Find a pentest company with ISO 42001
47 companies have this certification
ISO 42001: AI Management System Certification
Origin
ISO 42001 was published in December 2023 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 42001. It was created to address the growing need for governance and responsible management of artificial intelligence systems. The standard emerged from collaborative efforts by international experts in response to increasing concerns about AI risks, ethics, and the lack of unified frameworks for organizations developing or deploying AI technologies.
Industry Importance
ISO 42001 is valued in the industry because it provides organizations with a structured framework to manage AI systems responsibly while addressing risks related to bias, transparency, privacy, and safety. Certification demonstrates to stakeholders, customers, and regulators that an organization has implemented robust controls for AI governance, which is increasingly critical as AI regulations emerge globally. The standard helps organizations build trust, ensure compliance with evolving legal requirements, and differentiate themselves in a market where responsible AI practices are becoming a competitive advantage and expectation.
Rhymetec
Rhymetec LLC is a cybersecurity firm specializing in penetration testing and offensive security services; 37 employees with 27.8% YoY growth; based in New York, NY, founded in 2015. The company offers web, mobile, and network penetration testing, including AI-powered solutions, and is actively expanding through partnerships and geographic growth.
Vanta
Software development company specializing in automated compliance, vendor risk management, and trust platform solutions; 999 employees (+106.5% YoY growth), $210.1M annual revenue, $503M total funding; provides penetration testing services via external partners and platform integrations, including partnerships with XBOW and Heyhack; headquartered in San Francisco, California, United States; trusted by 14,000+ customers including Atlassian and Duolingo.
Bay Mountain Security
Bay Mountain Security is a private computer and network security company based in San Francisco, California, founded in 2014; specializing in ISO training, certification, consulting, and security frameworks, with a focus on penetration testing services. The firm has 2 employees, $316.7K annual revenue, and experienced a -33.3% YoY growth. They serve clients across the U.S., including California, Arizona, Texas, Illinois, and more, with a modest web presence of 304 monthly visits and a global rank of #12,021,898.
Consilium Labs
Cybersecurity assurance company specializing in penetration testing, ISO 27001 family, SOC2, and ISO 42001; 15 employees with 72.7% YoY growth; based in Sunnyvale, California, USA; founded in 2020; accredited by ANAB and IAS, with SOC2 auditors under AICPA supervision.
VioletX
VioletX is a private software development firm specializing in cybersecurity solutions, including virtual CIO services, SOC2 attestations, and incident response. Based in Los Angeles, California, with 7 employees and $18.5M annual revenue, they provide penetration testing services with a focus on real, manual testing methods, and actively engage in cybersecurity assessments, compliance, and risk management.
Insight Assurance
Cybersecurity and compliance firm specializing in security audits, penetration testing, and regulatory certifications; 116 employees (+67.7% YoY growth); founded 2020; Tampa, FL; serves over 1,500 clients; offers SOC, PCI DSS, ISO, HITRUST, CSA STAR, NIST, HIPAA assessments.
A-LIGN
Cybersecurity and compliance provider based in Tampa, Florida; 572 employees, $92.2M annual revenue, $54.5M funding; specializes in cybersecurity compliance, penetration testing, and cyber risk management; offers active penetration testing and red team services, with a focus on high-quality, efficient programs.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
Elevate
Business consulting and staffing firm specializing in cybersecurity, IT compliance, and audit services; based in Florida with 13 employees, $5.3M revenue, founded in 2008. Offers penetration testing services across frameworks like CMMC, ISO 27001, SOC 2, and more, with a focus on attack simulations and certification support.
Schellman
IT compliance and cybersecurity attestation provider; based in Tampa, Florida; specializes in FedRAMP assessments and offers extensive penetration testing services across multiple disciplines, including application, network, mobile, red teaming, social engineering, cloud, physical, hardware/IoT, and AI red team testing.
risk3sixty
risk3sixty is a private business consulting and services firm specializing in security, privacy, and compliance programs; offers penetration testing services as confirmed by its dedicated webpage; headquartered in Atlanta, Georgia, with 45 employees and a -13.3% YoY growth rate.
Omni Group Consulting
Cybersecurity consulting firm specializing in penetration testing, certification readiness, and CISO services; 4 employees with 20% YoY growth; based in Atlanta, Georgia, USA.
AARC-360
AARC-360 is a private accounting firm specializing in assurance, advisory, risk, and compliance services with a global presence; 28 employees, founded in 2014, headquartered in Atlanta, Georgia, USA. They have recent cybersecurity accreditation achievements, including FedRAMP and RMAI audits, and offer penetration testing services such as vulnerability assessments, active exploitation, and social engineering across web, network, and cloud platforms.
Coalfire
Coalfire is a cybersecurity and compliance services provider based in Chicago, Illinois, founded in 2001. With 676 employees and $200M annual revenue, it specializes in penetration testing, vulnerability assessments, FedRAMP, cloud migration, and AI risk management, serving enterprise, healthcare, and finance sectors. The company has received $9.4M in funding and is known for offensive security capabilities, including penetration testing services.
StackAware
StackAware is a private cybersecurity company specializing in managing AI-related cybersecurity, privacy, and compliance risks; founded in 2022 with 3 employees (+33.3% YoY growth), headquartered in Bartlett, New Hampshire, USA. The company provides penetration testing services, including AI risk assessments, red teaming, and application penetration testing, emphasizing proactive security and risk management in AI environments.
Advertise on pentest.fyi
You could be here!
E Com Security Solutions
IT services and consulting company specializing in cybersecurity and compliance; 27 employees, founded 2008, headquartered in New York, USA; offers penetration testing services for networks and web applications, with categories including network penetration testing and web application penetration testing; 1,106 monthly website visits, global rank #11,587,344, employer rating 5.0/5.0.
KPMG
Global professional services firm headquartered in New York, US; specializes in audit, tax, advisory, and cybersecurity testing services including penetration testing, vulnerability assessments, and red teaming; confirmed presence in New York and offering advanced security testing capabilities.
KirkpatrickPrice
IT services and consulting firm specializing in information security assurance, including penetration testing, PCI audits, and risk assessments; 90 employees (+8.4% YoY), $6.8M revenue, founded 2005, Nashville, TN; provides advanced ethical hacking and vulnerability assessments, serving over 2,000 clients worldwide.
Prescient Security
Cybersecurity company specializing in penetration testing, compliance, and web application security; 196 employees (+52% YoY growth), $23.9M revenue, founded 2018 in Nashville, Tennessee, serving over 5,000 clients worldwide.
RSI Security
Cybersecurity-focused IT services and consulting company specializing in risk management, cyber engineering, assessment, and advisory services; provides penetration testing services explicitly listed on its website; headquartered in Southlake, Texas, with 26 employees, $5.9M annual revenue, and 22.5% YoY growth.
SecureIT
Cybersecurity firm headquartered in Reston, VA, providing penetration testing, security assessments, and compliance advisory; offers active exploitation and simulated cyberattack services to enhance client security posture.
Mirai Security
Cybersecurity company specializing in governance, risk management, compliance, cloud security, and application security; offers penetration testing services supported by case studies; 20 employees with 12.5% YoY growth; headquartered in Seattle, Washington, USA.
CurlSeK
CurlSeK is a private technology firm based in Sheridan, Wyoming, founded in 2025, with 4 employees. It specializes in autonomous, agent-driven AI for offensive security, including penetration testing, vulnerability discovery, and validation, providing rapid and precise security assessments beyond traditional methods.
CIS - Certification & Information Security Services
Austrian cybersecurity company headquartered in Vienna; offers penetration testing services including threat-led assessments, with a focus on certifications like ISO 42001 for AI management; specializes in cybersecurity consulting and standards compliance.
Tcss Trusted Cyber Security Solutions Gmbh
Cybersecurity company based in Vienna, Austria; specializes in penetration testing, vulnerability analysis, and incident response services; provides consulting with a focus on proactive security measures.
Tcss Trusted Cyber Security Solutions Gmbh
Cybersecurity company based in Vienna, Austria; specializes in penetration testing, vulnerability analysis, and incident response services; provides consulting with a focus on proactive security measures.
Eleven Labs
Private IT consulting and web development firm based in Paris, France; 74 employees, founded 2011, with $158K annual revenue. Known for technical excellence and security services including penetration testing supported by a Trust Center with pentest reports. Maintains a modest online footprint with 23,429 monthly visits and a global rank of 1,079,127.
SAFFRON Sp. z o.o.
Poland-based IT services and consulting company specializing in cybersecurity, GRC-as-a-Service, and penetration testing; 6 employees with 28.6% YoY growth; founded 2015; headquartered in Gdaลsk, Poland; offers security testing, risk management, compliance, and cybersecurity governance services.
Izertis
Spain-based technology consulting company specializing in digital transformation and cybersecurity; offers penetration testing and red team services; headquartered in Gijรณn, Spain, founded in Gijรณn, with a focus on security assessments and digital metamorphosis.
Insicon Cyber
Australian cybersecurity firm based in North Sydney; provides penetration testing services including managed autonomous pentesting; confirmed by contact and operations pages, industry reports, and partnership details.
Stop wasting time on security questionnaires
ResponseHub uses AI to automate your security questionnaire responses. 100% confidence, save days, unblock deals.
CyberImmune
CyberImmune is a cybersecurity consulting firm based in Toronto, Canada, specializing in cloud security, DevSecOps, application, and network security. With 5 employees and 25% monthly growth, they perform security and compliance assessments, penetration testing on web, network, mobile, and cloud assets, supported by dedicated VAPT pages on their website.
Sabytel Technologies, Inc.
Canadian cybersecurity company founded in 2002; headquartered in Ottawa, Ontario, Canada; offers penetration testing services including application, wireless, and web testing, as well as social engineering and phishing assessments; emphasizes a business-first approach to cybersecurity resilience.
Irm Consulting & Advisory
Cybersecurity consulting firm based in Toronto, Canada; specializes in penetration testing and bug bounty programs, offering testing of web applications, cloud, and network environments. The company is headquartered in Toronto, Ontario, Canada, with verified sources confirming its location and service offerings.
Coral eSecure Private Limited
Canadian-based cybersecurity consulting firm specializing in penetration testing, privacy, and compliance standards; with 20+ years of experience, $10M annual revenue, and a focus on certification support for standards like SOC, NIST, HIPAA, GDPR, and ISO 27701.
Cybercontrols.io
Cybercontrols.io is a UK-based infosec consultancy providing cybersecurity and compliance services, including penetration testing, internal audits, and endpoint security; founded in 2022, with 4 employees and +300% YoY growth, headquartered in Morpeth, UK.
Mobius Consulting
UK-based cybersecurity company specializing in penetration testing and security assessments; listed on UK Companies House with registration numbers 13538454 and 06958601; offers comprehensive security testing including penetration testing and vulnerability scanning.
๐๐๐ญ๐๐จ๐ซ๐ญ๐ ๐๐จ๐ง๐ฌ๐ฎ๐ฅ๐ญ๐ข๐ง๐ ๐๐ญ๐
Cybersecurity solutions company specializing in advanced penetration testing services; based in London, UK, founded in 2023, with 2 employees and 100% YoY growth. Focuses on safeguarding digital assets and fortifying defenses against cyber threats.
Cognisys
UK-based IT services and cybersecurity company specializing in penetration testing, security assessments, and compliance; 63 employees with 95.5% YoY growth; founded in 2017; CREST-accredited penetration testing services; headquartered in Leeds, UK.
Spritzmonkey
Cybersecurity consultancy based in the United Kingdom; specializes in CREST-certified penetration testing and vulnerability scanning services, actively marketing these capabilities and participating in industry events as a recognized provider.
Nestor Consulting Pte Ltd.
Nestor Consulting Pte Ltd. is a Singapore-based IT services and consulting firm specializing in cybersecurity, ISO standards, and internal audits; offers vulnerability and penetration testing services; 5 employees, founded 2020, +14.3% YoY growth.
Privasec
Cybersecurity firm based in Singapore; incorporated in 2018 with main office at 10 Anson Road, International Plaza; provides comprehensive penetration testing services including web, mobile, cloud, wireless, and IoT assessments; CREST-Approved for high standards in pentest expertise.
ใคใณใใฉใปใใฏใขใใใคใถใชใผๆ ชๅผไผ็คพ
Japan-based cybersecurity consulting company headquartered in Tokyo; provides penetration testing, ISO certification support (ISO27001, ISO27017, ISO42001), NIST compliance assistance, and security outsourcing; known for experienced consultants and comprehensive security services.
Whitesec ID
IT services and consulting company specializing in cybersecurity, IT consulting, and GRC; based in Jakarta Selatan, Indonesia; founded in 2024; 5 employees with +150% YoY growth; offers penetration testing and security auditing services.
AADIT Technologies
Cybersecurity company based in Bangalore, India, with 17 employees and 10% YoY growth; specializes in penetration testing, vulnerability assessments, and cybersecurity audits; offers cloud strategy and infrastructure services; 1,608 monthly visits, global rank #7,910,340, active social media presence.
Vynox Security
Vynox Security is a private cybersecurity company based in Pune, India, with 6 employees. They specialize in security testing services such as penetration testing, cloud security, infrastructure security, and source code audits, with a focus on helping organizations mitigate risks and defend against evolving digital threats.
IARM Information Security
Cybersecurity company based in Chennai, India, founded in 2016 with 30 employees; specializes in consulting, managed security, IoT security, and CREST-certified penetration testing for network, application, cloud, and LLM systems; offers end-to-end global security solutions with a focus on innovation and specialized pentesting capabilities.
Mahindra Group
Multinational federation based in India; 8,426 employees (+1.9% YoY), $20.4B revenue, INR 4.3B market cap, $264.9M funding; offers penetration testing through Tech Mahindra's CARTA automated red-teaming platform to identify vulnerabilities and simulate cyber threats.
Infosys
Global IT services and consulting firm based in Bangalore, India, with 210,146 employees and $19.8B annual revenue; offers next-generation digital transformation and cybersecurity services, including CREST-certified penetration testing and vulnerability assessments; founded in 1981, market cap INR 7.55 trillion, with recent acquisitions and a strong international presence.