Quantro Security
AI native cybersecurity agent (VM.Analyst) that reasons across the security stack to find vulnerable, reachable, exploitable risks and drives human approved remediation.
Quantro Security is an AI native cybersecurity company building autonomous agentic AI for cyber defense. Its first product, VM.Analyst, automates vulnerability management and risk remediation so security teams can keep pace with AI generated threats. VM.Analyst integrates directly with an organization's existing cybersecurity stack, ingesting data from vulnerability management platforms, cloud security suites, configuration management databases, and firewalls, then normalizing and deduplicating that data and making it available for its agents to reason over. Reasoning across these disparate data sets with human level expertise, the agent autonomously assesses the entire risk landscape in the context of the organization's unique environment, accounts for compensating controls and security configurations, and pinpoints the risks that are genuinely vulnerable, reachable, and exploitable. It then provides the necessary remediation actions while keeping a human in the loop, and security analysts interact with it through natural language prompts to get insights, delegate tasks, or trigger remediation workflows. Quantro is headquartered in New York and was founded by CEO Sasan Padidar and CPO Mehul Revankar, whose team includes engineering and product leaders from CrowdStrike, Tenable, and Qualys, with backing from Gradient. Its capabilities were verified through Anthropic's Cyber Verification Program.
Vendor details
Canonical URL
https://quantro.security
Category
Security / SOC agent
Funding status
Seed. Backed by Gradient, Google's early stage AI seed fund. The funding amount was not disclosed. Emerged from stealth in March 2026.
Company status
private
Use cases & customers
Primary use cases
Target customers
Integrations
VM.Analyst integrates directly with an organization's existing cybersecurity stack, ingesting from vulnerability management platforms, cloud security suites, configuration management databases, and firewalls, then normalizing and deduplicating the data for its agents to reason over.
Sources & related URLs
Related / legacy domains
Research sources
Capability coverage
4.5 / 14 capabilities · 32%
| Integrations & Tool CallingVM.Analyst integrates directly with the existing security stack, ingesting from vulnerability management platforms, cloud security suites, CMDBs, and firewalls (siliconangle.com, prnewswire.com). | Full |
|---|---|
| Workflow OrchestrationA reasoning and execution layer assesses risk and can trigger remediation workflows, though a broad workflow orchestration framework is not detailed (quantro.security, fintech.global). | Partial |
| Knowledge Grounding & RAGThe platform normalizes and deduplicates data across disparate sources and reasons over it with human level expertise, contextualized to the organization's environment (siliconangle.com, prnewswire.com). | Full |
| Human Oversight & GuardrailsThe agent keeps the human in the loop and keeps human operators involved in decision making while automation handles analysis and prioritization (prnewswire.com, fintech.global). | Full |
| Security, Identity & GovernanceThe product secures customers, but the platform's own certifications, identity, and governance controls such as SOC 2, SSO, or RBAC are not documented, and the company just emerged from stealth (quantro.security, prnewswire.com). | Unable to verify |
| Observability & AuditabilityThe agent surfaces the reasoning and evidence behind why a risk is vulnerable, reachable, and exploitable, though formal audit tooling is not detailed (quantro.security, siliconangle.com). | Partial |
| Memory & State PersistenceNo memory or state persistence is documented (quantro.security). | Unable to verify |
| Deployment & Data ResidencyNo deployment or data residency options are documented (quantro.security). | Unable to verify |
| Prebuilt Agents / Templates / PacksA single product, VM.Analyst; the broader army of agents is roadmap rather than a shipped pack library (prnewswire.com, ai-techpark.com). | Unable to verify |
| Triggers & Channel CoverageAn always on advisor that can trigger remediation workflows, though a broad trigger framework is not detailed (prnewswire.com, fintech.global). | Partial |
| Model Flexibility & RoutingNo user facing model choice or routing is documented; capabilities were verified through Anthropic's Cyber Verification Program (quantro.security). | Unable to verify |
| APIs / SDKs / MCP ExtensibilityNo public API, SDK, or MCP for building on the platform is documented (quantro.security). | Unable to verify |
| Testing, Debugging & OptimizationNo user facing agent testing or evaluation tooling is documented (quantro.security). | Unable to verify |
| Browser / Computer-useNo browser or computer use is documented (quantro.security). | Unable to verify |
Recent platform changes
No recent material changes tracked yet.
Pricing
Not public. Quantro Security sells VM.Analyst through an enterprise motion with a scheduled demo; pricing is not published and the company recently emerged from stealth.
Enterprise engagement; scales with environment size and volume of vulnerability findings.
Included quota
Not public.
Cost watchouts
Analysis scales with the size of the environment and the volume of vulnerability findings ingested, and agent reasoning consumes model inference; onboarding as an early design partner may apply.
Variable cost rationale
Analysis scales with the size of the environment and the volume of vulnerability findings ingested, and agent reasoning consumes model inference; pricing is not published.
Overage / add-ons
Not public.
Sales call required
Yes — required for paid access
Free / trial
Schedule a demo.
Lowest paid plan
Not public.
Key ambiguities
No public pricing; the company emerged from stealth in early 2026 with its first product.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- Assail — Autonomous red teaming platform (Ares) whose AI agents discover,…
- Astelia — AI native exposure management platform from Israeli National Red…
- Capsule Security — Runtime security layer for AI agents that detects and blocks unsafe…
- Clutch Security — Universal non human identity security platform that discovers,…