The “Anti-Scanner” Revolution: How CurlSek Is Making Cybersecurity as Continuous as Code

In the fast-paced world of modern software development, security has long been treated as the unavoidable speed bump something teams slow down for, only when required. While developers push code multiple times a day, penetration testing has remained largely periodic, manual, and time-consuming.

In an interview with Indian Startup Times, CurlSek, a fast-growing cybersecurity startup, shared how it is challenging this outdated model by rethinking penetration testing altogether.

Founded in early 2025 by industry veterans Mohd Sohaib and Rinkish Khera, CurlSek is positioning itself not as another vulnerability scanner, but as an autonomous offensive security platform built to think and behave like a real attacker. Following its recent investment from Capital3 and induction into the NVIDIA Inception Program, the company believes that in 2026, security must move at the same speed as software.

Speaking to Indian Startup Times, Rati Batra, Growth & Partnerships Associate at CurlSek, explained that the company’s core philosophy is rooted in one simple belief: security should never be static.

Moving Beyond Periodic Checkboxes

During the interaction, Rati highlighted how traditional security approaches resemble annual health check-ups useful at a point in time, but ineffective in a continuously changing environment.

“Security should not be a periodic exercise anymore,” she shared, adding that with rapid CI/CD pipelines, an application that passes a test today can become vulnerable within hours due to even minor changes.

Rati Batra explained that CurlSek was born out of a fundamental question: can AI replicate the behaviour of a human hacker instead of just scanning for known vulnerabilities? This thinking led the team to move away from static scanners and toward multi-agent AI orchestration.

Through autonomous agents such as Threatmesh and Vulnauts, CurlSek continuously discovers digital assets, ingests real-time threat intelligence, and attempts to chain vulnerabilities together mirroring how sophisticated attackers operate in real-world scenarios.

Tackling the Industry’s Biggest Pain Point: False Positives

One of the most recurring frustrations for developers and security teams, CurlSek acknowledged during the interview, is the flood of false positives generated by traditional tools.

“Most security reports are filled with theoretical risks that aren’t actually exploitable,” Rati told Indian Startup Times, noting that this often creates fatigue and friction between engineering and security teams.

CurlSek’s most challenging yet defining milestone came with the development of Exploit Validation. While detecting vulnerabilities is relatively straightforward, the team explained that safely validating whether those vulnerabilities can be exploited in real environments is far more complex.

By training AI agents to reason through real-world prerequisites such as network reachability, access permissions, and environment-specific dependencies CurlSek has managed to reduce false positives by over 90 per cent. According to Rati, this has led to 10x faster testing cycles and reports that include real exploit proof-of-concepts rather than hypothetical alerts.

Unexpected Traction from Fantasy Gaming Platforms

While CurlSek initially expected strong demand from heavily regulated sectors like fintech and healthtech, the company revealed that one of its biggest surprises came from the international fantasy gaming industry.

“These platforms operate at massive scale and move extremely fast,” Rati shared. “Waiting 4 weeks for a manual penetration test simply doesn’t work for them.”

CurlSek’s model of embedding security directly into CI/CD pipelines often described as “security as code”—has enabled these high-growth companies to maintain strong security without slowing product innovation.

A Global Vision for the Next 18 Months

Looking ahead, CurlSek is focused less on vanity metrics and more on behavioural change, Rati emphasised during the interview. Success, She said, is not measured by the number of scans run, but by how deeply continuous security becomes embedded within an organisation’s workflow.

Over the next 18 months, CurlSek plans to expand aggressively into the US enterprise market, enhance its AI agents to detect business logic vulnerabilities, and support deployments in strict on-prem and restricted data environments.

As the conversation concluded, Rati reiterated their long-term vision: ensuring that attackers are never the first to discover a system’s weaknesses. When an attacker finally decides to knock, CurlSek wants to have already found the entry point and helped developers lock it down.

By: Vanshika Tayal

Picture of Indian Startup Times

Indian Startup Times

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Related Popular Posts

The man building India’s sovereign AI stack — one enterprise at a time
Interviews
Indian Startup Times May 23, 2026

The man building India’s sovereign AI…

The Little Farm Co.: How Niharika and Aditya Bhargava Turned Family Recipes Into a Modern Homestyle Food Brand
Interviews
Indian Startup Times May 22, 2026

The Little Farm Co.: How Niharika…

AI Library: Building the “Amazon of Workflows” Through Outcome-Based AI and Autonomous Software Delivery
Interviews
Indian Startup Times May 22, 2026

AI Library: Building the “Amazon of…

Welcome to IndianStartupTimes, your insight into the dynamic and enterprising world of Indian Startups. IndianStartupTimes is a new-age, high-powered platform for latest news, insights, and stories from the constantly evolving landscape of the Indian Startups. Our mission is to connect, inform and inspire Entrepreneurs, Investors & Enthusiasts as they accelerate their way to growth & success.

Quick Links

Recent Posts

Get interesting news

Subscribe to our newsletter and we’ll send you the emails of latest posts.

© 2025 Indian Startup Times. All Rights Reserved. Developed by The MAD