Zero setup time — live in 30 minutes.
Our security research team published the first of 30+ CVEs, uncovering a critical remote code execution vulnerability in a widely-used open-source authentication library with 2M+ weekly downloads. Made our mark on the security research community.
Launched the PTaaS platform combining our automated DAST engine with certified human pentesters (OSCP, CREST). Sprint-aligned security testing became real for the first time — findings in Jira within 24 hours of every deploy.
Released the API Security Platform — the first tool to automatically discover shadow APIs, zombie endpoints, and undocumented routes, then continuously test them against OWASP API Top 10. Over 200 customers adopted in the first 90 days.
Shipped the agentless Cloud Vulnerability Scanner for AWS, Azure, and GCP. First report in under 10 minutes — 400+ CIS benchmark checks, IAM drift detection, and automated compliance reporting. Reached 500+ customers milestone.
Launched AI-powered mobile app security testing for Android and iOS — SAST + DAST + manual testing in one engagement. 250+ MASVS-aligned test cases. Reverse engineering, runtime instrumentation with Frida, and business logic testing that no automated scanner can replicate.
Astrolabe now secures 1,000+ companies across 70+ countries — from FinTech startups to healthcare enterprises to Fortune 500 engineering teams. We've uncovered 2M+ vulnerabilities, saved an estimated $69B+ in potential breach costs, and published 30+ CVEs. We're just getting started.
These aren't posters on a wall. They're how we make hiring decisions, build products, and handle the hard conversations.
We hold ourselves to the same standard we hold our customers. Every line of code we ship is reviewed for security first. Our tools protect companies — they need to be worthy of that trust.
We publish CVEs, contribute to OWASP, and share our findings openly. The best security tools are built by people who genuinely understand the attack surface — so we stay in the trenches.
We're a lean team. We say no to good ideas so we can say yes to great ones. Speed with focus beats scattered effort every time. We ship things that matter.
1,000+ CTOs and CISOs trust us with their security. That trust is sacred. We respond fast, stay honest, never oversell, and always prioritize what's right for the customer over what's easy for us.
We're remote-first across multiple time zones. Great written communication, clear documentation, and thoughtful async decisions are superpowers we hire for explicitly.
Every person on this team has direct impact on our product and customers. We hire people who think like owners, act like founders, and take accountability without being asked.
Our team has helped secure Microsoft, Adobe, Facebook, and Buffer. We've discovered zero-days, published CVEs, and built tools that actually work in production.
Former CISO at a Fortune 500 company. 15+ years in offensive security. Published 12 CVEs in major enterprise software. Built security programs at 3 unicorn startups before founding Astrolabe.
Security researcher turned engineer. Contributed to OWASP Mobile Top 10 and OWASP Testing Guide. Previously led security engineering at a $4B SaaS company. Expert in mobile app security and API attack surfaces.
Discovered and disclosed 10+ CVEs in production systems used by millions. Former red team lead at a Big 4 consulting firm. Specializes in cloud attack paths and IAM exploitation chains that automated tools never find.
10 years building scalable security infrastructure. Led the engineering teams that built our DAST scanning engine, AI correlation layer, and PTaaS platform from the ground up. Obsessive about developer experience and pipeline performance.
AWS, Azure, and GCP certified security specialist. Spent 7 years at a major cloud provider on their internal security team before joining Astrolabe. Architected our Cloud Vulnerability Scanner from scratch and maintains our CIS benchmark test library.
CREST-certified penetration tester with 9 years of experience in web, API, and mobile security. Leads our team of expert pentesters and is responsible for every zero-false-positive guarantee we make to our customers.
We're a team of 30+ security engineers, researchers, and builders — and we're growing.
View Open Roles →Our research team hunts for zero-days in production systems, contributes to OWASP working groups, and publishes their findings openly. Every CVE we discover makes the internet a little safer for everyone.
"Astrolabe's PTaaS approach represents a fundamental rethinking of how application security should work — not as a one-time event, but as a continuous process that matches the pace of modern software development."
"In an industry full of point-in-time security tools, Astrolabe stands out for building something that engineers actually want to use — a platform that fits into existing workflows rather than fighting them."
"Every finding on Astrolabe's platform is verified by a certified pentester before it reaches the developer. In a world drowning in scanner noise, that human validation layer changes everything about how teams prioritize remediation."
We're backed by investors who've built and scaled security companies — and who understand the problem we're solving from the inside.
Seed & Series A investor
W22 batch
Security-focused VC
International expansion
Our team is distributed across 12+ countries. We hire the best security talent in the world, regardless of location — and we've built our company to make remote work genuinely excellent.
553 Sierra Ridge, Lavon TX
United States · +1 (972) 379-8459
sales@astdb.com
30+ team members across the US, Europe, and Asia-Pacific. Security engineers, researchers, and builders in 12+ countries operating across all time zones for fast global customer support.
For urgent security incidents, critical vulnerability disclosures, enterprise inquiries, or emergency pentest requests — our team responds 24/7.
support@astdb.com
Continuous pentesting, zero false positives, compliance reports, and verifiable certificates — everything you need to actually be secure, not just compliant.
✓ sales@astdb.com · ✓ +1 (972) 379-8459 · ✓ Founded 2022, Lavon TX