Decoding the world of cybersecurity

Intruder opens exposure management free tier

Intruder’s permanent free plan gives smaller organisations access to vulnerability scans, cloud checks, attack surface monitoring, and limited AI pentesting.

Intruder opens exposure management free tier
Summary
  • Intruder has launched a permanent free plan covering vulnerability management, cloud posture checks, container scanning, and attack surface monitoring.
  • The plan supports weekly scans for limited external targets, one cloud environment, two container images, and three users.
  • The launch reflects increasing demand for exposure visibility among small and mid-sized organisations.

Intruder has launched a permanent free plan for its exposure management suite, giving small and mid-sized organisations access to vulnerability management, cloud security posture checks, container image scanning, attack surface monitoring, cyber hygiene reporting, and limited AI pentesting.

The London-based company said the plan is intended for organisations with smaller attack surfaces, or practitioners responsible for a defined part of a larger estate. It gives users weekly scheduled vulnerability scans for up to five external targets, weekly cloud misconfiguration checks across one AWS, Azure, or Google Cloud environment, weekly scans for two container images, continuous change monitoring on ports 80 and 443, unlimited remediation scans, a cyber hygiene score, one automated AI pentesting investigation credit per month, and support for up to three users.

Intruder’s launch material presents the plan around a gap between enterprise tools that assume more staff, budget, and complexity than smaller teams can support, and starter products that those teams have outgrown. The company cited its Security Middle Child research, which found that 46% of midmarket security teams say enterprise platforms assume more staff, budget, or complexity than they can support, while 29% say tools built for smaller businesses no longer meet their needs.

The company’s product update says users begin with a 14-day Cloud plan trial and can then move to the Free plan without a credit card if they are not ready to commit. The operational model is built around connecting a target, integrating a cloud account, surfacing findings, validating remediation, and building evidence before scaling into a paid tier.

Smaller organisations carry substantial exposure through internet-facing services, cloud misconfiguration, unpatched software, unmanaged assets, and weak remediation processes. Many are suppliers to larger businesses, public bodies, financial services organisations, healthcare providers, and critical infrastructure operators. Their security posture can become part of someone else’s supply chain risk.

Cost is only one barrier. Lean teams also face alert volume, tool sprawl, false positives, limited specialist staffing, and limited time to validate whether a finding is exploitable or material. A free tier does not replace governance, patch ownership, incident planning, identity controls, or supplier assurance, but it can lower the threshold for recurring exposure visibility.

The inclusion of AI pentesting credits also reflects a wider shift in exposure management. Automated investigation is becoming part of the market as vendors try to move beyond discovery into validation and prioritisation. Used well, that can help teams reduce false positives, confirm impact, and focus on exposures attackers are more likely to exploit.

Exposure management is becoming a baseline discipline for smaller organisations that sit inside larger digital ecosystems. Suppliers, start-ups, professional services firms, and midmarket businesses need visibility of their own attack surface before that exposure travels into contracts, data flows, and operational dependencies.

×