Series D 轮 01
$100M (Nov 2024) [CO011] 尽调报告
Horizon3.ai
自主渗透测试独角兽——FedRAMP 验证的联邦市场护城河,ARR 增长 102%
Horizon3.ai 是自主渗透测试品类龙头,FedRAMP 验证的联邦护城河、5,200+ 客户和 102% ARR 增速都很硬;但绝对 ARR 未披露时给到约 $1B 独角兽估值,意味着溢价倍数,重仓前还要继续核收入规模和客户集中度。
封面要素
公司概况
Horizon3.ai 是一家总部位于 San Francisco 的网络安全公司,开发自主 AI 驱动渗透测试平台 NodeZero。公司由美国特种作战退伍军人和企业技术专家于 2019 年创立,帮助组织持续发现并修复可被利用的漏洞,方式是模拟真实攻击者行为——每次测试不再依赖人工渗透测试人员。NodeZero 已在生产环境安全运行 225,000+ 次自主渗透测试,服务 5,200+ 客户,包括 Fortune 10 公司中三分之一以及美国主要联邦机构;它也是唯一获得 FedRAMP High 授权的自主渗透测试平台。公司于 2024 年 11 月完成 $100M Series D 轮融资,进入独角兽行列(估值约 $1B),并披露截至 2026 年 3 月 ARR 同比增长 102%。
- 成立时间
- 2019-01-01
- 创始人
- Snehal Antani, Mark Cristiano
- 创立地点
- San Francisco, CA, USA
- 总部
- San Francisco, CA, USA
- 产品
- NodeZero 是一款自主、自助式渗透测试 SaaS 平台,客户环境中无需常驻代理或传感器。平台启动一次性攻击基础设施,发现并利用漏洞,串联攻击路径以展示真实爆炸半径,并给出带可利用性证明的优先级修复建议。核心模块包括:外部攻击面测试、内部网络渗透测试、云渗透测试(AWS/Azure/GCP)、Active Directory 评估、钓鱼影响测试、密码审计,以及 NodeZero Tripwires(欺骗技术)。NodeZero Federal 是获得 FedRAMP High 授权的版本,支持隔离网络和本地部署的联邦场景。平台可集成 Splunk、ServiceNow、Jira、Microsoft Sentinel 和 CrowdStrike Falcon。
- 客户
- 美国联邦机构(DoD、DHS、NIH、NSA、VA)和国防工业基础,大型企业和中型市场组织,覆盖金融服务、医疗、关键基础设施和技术行业;通过直销与 MSSP 渠道合作伙伴在全球服务客户。
- 商业模式
- NodeZero 平台按年度 SaaS 订阅授权收费;按部署范围、操作类型和席位数分层;NodeZero Federal 面向 FedRAMP 环境收取溢价;另有附加专业服务和 MSSP 经销项目;落地后扩张,从外部测试向内部、云和合规用例增购。
- 阶段
- Series D (unicorn)
- 融资情况
- 2024 年 11 月完成 $100M Series D 轮(估值约 $1B);2022 年 Q3 完成 $40M Series C 轮(Craft Ventures、Kleiner Perkins);2022 年完成 $15M Series B 轮(Signal Fire、Gaingels);更早有种子轮;累计融资约 $175M+。Prosperity7 Ventures(Aramco)加入成为战略投资方。
执行摘要
主要优势
- FedRAMP High 护城河定义品类:NodeZero Federal 是唯一拿到 FedRAMP High 授权的自主渗透测试平台,在美国联邦和 DoD 市场形成竞争对手短期难复制的结构性位置
- 2026 年 3 月 ARR 同比增长 102%,客户超过 5,200 家、覆盖三分之一 Fortune 10 公司,说明联邦和商业市场都已给出企业级验证和强产品-市场匹配
- NSA CAPT 项目成为锚点:作为 NSA Continuous Autonomous Penetration Testing 项目的进攻安全引擎,既带来政府可信度,也形成可持续背书,推动联邦机构扩张
- 自主攻击路径串联把 NodeZero 与漏洞扫描器拉开:平台不是罗列 CVE,而是用串联攻击路径证明可利用性,给出可执行的风险优先级,规模化后手工渗透测试难以匹敌
- 管理层很强:CEO Snehal Antani 有 Splunk/Cisco 企业级履历和 DoD 可信度,CFO Holly Grey 带来上市公司财务纪律;相对累计融资 $175M 的私营公司,高管厚度少见
- 落地后扩张模型叠加高切换成本:客户把 NodeZero 接入持续安全工作流后,会嵌进工单、SIEM 和合规报告系统,结构性留存压力随之形成
主要风险
- 联邦收入集中风险:估计 40-60% ARR 可能来自联邦 / DoD;DoD 预算封存、持续决议或 FedRAMP 重新授权延迟,都可能在单个财年显著冲击收入
- AI 平台商品化:CrowdStrike、Microsoft(Security Copilot)和 Palo Alto Networks 正在把自主安全测试和攻击模拟加进既有平台,可能用捆绑吃掉独立市场
- ARR 未披露却给出估值溢价:若 ARR 估计为 $40-80M,$1B 估值意味着 12-25x EV/ARR,明显高于上市可比公司(Tenable 5x、Rapid7 2x),且没有经审计财务数据验证增长叙事
- 关键人依赖:CEO Snehal Antani 的公众身份、DoD 关系和媒体存在感是销售动作核心;若他离开,联邦管线和投资人信心会被不成比例地扰动
- 出口管制和 AI 监管敞口:自主进攻性网络工具在 ITAR/EAR 及 AI 安全监管(EU AI Act、US AI EO)下的军民两用分类仍在演变,可能限制产品功能或国际扩张
- NodeZero 本身也是攻击面:若平台自身被攻破或泄露,包括攻击库、漏洞利用链或客户环境数据,都会构成严重声誉和运营风险
未决问题
- 绝对 ARR 未披露:102% 增速已确认,但基数未经验证,估值倍数和市场份额估算都带有猜测性
- 净收入留存率(NRR)未披露:落地后扩张效率和流失率无法独立验证
- Series D 领投方和完整股权结构尚未被公开确认
- 联邦收入集中度:DoD / 联邦在 ARR 和客户数中的占比未披露,集中风险无法量化
- 私营 SaaS 公司未披露毛利率和单位经济性(CAC、LTV)
- FedRAMP 重新授权时间表和维护成本未披露
- 客户集中度:前 10 大客户是否超过 ARR 的 30% 仍未知
目录
01公司概况
1.1 公司身份与商业模式
Horizon3.ai 是一家私营网络安全软件公司,总部在 California 州 San Francisco,另在 Illinois 州 Chicago 和 Netherlands 的 Amsterdam 设有办公室。公司采用远程优先组织方式,由美国特种作战司令部(SOCOM)和美国国家安全体系退伍人员于 2019 年创立。使命是帮助各种规模的组织在威胁行为者触达之前,持续、自主地发现并修复可被利用的攻击向量。 公司的旗舰商业产品是 NodeZero®,一款以 SaaS 订阅交付的全自主渗透测试平台。NodeZero 部署时不需要常驻代理、不需要预先提供凭证,也不要求操作者具备专业经验。组织可在数分钟内启动一次渗透测试,平台会在真实生产环境中自主跑完整个攻击生命周期——侦察、利用、横向移动和影响展示。测试结束后,NodeZero 输出按影响排序的发现,并给出分步骤修复建议和一键修复验证。平台覆盖内部网络渗透测试、外部攻击面评估、云渗透测试(AWS、Azure、GCP)、Active Directory 密码审计、Kubernetes 安全验证和身份安全验证。 Horizon3.ai 的商业模式以年度 SaaS 订阅为核心,价格按测试量或持续测试承诺定价;另通过面向 MSSP 和托管服务商的合作伙伴白标授权获得收入。公司明确把产品定位为由曾为美国政府执行真实攻防安全任务的实战人员打造,因此 NodeZero 具备公司所称的操作员级攻击真实性。Horizon3.ai 所有产品均在美国开发、工程化并制造;公司在营销和政府采购材料中突出使用 “100% made in USA” 标语。NodeZero Federal 是面向政府的产品版本,截至 2026 年中是唯一获得 FedRAMP High 授权的自主渗透测试平台,从而可销售给美国联邦民事机构和国防部门。 [CO001, CO002, CO003, CO004, CO005, CO006]
| 指标 | 数值 / 状态 | 日期 | 置信度 | 来源 / 缺口 |
|---|---|---|---|---|
| 已运行自主渗透测试 | 225,000+ | 2026 Q1-Q2 | 高 | 公司官网首页;NodeZero 产品页 |
| 客户总数 | 5,200+ | 2025-2026 | 高 | 公司官网首页;About Us 页面 |
| Fortune 10 渗透率 | Fortune 10 中超过 1/3 | 2025-2026 | 高 | 具体名称未披露;意味着美国前 10 大公司中至少 4 家 |
| ARR 增长(同比) | 102% | 2026 年 3 月 | 高 | 公司 2026 年 3 月 19 日新闻稿;绝对 ARR 未披露 |
| Series D 轮规模 | $100M | 2024 年 11 月 | 高 | GlobeNewswire 2024 年 11 月 5 日新闻稿;Dark Reading |
| 已融资总额 | $140M | 2026 年 5 月 | 高 | Series C $40M + Series D $100M;由 Series D 新闻稿确认 |
| Series D 估值 | $1B+ | 2024 年 11 月 | 高 | GlobeNewswire 2024 年 11 月新闻稿确认 $1B+ 估值 |
| Series C 轮规模 | $40M | 2022 年 10 月 | 高 | 公司在 Series D 公告前披露 |
| FedRAMP Authorization | 高(NodeZero Federal) | 2024 | 高 | 唯一达到 FedRAMP High 基线的自主渗透测试平台 |
| NSA CAPT 项目 | 进行中 — DIB 供应商 | 截至 2025 年 5 月 | 高 | NodeZero Federal 白皮书;公司新闻稿 |
| DoD Tradewinds 可授予状态 | 是 — 2026 年 5 月 14 日 | 2026 年 5 月 | 高 | 公司公告;DoD Tradewinds Solutions Marketplace |
| 绝对 ARR($) | 未披露 | N/A | N/A | 私营公司;披露了增长率(102%),未披露基数 |
| 员工人数 | 未公开披露 | N/A | 低 | 无公开员工数;LinkedIn 估计约 150-300 名员工 |
所有数据来自公司公开披露和经核验的第三方报道。Horizon3.ai 未公开披露绝对 ARR 和员工人数。
[CO005, CO006, CO021, CO022, CO023, CO030]Horizon3.ai 的身份、平台、客户、资本、联邦授权和增长结果如何串成一个运营系统。
[CO001, CO005, CO006, CO021, CO023, CO030]1.2 创始人、领导层与治理
Horizon3.ai 由 Snehal Antani 于 2019 年联合创立,他担任首席执行官。Antani 的背景与产品核心价值主张高度匹配:他曾任美国军方顶级反恐和特殊任务单位——美国联合特种作战司令部(JSOC)的 CTO,也曾任美国特种作战司令部(SOCOM)CTO,以及 Splunk(Cisco 于 2024 年以约 $28B 收购的企业数据平台)CTO。在 Splunk 之前,Antani 曾任 GE Capital CIO。他持有 18 项美国专利,覆盖网络安全、数据分析和分布式系统。国家安全攻防行动经验与企业 SaaS 商业化规模经验叠加并不常见,这也是 Horizon3.ai 在联邦和商业企业市场定位的核心。 Rishi Dhasmana 担任 CTO,负责 NodeZero 的平台架构、产品工程和研究方向。公司更广泛的高管团队经验丰富,构成上具备 IPO 准备能力:Holly Grey 担任 CFO,拥有 30 多年财务领导经验,包括带领科技公司筹备公开市场的背景。Matt Hartley 担任 CRO。Andres Botero 于 2026 年 1 月 7 日获任 CMO,带来 Rubrik(云数据安全)、BlackLine(财务自动化)和 CallidusCloud 等公司二十多年 B2B 安全和企业 SaaS 营销经验。Jill Passalacqua 担任 CLO,专长于政府合同合规和企业软件 IP。Chris Corbett 以 VP Engineering 身份领导工程;他曾共同开发 Signal iOS 应用,并在 NASA 从事研究,拥有计算物理 PhD。Erick Dean 以 VP Product 身份领导产品,曾任职 PagerDuty、Splunk 和 C3.ai,并持有 6 项美国专利。 关键人集中是实质性治理风险:CEO Antani 独有的政府网络、国家安全可信度和企业品牌,深度嵌入 Horizon3.ai 的联邦业务开发管线和客户信任。公司尚未公开董事会组成、治理结构或股权分配信息。截至 2026 年 Q2,未发现任何具名高管存在重大离职、股东争议或监管制裁。 [CO001, CO009, CO010, CO011, CO012, CO013]
| 姓名 | 职务 | 背景 / 专长 | 创始人? | 关键人说明 |
|---|---|---|---|---|
| Snehal Antani | 联合创始人兼 CEO | 曾任 JSOC/SOCOM CTO、Splunk CTO、GE Capital CIO;18 项美国专利 | 是(2019) | 关键 — 政府关系、品牌身份和企业可信度都绑定 CEO |
| Rishi Dhasmana | CTO | NodeZero 平台架构与工程领导 | 联合创始人 | 高 — 技术产品方向与研发执行 |
| Holly Grey | CFO | 30+ 年财务领导经验;IPO 流程经验 | 否 | 高 — 资本市场准备与财务治理 |
| Matt Hartley | CRO | 企业软件收入领导经验 | 否 | 中 — 收入节奏取决于 CRO 连续性 |
| Andres Botero | CMO(2026 年 1 月 7 日任命) | Rubrik、BlackLine、CallidusCloud;20+ 年 B2B 安全营销 | 否 | 低-中 — 近期任命;投入品类领导力 |
| Jill Passalacqua | CLO | 企业软件法务;政府合同合规 | 否 | 中 — 政府合同 IP 保护属于细分专长 |
| Chris Corbett | 工程副总裁 | NASA 研究;共同开发 Signal iOS app;计算物理博士 | 否 | 高 — 安全系统技术深度;Signal 工程纪律 |
| Erick Dean | 产品副总裁 | PagerDuty、Splunk、C3.ai;6 项美国专利 | 否 | 中 — 产品速度与 AI 原生路线图 |
高管团队信息来自 Horizon3.ai About Us 页面及截至 2026 年 5 月的新闻稿。董事会构成未公开披露。Rishi Dhasmana 被识别为 CTO 和技术联合创始人。
[CO009, CO010, CO011, CO012, CO013, CO014]1.3 融资历史与投资方生态
Horizon3.ai 在已披露融资轮次中累计获得 $140M 风险资本。最近且规模最大的一轮是 2024 年 11 月完成的 $100M Series D 轮,并确认投后估值超过 $1B——Horizon3.ai 因此成为独角兽。Series D 轮于 2024 年 11 月 5 日通过 GlobeNewswire 公布,Dark Reading 等主要网络安全行业媒体也有报道。公司没有公开披露 Series D 轮领投方或全部参与方。 Series C 轮为 $40M,于 2022 年 10 月完成。Craft Ventures 是由 David Sacks 和 Bill Lee 联合创立的风险投资机构,被列为 Horizon3.ai 的领投方之一,也出现在其公开投资组合页面。Craft Ventures 合伙人 Michael Robinson 和 Kevin Gabura 被特别提及与 Series C 投资相关,体现了对自主 AI 驱动安全基础设施的投资逻辑。SignalFire 是一家以技术优先和数据驱动早期投资而知名的风险投资机构,也是 Horizon3.ai 已确认投资方。 2026 年 1 月,Horizon3.ai 宣布获得 Prosperity7 Ventures 的战略投资。Prosperity7 Ventures 是 Aramco Ventures 的多元化投资部门,后者为 Saudi Aramco 的企业投资平台。该投资被明确放在保障 AI 数据中心和关键基础设施安全这一共同优先事项下。Prosperity7 合作关系显示 Horizon3.ai 有意进入中东和 GCC 主权基础设施市场;Saudi Aramco 运营着全球最复杂、价值最高的工业网络环境之一,且长期处于网络攻防压力之下。Prosperity7 战略投资规模尚未公开披露。2022 年 Series C 轮之前的更早融资(Series A 和 Series B)在规模、估值或投资方方面未公开细节。未公开发现债务融资、可转债或收入型融资。 [CO021, CO022, CO023, CO024, CO025, CO026]
| 利益相关方 | 角色 / 类型 | 轮次 / 参与 | 控制权 / 经济重要性 | 尽调问题 |
|---|---|---|---|---|
| 投资方:Craft Ventures(Michael Robinson、Kevin Gabura) | Series C 领投方 | Series C — 2022 年 10 月($40M) | 可能拥有董事会席位;Series C 领投方通常持有治理权和重要股权 | 确认董事会席位、信息权、按比例跟投权以及当前持股比例 |
| SignalFire | 投资人 | 早期轮次(Series A/B 或 C) | 财务投资人;数据驱动的早期基金,关注技术板块 | 确认投资轮次和规模;是否有董事会或观察员席位? |
| Prosperity7 Ventures(Aramco Ventures) | 战略投资人 | 2026 年 1 月 13 日(规模未披露) | Series D 后战略资本;能源 / 关键基础设施逻辑;潜在 MENA 市场准入 | 投资规模未披露;随投资附带哪些商业权利、联合销售或排他安排? |
| Series D 机构投资人 | 未知 — 未公开识别 | 2024 年 11 月($100M,$1B+ 估值) | 最近估值标记持有人;可能是成长股权基金或跨界基金;设定清算优先权 | 谁领投了 $100M Series D?清算优先权条款和保护性条款是什么? |
| Snehal Antani(CEO/联合创始人) | 创始人兼高管 | 2019(创立) | 联合创始人股权;控制战略方向;品牌身份对投资人信心至关重要 | CEO 持股比例是多少?是否有反稀释或拖售条款?是否有归属安排? |
| Rishi Dhasmana(CTO/联合创始人) | 创始人兼高管 | 2019(创立) | 技术联合创始人股权;掌握 NodeZero 知识产权架构和研发方向 | CTO 持股比例是多少?IP 转让协议是否到位?是否有竞业限制条款? |
| Series A/B 投资人(未具名) | 早期投资人 | 2022 年以前(估计) | 被 Series C/D 稀释;可能仍有部分董事会代表;早期治理权 | 谁投资了 Series A 和 B?轮次规模和估值是多少?是否有投资人寻求流动性? |
投资人构成基于截至 2026 年 5 月的公司公开新闻稿和投资人投资组合页面。Series D 领投方、Series A/B 投资人以及 Prosperity7 投资规模均未公开披露。
[CO021, CO022, CO023, CO024, CO025, CO026]1.4 收入、规模与客户牵引
Horizon3.ai 的规模指标显示,企业采用已经有实质进展,需求加速也更持久。截至 2026 年初,NodeZero 已在真实生产环境安全执行 225,000+ 次自主渗透测试——这一数字可作为平台信任、生产安全可靠性和规模化客户参与度的代理指标。公司报告全球客户组织 5,200+,覆盖企业、联邦政府、中型市场、MSSP 和医疗等细分市场。Fortune 10 公司中超过三分之一——按收入排名的美国十大上市公司——已确认是 Horizon3.ai 客户,为其在最高组织信用层级提供标杆企业验证。 2026 年 3 月 19 日,Horizon3.ai 宣布 ARR 同比增长 102%。公司没有以美元披露绝对 ARR;102% 增速是目前唯一公开财务表现指标。如果这一增速延续,Horizon3.ai 将属于少数在 Series D 资本化阶段仍能实现 ARR 超过 100% 增长的企业 SaaS 公司。行业认可提供了旁证:Horizon3.ai 在美国增长最快私营公司 Inc. 5000 榜单中位列安全类别第 1,在 Deloitte Technology Fast 500 总榜位列第 3。Fast Company 将 Horizon3.ai 列为 2026 年 Most Innovative Companies 安全板块第 4。 员工数未公开披露。基于 LinkedIn 的估算显示,公司是一支少于 500 人的分布式团队,这与远程优先模式和资本效率较高的 SaaS 结构一致。MSSP 和托管服务合作伙伴渠道正在增长,NodeZero 可作为白标平台提供给服务下游企业客户的安全服务商。Amsterdam 办公室覆盖欧洲金融服务和关键基础设施运营商对 EU 监管(DORA、NIS2)的需求。 [CO030, CO031, CO032, CO033, CO034, CO035]
截至 2026 年 5 月,Horizon3.ai 最重要运营、财务和监管指标的时点快照。
[CO005, CO006, CO021, CO023, CO024, CO030]1.5 产品组合与平台架构
Horizon3.ai 的产品组合围绕 NodeZero 展开,覆盖多个运行模式和部署配置。平台核心能力是自主内部网络渗透测试:NodeZero 将可利用漏洞、收集到的凭证、错误配置和薄弱安全策略串联起来,展示真实攻击路径,模拟高级持续性威胁(APT)行为者和勒索软件操作者的技战术。NodeZero External Attack Surface 将验证扩展到面向互联网的资产。NodeZero Cloud 覆盖 AWS、Azure 和 GCP 环境,验证身份与权限提升路径。NodeZero AD Password Audit 按基于凭证的攻击模式评估 Active Directory 密码健康度。NodeZero for Kubernetes 验证容器编排安全配置。 平台技术架构建立在每次渗透测试单次使用的一次性虚拟私有云环境之上。该隔离机制确保测试活动被限制在范围内,不会穿越到相邻系统,也不会触及定义测试范围之外的客户数据;测试完成后,生产环境不留下常驻痕迹。NodeZero 可作为 Model Context Protocol(MCP)服务器接入安全自动化工作流,并开放文档化 API,用于以编程方式编排渗透测试。平台还可接入常见企业安全生态,包括 SIEM、SOAR 和 ITSM 工具。 NodeZero Federal 是面向政府的产品版本,拥有 FedRAMP High Authorization——这是美国联邦云服务最高的民事合规层级,要求由独立第三方按 NIST SP 800-53 High 基线评估 800+ 项安全控制。NodeZero Federal 也是 NSA Continuous Autonomous Penetration Testing(CAPT)计划的攻防安全引擎;截至 2025 年 5 月,该计划已评估数百家国防工业基础(DIB)供应商,在国家安全规模上验证了平台的生产安全性。2026 年 5 月 14 日,NodeZero 被列为 DoD Tradewinds Solutions Marketplace 的可授标(Awardable)方案,可在不经过完整竞争性采购流程的情况下加速联邦采购。 Horizon3.ai 运营攻击研究和漏洞披露计划,围绕关键 CVE 和新兴国家级 TTP 发布快速响应安全公告。所有产品开发和工程工作均在美国完成。 [CO004, CO005, CO006, CO007, CO038, CO039]
1.6 关键里程碑与战略进展
Horizon3.ai 的公司时间线显示,它从政府退伍人员创业公司快速成长为领先的自主渗透测试平台。公司由美国特种作战司令部和国家安全退伍人员于 2019 年创立,联合创始人兼 CEO Snehal Antani 凭借 JSOC/SOCOM CTO 和 Splunk CTO 经历带来独特的实战可信度。公司在 2019–2022 年开发并打磨 NodeZero 平台,在获得第一次重要外部验证之前,已与企业和联邦客户建立早期商业牵引。 2022 年 10 月,Horizon3.ai 完成 $40M Series C 轮融资,Craft Ventures 和 SignalFire 参与,资金用于企业市场拓展规模化和产品投入。2024 年 11 月的 $100M Series D 轮将公司累计融资推至 $140M,并确认估值超过 $1B,是公司历史上最重要的外部财务验证,也支持持续联邦扩张、产品平台投入和潜在 M&A 选择权。NodeZero Federal 获得 FedRAMP High Authorization(2024 年授予)后,打开了美国联邦民事和国防机构最高层级采购。NSA CAPT 计划采用 NodeZero,在国家安全规模验证其生产安全性;截至 2025 年 5 月,已评估数百家 DIB 供应商。 2026 年 1 月,公司任命 Andres Botero 为 CMO,并宣布获得 Saudi Aramco 投资部门 Prosperity7 Ventures 的战略投资——二者都显示公司在为类别领导地位和国际市场扩张做准备。2026 年 3 月宣布 ARR 同比增长 102%,确认需求加速。2026 年 5 月 14 日获得 DoD Tradewinds 可授标(Awardable)状态,进一步强化 Horizon3.ai 的联邦采购路径。行业认可——Fast Company MIC 2026 安全第 4、Inc. 5000 安全第 1、Deloitte Fast 500 第 3——从独立第三方角度强化了收入增长轨迹。 [CO001, CO021, CO022, CO023, CO030, CO031]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 / 说明 | 含义 |
|---|---|---|---|---|---|
| 2019 | Horizon3.ai 由美国特种作战和国家安全资深人士创立 | 创立 | N/A | Snehal Antani(CEO/联合创始人)、Rishi Dhasmana(CTO/联合创始人) | 一线作战级可信度;源自政府场景的进攻安全专长嵌入产品 DNA |
| 2019-2022 | Series A 和 Series B 融资轮次(细节未披露) | 融资 | 未披露;合计估计 $30-50M | 未知机构投资人,包括 SignalFire | 早期资本;NodeZero 产品开发和初步企业 / 联邦市场牵引力 |
| 2022-10 | Series C — $40M 融资轮 | 融资 | $40M Series C | 投资方:Craft Ventures(Michael Robinson、Kevin Gabura);SignalFire | 机构验证;企业市场进入扩张;作为自主渗透测试领导者的品类定位 |
| 2024 | NodeZero Federal 获得 FedRAMP High Authorization | 监管 | FedRAMP High 基线(800+ 项 NIST 控制) | FedRAMP PMO;独立 3PAO;Horizon3.ai | 唯一达到 FedRAMP High 的自主渗透测试平台;打开最高等级民用和国防机构市场 |
| 2024 | NSA Continuous Autonomous Penetration Testing(CAPT)项目采用 NodeZero | 合作 | 截至 2025 年 5 月已评估数百家 DIB 供应商 | NSA、Defense Industrial Base 供应商、Horizon3.ai | 国家安全规模的生产安全验证;CAPT 项目支持带来直接联邦收入 |
| 2024-11-05 | Series D — 以 $1B+ 估值融资 $100M | 融资 | $100M Series D;$1B+ 投后估值 | 领投方未公开识别;总融资达到 $140M | 独角兽里程碑;最大外部验证;为联邦扩张和平台投入延长资金续航 |
| 2026-01-07 | Andres Botero 被任命为首席营销官 | 治理 | N/A | Andres Botero(前 Rubrik、BlackLine、CallidusCloud) | 需求生成扩张;具备 IPO 能力的 CMO 释放品类领导准备信号 |
| 2026-01-13 | Prosperity7 Ventures(Aramco)战略投资公布 | 融资 | 规模未披露 | 合作方:Prosperity7 Ventures、Aramco Ventures、Horizon3.ai | MENA 关键基础设施市场准入;能源板块渗透;与 GCC 主权资本对齐 |
| 2026-03-19 | 宣布 ARR 同比增长 102% | 规模 | 102% YoY ARR 增长(绝对 ARR 未披露) | Horizon3.ai 新闻稿 | Series D 规模下的需求加速;把公司定位在增长最快的企业 SaaS 之列 |
| 2026-03-24 | Fast Company 2026 年最具创新力公司 — 安全类第 | 认可 | MIC 2026 榜单 — 安全类第 | 来源:Fast Company、Horizon3.ai | 第三方品牌验证;提升企业销售和招聘可信度 |
| 2026-05-14 | NodeZero 在 DoD Tradewinds Solutions Marketplace 被指定为可授予(Awardable) | 监管 | 可授予(Awardable)状态 — DoD Tradewinds | DoD Tradewinds 项目办公室、Horizon3.ai | 联邦采购通道提速;为 DoD 部门移除竞争性采购门槛 |
Series A 和 B 的日期、规模和投资方并未完整公开。FedRAMP 授权日期为近似值(2024)。里程碑时间线根据新闻稿、媒体报道和 DoD 市场列表整理。
[CO001, CO009, CO021, CO022, CO023, CO024]从创立到 2026 年 5 月的关键事件,覆盖融资轮次、联邦监管里程碑、规模公告和战略合作。
[CO001, CO009, CO010, CO021, CO022, CO023]1.7 图表
02市场分析
2.1 市场边界与竞争替代品
渗透测试市场包括组织为通过主动攻击模拟来识别和验证技术环境中可利用漏洞而购买的产品与服务。范围涵盖人工专家主导评估、自动化平台订阅(PTaaS)、人工与工具结合的混合方案,以及全自主 AI 驱动测试。它不同于漏洞扫描(只被动发现、不利用)、静态应用安全测试(SAST)和漏洞赏金计划(众包发现但缺少结构化修复工作流)。 Horizon3.ai 替代的主要现状方案包括:(1)咨询公司执行的年度人工渗透测试(Big Four 咨询业务、精品安全公司、MSSP),单次项目昂贵($15,000–$150,000+)、周期慢(每个测试周期 1–6 周),且是周期性而非持续性;(2)Tenable Nessus、Rapid7 InsightVM、Qualys 等漏洞扫描器,它们识别漏洞,但不通过主动攻击串联验证可利用性;(3)内部红队项目,受人才稀缺和预算限制。Horizon3.ai 的 NodeZero 平台以订阅价格提供持续、生产安全的自主渗透测试,单次测试成本通常低于人工替代方案,从而解决这些限制。 构成 Horizon3.ai 扩张面的相邻市场包括入侵与攻击模拟(BAS)、攻击面管理(ASM)和暴露管理平台。更广义的安全测试市场——包括 Web 应用测试、API 安全、云安全态势和合规驱动评估——MarketsandMarkets 估算 2025 年规模为 $10.96B,到 2031 年以 24.6% CAGR 扩至 $40.99B。Horizon3.ai 目前竞争于核心渗透测试和 PTaaS 子市场,NodeZero Insights 则代表向更广义暴露管理空间的早期扩张。 [CM001, CM002, CM003, CM004, CM005, CM006]
| 细分市场 / 类别 | 纳入支出 | 排除支出 | 买方 / 付款方 | 与 Horizon3.ai 的相关性 |
|---|---|---|---|---|
| 渗透测试(人工) | 专家主导的红队、对抗模拟、物理 / 社会工程测试 | 漏洞扫描、安全意识培训、GRC 软件 | CISO、安全总监 / IT 或安全预算 | 现状替代项;NodeZero 替代周期性人工评估 |
| 渗透测试即服务(PTaaS) | SaaS 交付的持续或按需渗透测试订阅 | 一次性咨询项目、无托管服务的纯工具许可 | CISO、信息安全副总裁 / 年度订阅预算 | 核心市场;NodeZero 是 PTaaS 平台;收入测算的主要口径 |
| 自主 / AI 原生渗透测试 | 无需人工测试员指挥即可全自动执行攻击链 | 执行前需人工审核的 AI 辅助工具;咨询型叠加层 | 安全负责人 / SaaS 订阅预算 | 最能定义 Horizon3.ai 的子品类;尚无独立分析机构公布市场规模 |
| 安全测试(更广义) | 应用测试、API 安全、云安全态势、DAST、合规扫描 | 物理安全、安全意识培训、补丁管理 | 安全工程、DevSecOps、GRC / 工程与合规预算 | 扩张 TAM;NodeZero Insights 与暴露面管理重叠 |
| 漏洞管理 | VM 平台、补丁优先级、风险评分、暴露趋势 | 主动利用模拟、修复执行 | VM 团队、IT 运维 / IT 运维预算 | 相邻市场;NodeZero Insights 带来接入 VM 工作流的机会 |
市场边界采用 MarketsandMarkets 和 Mordor Intelligence 截至 2026 年的类别定义。自主渗透测试子品类由作者定义;独立分析机构尚未对该层级做细分。
[CM001, CM002, CM003, CM004]2.2 TAM/SAM/SOM:渗透测试机会规模
独立分析机构对渗透测试市场的测算不同,反映了口径差异:哪些收入被纳入(仅人工服务 vs. 平台订阅 vs. 混合项目)以及地理覆盖如何定义。MarketsandMarkets 预计全球渗透测试市场 2025 年为 $1.98B,到 2031 年以 14.2% CAGR 增至 $4.39B。Mordor Intelligence 使用 2026 年更新的自有估算框架,将同一市场测算为 2025 年 $2.36B,到 2031 年以 15.29% CAGR 增至 $5.54B。两个估算的中点——2025 年约 $2.17B、2031 年约 $4.97B——可作为合理基准情景。两家公司给出的方向性增长相近,确认双位数 CAGR 是市场共识。 PTaaS 子市场——最直接对应 Horizon3.ai NodeZero 平台的类别——由 MarketsandMarkets 单独测算,2026 年规模为 $0.72B,预计到 2031 年以 22.6% CAGR 增至 $1.98B。该增速显著高于更广义渗透测试市场,反映出从周期性人工评估转向持续订阅平台的结构性迁移。自主 AI 原生渗透测试子类别(Horizon3.ai 最直接竞争的市场)没有任何公开分析师报告单独测算,这是一个实质性证据缺口。 从 TAM/SAM/SOM 视角看:TAM 是更广义安全测试市场(到 2031 年 $10.96B–$40.99B,MarketsandMarkets),SAM 是渗透测试和 PTaaS 市场(2025–2026 年合计 $2.97B),Horizon3.ai 的 SOM 可由其积极覆盖的企业和联邦客户细分推断。考虑到 5,200+ 客户以及 $0.72B PTaaS 市场基数,Horizon3.ai 按客户数隐含的市场渗透相当可观;但没有披露 ARR 数据,按收入计算的市场份额无法从公开来源量化。 [CM007, CM008, CM009, CM010, CM011, CM012]
| 发布方 | 发布时间 | 地域 | 市场 / 细分 | 2025/2026 年价值(USD) | 2031 年预测(USD) | CAGR | 置信度 | 局限 |
|---|---|---|---|---|---|---|---|---|
| MarketsandMarkets | 2026 (Mar) | 全球 | 渗透测试市场 | $1.98B (2025) | $4.39B (2031) | 14.2% | 中高 | 付费墙;方法论未公开;可能低估自主平台 |
| MarketsandMarkets | 2026 (Apr) | 全球 | PTaaS 细分 | $0.72B (2026) | $1.98B (2031) | 22.6% | 中 | PTaaS 定义可能不同;包含人类 + AI 混合模式;付费墙 |
| Mordor Intelligence | 2026 | 全球 | 渗透测试市场 | $2.36B (2025) | $5.54B (2031) | 15.29% | 中 | 专有框架未获独立验证;比 MarketsandMarkets 高约 18% |
| MarketsandMarkets | 2025 | 全球 | 安全测试市场(TAM) | $10.96B (2025) | $40.99B (2031) | 24.6% | 中低 | 口径过宽,不适合直接比较;包含核心渗透测试之外的相邻市场 |
所有数字均来自付费分析报告的公开摘要。自主 / AI 原生渗透测试子品类尚无独立规模测算。PTaaS 与渗透测试市场 CAGR 差异(22.6% vs 14.2%)反映交付方式正从人工转向平台。
[CM007, CM008, CM009, CM010, CM011, CM012]四层市场规模金字塔,从最宽泛的可触达机会(安全测试市场)到 Horizon3.ai 核心自主渗透测试子类别,使用分析师来源的 2025 年估计。
TAM 使用 MarketsandMarkets 的安全测试数字。SAM 使用 MarketsandMarkets 与 Mordor 渗透测试市场数字的平均值。PTaaS 狭义 SAM 使用 MarketsandMarkets 的 2026 年 PTaaS 数字。仅自主化估计由作者基于 PTaaS 基数推导,缺少独立分析师来源。
[CM009, CM010, CM011, CM013]使用 MarketsandMarkets(低位)和 Mordor Intelligence(高位)作为上下界来源,给出渗透测试和 PTaaS 市场在 2025 年及 2031 年口径下的低 / 基准 / 高估计。单位:十亿美元。
MarketsandMarkets 与 Mordor Intelligence 的方法差异解释了基准估计中 15–20% 的差距。PTaaS 和自主子类别的 2031 年数字叠加了 5 年预测期不确定性。所有估计应视为方向性区间,而非点预测。
[CM007, CM008, CM009, CM010, CM011, CM012]2.3 买方、用户与付费方分层
渗透测试市场服务多个截然不同的买方类型,采购动态也有实质差异。在大型企业(超过 5,000 名员工)中,买方通常是 CISO 或信息安全 VP,掌握预算权,可在无需额外董事会批准的情况下批准年度订阅合同。用户是内部安全运营团队或专门红队。付费方是企业 IT/安全预算。该层级的采用触发因素主要是监管要求(PCI DSS 4.0、HIPAA、DORA、SEC 网络规则)和数据泄露后的恢复举措。大型企业在 2025 年渗透测试市场中占 67.83%(Mordor Intelligence)。 在中型市场(1,000–5,000 名员工),买方通常是安全总监或 CTO,采购需要 CFO 或高管签字。该层级的主要采用触发因素是合规审计压力(尤其是零售和支付的 PCI DSS、医疗的 HIPAA),或网络保险续保时保险方要求提供渗透测试证据。NodeZero 这类 PTaaS 平台在这里尤其有吸引力,因为相较人工顾问,它们能大幅降低单次测试成本。 在美国联邦政府细分市场——这对 Horizon3.ai 是独特且高价值的市场——买方是机构 CISO 或授权官(AO),采购通过 GSA schedules 或直接合同载体流转,而 FedRAMP High Authorization 是进入认真评估的前置条件。联邦市场销售周期更长,但合同价值更高,续约稳定性也更强。BFSI(银行、金融服务、保险)在 2025 年渗透测试市场中占 28.68%;医疗则是到 2031 年增长最快的垂直领域,CAGR 为 16.89%(Mordor Intelligence),驱动因素包括 FDA 上市前设备测试要求和 HIPAA 年度测试要求。北美占全球渗透测试市场 38.27% 份额。 [CM014, CM015, CM016, CM017, CM018, CM019]
| 细分市场 | 买方 | 用户 | 付款方 | 工作流接入 | 预算负责人 | 主要采用触发因素 |
|---|---|---|---|---|---|---|
| 大型企业(>5,000 名员工) | CISO、信息安全副总裁 | 安全工程师、红队分析师 | 企业 IT / 安全预算 | 持续合规周期(PCI、SOC2、SEC) | CISO / CIO | 监管要求;董事会层面的风险要求 |
| 美国联邦政府 | 机构 CISO、合同官、AO | 安全分析师、ISSM、ISSO | 机构 IT 安全预算(O&M 或 FITARA 资金) | RMF、FedRAMP、CAPT 项目周期 | 项目经理 / 机构 AO | FedRAMP High 要求;DoD CAPT 项目 |
| 中型市场(1,000–5,000 名员工) | 安全总监、CTO、CISO | 承担安全职责的安全分析师或 IT 管理员 | IT 预算;合规预算 | 年度 PCI/HIPAA 审计;保险续保 | IT 总监 / CFO | PCI DSS 4.0 强制测试;数据泄露事件;网络保险续保 |
| MSSP 和 MSP | MSSP 安全运营负责人 | 为客户交付服务的 MSSP 红队分析师 | MSSP 服务交付预算 | 白标持续测试接入托管安全服务 | MSSP 交付负责人 | 客户留存差异化;把 PTaaS 加入服务组合 |
| 医疗健康 | CISO、合规官、CIO | 安全分析师、IT 安全工程师 | IT 运维 / 合规预算 | HIPAA 年度渗透测试;FDA 上市前设备测试 | 合规 / 法务 / CFO | HIPAA 要求;勒索软件事件;FDA 医疗器械指南 |
| 金融服务(BFSI) | CISO、首席风险官 | 安全运营、SOC、红队 | 风险 / 合规预算 | PCI DSS 4.0;23 NYCRR 500;DORA(欧盟业务);Basel | 首席风险官 / 董事会风险委员会 | PCI DSS 4.0 强制测试;董事会层面风险监督;DORA |
细分数据参考 Mordor Intelligence 的垂直市场份额(BFSI 28.68%,医疗健康增长最快,CAGR 为 16.89%)。预算归属和触发因素来自 Mordor Intelligence 2026 年报告,以及 NIST/CISA 监管框架分析。
[CM014, CM015, CM016, CM017, CM018, CM019]矩阵将企业买方细分与自主渗透测试平台的主要采用触发因素对应起来,综合 Mordor Intelligence 细分数据和监管框架分析。
单元格数值由分析师基于 Mordor Intelligence 2026 细分数据、NIST/CISA 监管框架分析和 Dark Reading 市场报道推断。未获得用于单元格级量化的一手调研数据。
[CM014, CM015, CM016, CM017, CM018, CM019]2.4 增长驱动因素与采用约束
渗透测试市场受益于几股结构性顺风,它们正在加速需求并压缩买方评估周期。最强的近期驱动因素,是多个监管框架同时启动强制测试要求。PCI DSS 4.0 于 2025 年 3 月强制执行,要求所有商户和处理方每年开展渗透测试,把一项此前可选的活动纳入强制性合规框架。HIPAA 现在要求受覆盖医疗实体每年进行渗透测试。FedRAMP 3.0 要求所有联邦云提供商每季度进行漏洞扫描并每年进行渗透测试;拟议的 FedRAMP 4.0 框架将使高影响系统的频率翻倍。EU Digital Operational Resilience Act(DORA)要求在欧盟运营的金融机构每年开展 Threat-Led Penetration Testing(TLPT)。New York 的 23 NYCRR 500(2023 修订)要求董事会在 30 天内审查渗透测试发现。合在一起,这些规定形成了难以逆转的合规底线,并系统性地把可自由裁量的安全支出转为不可自由裁量的预算项。 第二个结构性驱动因素,是 AI 增强威胁行为者加速出现。Dark Reading 在 2026 年记录到,AI 智能体如今可以在漏洞披露后数小时内生成定制黑客工具,绕过传统基于签名的检测。这场“威胁行为者 AI 军备竞赛”让持续验证比周期性验证更紧迫——漏洞披露到武器化之间的窗口已从数天压缩到数小时,年度人工渗透测试已不足以支撑成熟组织。反过来,同样的 AI 能力普及也意味着,当开源等价方案出现时,自主渗透测试平台的差异化可能被侵蚀。全球网络安全人才短缺也在结构上利好自动化平台:全球估计有 3.5 million 个网络安全岗位空缺,组织无法大规模自建内部红队。 采用约束包括:监管接受度不确定(部分合规审计方尚不接受 AI 生成测试输出在没有人工认证签字的情况下满足证明要求);在涉及敏感数据或关键系统的生产环境中执行自主攻击带来的责任顾虑;从既有咨询关系迁移的切换成本;以及 SME 细分市场的价格敏感性,该市场年度测试预算中位数约为 $187,000(Mordor Intelligence、Pentera 调研数据)。National Institute of Standards and Technology 发布的 NIST SP 800-115 标准为安全测试方法提供基础框架,但该标准早于自主 AI 渗透测试,也没有专门讨论 AI 驱动测试验证,因此带来监管解释不确定性。 [CM022, CM023, CM024, CM025, CM026, CM027]
| 驱动因素 / 约束 | 方向 | 时间 | 对市场的影响 | 面向 Horizon3.ai 的尽调问题 |
|---|---|---|---|---|
| PCI DSS 4.0 强制年度渗透测试(2025 年 3 月生效) | 驱动因素 | 当前生效 | 把可选支出转成强制支出;扩大中型市场和 BFSI 买方基础 | Horizon3.ai 客户中有多少比例将 PCI 合规列为采用触发因素? |
| FedRAMP 3.0 季度扫描 + 年度渗透测试要求 | 驱动因素 | 2025–2026 年生效 | 把联邦采购节奏从年度推到季度;利好持续平台 | Horizon3.ai 的 ARR 有多少比例来自联邦板块?续约结构如何? |
| AI 增强的威胁行为者可在数小时内生成定制漏洞利用 | 驱动因素 | 2025–2026 年及以后加速 | 压缩防守方反应窗口;年度渗透测试不再够用;推高持续验证需求 | NodeZero 的 AI 攻击链更新节奏与对手工具演进相比如何? |
| 欧盟数字运营韧性法案(DORA)TLPT 要求 | 驱动因素 | 2025 年 1 月生效 | 欧盟金融机构必须开展年度威胁导向渗透测试;带来欧盟企业需求 | Horizon3.ai 有多少客户注册在欧盟?阿姆斯特丹办公室能否服务欧盟管线? |
| 全球网络安全人才短缺(约 3.5M 个岗位空缺) | 驱动因素 | 结构性 / 持续 | 企业难以大规模组建内部红队;被迫采用自动化和 PTaaS 平台 | Horizon3.ai 能否承接内部团队人手不足带来的需求? |
| 云迁移让动态攻击面扩大,超出人工测试员能力 | 驱动因素 | 2023-2026+ | 多云环境超出人工测试范围;自主平台可随云增长扩展 | NodeZero 渗透测试中有多少比例针对云工作负载而非本地环境? |
| AI / 开源推动基础自动化测试商品化 | 约束 | 2026–2028 年显现 | AI 能力开源后,基础自主测试可能商品化;定价权被压缩 | Horizon3.ai 如何在攻击链复杂度上区别于开源工具? |
| 监管不接受仅由 AI 输出的合规测试结果 | 约束 | 2024–2026 年(解决中) | 部分合规审计员要求人工签署的渗透测试报告;可能限制仅使用 NodeZero 的合规场景 | Horizon3.ai 是否已让 NodeZero 报告获得 PCI DSS 4.0 和 HIPAA 合规证明的正式认可? |
监管时间来自 NIST SP 800-115、CISA CDM 项目文档和 Mordor Intelligence 2026 年市场报告。AI 威胁升级数据来自 Dark Reading 2026 年关于 AI 生成黑客工具的报道。
[CM022, CM023, CM024, CM025, CM026, CM027]自主 AI 渗透测试平台的五阶段买方采用漏斗,从初始市场认知到部署后扩张,包含估计转化动态和关键摩擦点。
[CM015, CM016, CM020, CM030, CM035, CM036]2.5 规模测算尽调缺口与相互矛盾的估计
多个实质性证据缺口限制了本章市场规模估计的可信度。第一,没有独立分析机构为 Horizon3.ai 最直接竞争的“自主 AI 原生渗透测试”子类别发布专门规模估算。最接近的代理是 PTaaS 市场(2026 年 $0.72B,MarketsandMarkets),但 PTaaS 包含人工增强和混合方案。Horizon3.ai 的全自主定位只占 PTaaS 的一个子集,若没有一手研究,无法测算规模。 第二,MarketsandMarkets 和 Mordor Intelligence 的数字方向一致(都预计更广义渗透测试市场 CAGR 为 14–15%),但绝对规模相差约 15–20%。两家公司都采用自有方法,公开资料对方法描述不足,无法调和差异。两组数字都不应视为点估计;应保留区间。 第三,Horizon3.ai 的收入、市场份额和客户细分分布均未公开披露,因此无法从外部来源计算公司在 PTaaS 或渗透测试市场中的份额。客户数(5,200+)是唯一披露的规模指标;没有平均合同价值数据,按收入测算的渗透率无法量化。按客户数推断的隐含市场份额明显为正,但数值上没有边界。 第四,到 2031 年的分析师预测承载复合不确定性,因为 AI 在攻防两端的发展速度很快。如果开源 AI 工具在 2–3 年内把基础自主渗透测试商品化,溢价 PTaaS 平台的增长预测将被实质改写。Mordor Intelligence 承认了这一风险(将竞争动态列为市场约束),但现有分析师模型没有量化。 [CM032, CM033, CM034, CM035, CM036, CM037]
2.6 图表
03竞争格局
3.1 竞争市场图谱:四个层级争夺对抗性验证预算
渗透测试和安全验证市场分为四个清晰的竞争层级,各自争夺 CISO 对抗性验证预算的一部分。第一层是自主和 AI 驱动安全验证:Pentera 是这一层中 NodeZero 最接近的直接同业,已在 2026 年 1 月确认 $100M ARR——这是任何竞争性自主渗透测试平台中最清晰的公开规模基准。Pentera 将其产品定位为“暴露验证平台”,具备 AI 驱动的对抗性测试、基于风险的优先级排序和自动化修复工作流。第二层是人工增强 PTaaS:Cobalt 和 Synack 将专家安全研究员与 AI 辅助平台结合。Cobalt 开创了基于额度的订阅式 PTaaS 模式,并围绕“攻防安全计划”概念定位自身;Synack 最近发布 “Sara AI Pentesting” 并实现一般可用,显示其从众包人工研究员市场起家,战略上转向 AI 增强持续测试。 第三层由现有企业安全平台组成——Rapid7 和 Tenable 拥有庞大装机基础,并在把产品范围扩展到对抗性暴露管理。Tenable One 定位为“全球领先的 AI 驱动暴露管理平台”,覆盖 IT、云、OT、身份、容器和 AI 工作负载。Rapid7 运营开放平台,服务 11,000+ 全球客户,覆盖 MDR、漏洞管理、SIEM 和 Metasploit 专业渗透测试框架。第四层是横向安全运营厂商:CrowdStrike 自称“智能体安全平台”,聚焦 AI 驱动安全运营;Palo Alto Networks 将 Cortex XSIAM 定位为面向 AI 驱动安全运营的“最先进 SOC 平台”。第四层厂商虽不提供专门渗透测试,但其自主检测和响应能力不断扩展,会对那些把安全验证预算纳入更广泛 SOC 现代化投资的客户形成间接替代。 BAS、CTEM、AEV 和自主渗透测试正在汇入一个统一的“对抗性暴露验证”分析师类别——Gartner 自 2025 年开始倡导这一分类——这既验证了 NodeZero 的战略方向,也把 AttackIQ 和 XM Cyber 抬升为类别同业。NodeZero 站在四个竞争层级的交叉点:交付自主攻击执行,在订阅经济性上与 PTaaS 竞争,并通过 NodeZero Insights 扩张到暴露管理。 [CP001, CP002, CP003, CP004, CP005]
| 厂商 | 类别 | 规模 / 融资 | 目标细分市场 | 关键差异化 | 关键局限 |
|---|---|---|---|---|---|
| Pentera | 自主安全验证 | ARR $100M(2026 年 1 月);累计融资约 $200M | 企业;BFSI;医疗健康 | AI 驱动的对抗测试;基于风险的修复;ARR $100M 里程碑 | 无 FedRAMP 授权;基本无法进入美国联邦市场 |
| Cobalt.io | PTaaS(人类 + AI) | Series C;基于额度的定价 | 企业;SMB;合规驱动 | 专家研究员社区;24 小时内启动渗透测试;Offensive Security Program 模式 | 人工成本结构限制扩展;无法只靠 AI 替代人工鉴证 |
| Synack | 众包 PTaaS + AI | 累计融资约 $112M;FedRAMP Moderate | 企业;联邦;高保障 | Sara AI Pentesting GA;FedRAMP Moderate;1,500+ 名精英 SRT 研究员 | 仅 FedRAMP Moderate(低于 NodeZero High);吞吐上限受人工依赖制约 |
| Rapid7 | 企业安全平台 | >$850M ARR;上市公司(RPD) | 企业;SMB;MSSP | Metasploit(4,000+ 个漏洞利用);MDR;InsightSIEM XDR;11,000+ 客户 | 无自主攻击执行产品;Metasploit 是人工框架工具 |
| Tenable | 暴露面管理平台 | >$900M FY2025 收入;上市公司(TENB) | 企业;联邦;云;OT | Tenable One AI 暴露面管理;40,000+ 客户;覆盖 65% Fortune 500;Gartner MQ 领导者 | 无自主实时攻击执行;攻击模拟能力与 NodeZero 存在差距 |
| CrowdStrike | 智能体安全平台 | >$4B ARR;上市公司(CRWD) | 企业;云;政府 | Charlotte AI AgentWorks;Falcon SIEM/XDR;智能体 AI 架构 | 无专用自主渗透测试产品;仅有间接替代风险 |
| Palo Alto Networks | 下一代安全平台 | >$14B FY2025 收入;上市公司(PANW) | 企业;云;联邦 | Cortex XSIAM AI SOC 平台;平台化战略;$14B 收入规模 | 无自主渗透测试能力;靠预算整合竞争,而非功能对等 |
| AttackIQ | CTEM / BAS | Series C;对齐 MITRE | 企业;受监管垂直行业 | AEV 端到端 CTEM;原生对齐 MITRE ATT&CK 的模拟;对抗验证叙事 | 仅基于模拟;生产环境中没有实时自主攻击执行 |
| XM Cyber | CTEM / 攻击路径管理 | Schwarz Group 收购(2021) | 企业;EMEA;金融服务 | 攻击路径管理;持续暴露验证;AI 驱动的入侵路径分析 | 仅模拟和建模;不是生产安全的实时自主攻击智能体 |
Pentera ARR 数字来自 CEO 公开博客文章(2026 年 1 月)。私营公司(Pentera、Cobalt、Synack)的规模指标来自公开披露或分析师推断;实际财务数据不可得。上市公司收入 / ARR 数字来自最新投资者披露。FedRAMP 状态反映截至 2026 年 5 月的 FedRAMP Marketplace 和公开披露。
[CP001, CP006, CP007, CP009, CP013, CP016]二维竞争定位图,将九家厂商按自动化水平(x 轴,0=完全人工、10=完全自主)和市场规模(y 轴,约客户数,千家)绘制。NodeZero 位于高自动化 / 高规模象限,是唯一同时拥有 FedRAMP High 和显著装机基础的完全自主平台。
X 轴自动化水平由分析师基于产品架构描述和官方产品定位推断。Y 轴市场规模使用披露客户数(NodeZero、Tenable、Rapid7)或私有公司分析师估计。CrowdStrike 和 Palo Alto Networks 客户数为近似值。图表为方向性判断,不是精确测算;两个轴都是序数式估计,并非来自单一权威来源。
[CP001, CP003, CP013, CP016, CP020, CP021]3.2 一线直接竞争者:Pentera、Cobalt 与 Synack
**Pentera** 是 NodeZero 近期最直接的收入竞争对手。截至 2026 年 1 月,Pentera CEO Amitai Ratzon 在公开博客文章中确认 $100M ARR——这是自主安全验证同业中最可信的公开 ARR 披露。Pentera 平台自动化完整暴露管理周期,从对抗性测试,到基于风险的优先级排序,再到自动化修复工作流,并将自身定位为统一的“从发现到修复”平台。Pentera 的 2025 Pen Testing Industry Report 量化显示,67% 安全领导者在上一年经历过数据泄露,从规模上验证了持续测试逻辑。Pentera 与 NodeZero 直接争夺企业安全验证预算,并把自主执行、攻击串联和高管级报告作为差异化。当前关键竞争不对称在于 NodeZero 拥有 FedRAMP High 授权,而 Pentera 没有;在 NodeZero 几乎无对手竞争的自主渗透测试中,这让 Pentera 被结构性排除在高影响联邦云合同之外。 **Cobalt** 开创了 PTaaS 混合模式,将专家自由安全研究员社区与 AI 辅助工作流自动化结合。Cobalt 基于额度的定价让渗透测试可在 24 小时内启动,其围绕“攻防安全计划”的定位——把一次性渗透测试与持续测试、修复验证和战略指导打包——反映出它已超越简单按需项目。Cobalt 年度 State of Pentesting Report 是行业认可的研究产出。混合模式在企业合规证明用例中形成了可防守位置;在该细分里,人工专家认证是合同要求,而 NodeZero 目前无法仅凭自主输出服务这一需求。 **Synack** 已从众包人工研究员市场(由 1,500+ 经过审查的研究员组成的 Synack Red Team)战略转向 AI 增强持续测试。2026 年 “Sara AI Pentesting” 作为一般可用产品发布,表明 Synack 除了历史上依靠研究员质量和联邦市场存在感形成差异化外,也有意在自动化速度上竞争。Synack 持有 FedRAMP Moderate 授权,比 NodeZero 的 FedRAMP High 低一级,因此进入高影响联邦系统受限。如果 Synack 取得 FedRAMP High 认证,其既有联邦关系和政府部门专业化,将使它成为 NodeZero 在联邦细分市场最可信的未来竞争者。 [CP006, CP007, CP008, CP009, CP010, CP011]
| 能力维度 | NodeZero(Horizon3.ai) | Pentera | Cobalt.io | Synack | Rapid7 |
|---|---|---|---|---|---|
| 自主执行(无需人工指挥) | 完整——黑盒自主智能体 | 完整——AI 驱动的对抗测试 | 否——需要人工研究员 | 部分——Sara AI + 人工 SRT 混合 | 否——Metasploit 框架,需要人工操作员 |
| FedRAMP 授权级别 | High——唯一获得 FedRAMP High 的自主渗透测试平台 | 未确认 | 未确认 | 仅 Moderate | N/A——框架工具,不是云 SaaS |
| 生产安全的真实环境测试 | 是——临时无代理设计;225K+ 次真实测试 | 是——具备生产环境实时测试能力 | 是——人工控制范围 | 是——受控 SRT 研究员访问 | 否——框架没有内置生产安全限制 |
| 持续重复测试模式 | 是——Pentest Wednesday 节奏;订阅模式 | 是——持续态势验证;订阅 | 部分——基于额度的按需模式 | 是——持续 SRT 参与模式 | 否——一次性时间点框架工具 |
| 合规证明输出(FedRAMP、PCI、HIPAA) | 是——映射 FedRAMP、PCI、HIPAA 的报告 | 是——映射合规要求的报告 | 是——人工鉴证的合规报告 | 是——SRT 认证的合规证明 | 有限——需要定制报告层 |
| CTEM / 暴露面管理集成 | 部分——NodeZero Insights 能力正在开发 | 是——统一的发现到修复工作流 | 否——专注渗透测试的平台 | 否——专注渗透测试和研究员 | 部分——集成 InsightVM 漏洞管理 |
| 联邦市场专精和授权 | 强——NSA 信任;Fortune 10 中 4 家;FedRAMP High | 有限——聚焦商业企业;无 FedRAMP | 有限——聚焦商业企业 | 中等——FedRAMP Moderate;覆盖政府部门 | 有限——开源 Metasploit 未获联邦授权 |
| 攻击链深度与新路径发现 | 高——专利申请中的自主攻击图引擎 | 高——AI 驱动的多向量攻击路径分析 | 中——人工驱动串链;依赖专家 | 中——Sara AI + 研究员专业能力结合 | 高(人工)——4,000+ 模块;攻击者引导串链 |
| 部署模式和代理要求 | SaaS 云原生;无代理;无持久足迹 | SaaS 或本地部署;需要轻量代理 | SaaS 门户;人工研究员访问 | SaaS 门户;研究员控制访问 | 本地部署框架;需要攻击者工作站 |
能力评级由分析师根据官方产品页、FedRAMP Marketplace、厂商博客文章和截至 2026 年 5 月的公开文档推断。「部分」表示产品声称处于开发中或部署有限。NodeZero 的 FedRAMP High 已通过 FedRAMP Marketplace ID FR1802451335 验证。竞品不支持或未验证的能力声明在注释中标为「未知」。
[CP002, CP003, CP008, CP010, CP011, CP013]3.3 二线企业平台威胁:Rapid7 与 Tenable
**Rapid7** 将自身定位为“开放平台。AI 驱动。人工主导。”的企业安全公司,服务 11,000+ 全球客户,覆盖 MDR、漏洞管理(InsightVM)、SIEM/XDR(InsightIDR/InsightSIEM)和 Metasploit 渗透测试框架。Metasploit 拥有 4,000+ 个利用模块和 20+ 年活跃专业开发史,在攻防安全实战者社区具备深厚可信度。不过,Metasploit 是需要熟练人工操作者的框架工具,与 NodeZero 的全自主攻击执行在结构上不同。Rapid7 在 2024 年 Q4 财报中披露全年 ARR 超过 $850M,显示其财务规模足以投资或收购自主渗透测试能力。Rapid7 的托管服务(MDR)和检测平台(InsightSIEM)为可能同时评估 NodeZero 的企业客户提供交叉销售路径,使 Rapid7 有能力把竞争能力打包进既有企业关系中。 **Tenable** 是 NodeZero 商业扩张面临的最大长期平台替代风险。截至 2025 年 12 月 31 日,Tenable 服务 40,000+ 客户,其中包括约 65% 的 Fortune 500 和 50% 的 Global 2000。Tenable One 是公司的 AI 驱动暴露管理平台,在统一暴露管理框架下覆盖 IT 资产、云资源、容器、Web 应用、身份系统、OT 环境和 AI 工作负载。Tenable 所说的“预防式安全”和 AI 驱动暴露管理战略方向,与 NodeZero Insights 的产品方向直接重叠。作为 2025 年 Q4 Gartner Exposure Assessment Platforms 魔力象限领导者,Tenable 带有会影响 CISO 采购决策的分析师认可。风险情景是打包销售:如果 Tenable 通过内部开发或收购向 Tenable One 加入自主攻击模拟,其相对 NodeZero 8 倍的客户规模优势,可能在续约周期通过折扣打包迅速侵蚀 NodeZero 的商业装机基础。Tenable FY2025 收入超过 $900M,具备推动这条路径的财务能力。 [CP013, CP014, CP015, CP016, CP017, CP018]
阶梯式能力矩阵,在八个关键维度上比较 NodeZero 与四个主要竞争对手。完全覆盖(●)、部分覆盖(◐)或无覆盖(○)基于分析师对官方产品页和厂商文档的审阅。突出 NodeZero 相比竞争对手的 FedRAMP 优势和自主执行深度。
矩阵评级由分析师基于截至 2026 年 5 月的官方产品页、FedRAMP Marketplace、厂商博客和公开文档推断。Pentera 的 “Full” 自主执行评级反映官方产品营销口径。Synack 的 Sara AI 评级基于 2026 年宣布 GA 发布的信息。所有部分评级都应通过实际产品评估验证。
[CP003, CP008, CP010, CP011, CP024, CP025]3.4 横向平台竞争者:CrowdStrike 与 Palo Alto Networks
**CrowdStrike** 将自己定位为 2026 年的「The Agentic Security Platform」。Falcon 平台覆盖终端防护、身份威胁检测、SIEM(Falcon Next-Gen SIEM)、云安全和 AI 智能体能力。CrowdStrike 的 Charlotte AI AgentWorks 生态让客户构建专用安全智能体;其「Falcon Next-Gen SIEM for Defender」产品则与 Microsoft Sentinel 争夺 SOC 转型预算。CrowdStrike 目前没有专门的自主渗透测试或攻击模拟能力,但其智能体 AI 架构为开发红队自动化能力提供了可信路径,未来可能打包进现有 Falcon 合同。CrowdStrike FY2025 Q4 ARR 超过 $4 billion,具备充足财力向相邻品类扩张。对 NodeZero 而言,CrowdStrike 是一种间接竞争威胁:企业安全预算若流向 Falcon 平台整合,留给独立自主渗透测试工具的增量支出可能减少。 **Palo Alto Networks** 将 Cortex XSIAM 定位为 AI 驱动安全运营的「the most advanced SOC platform」,通过统一数据、自动化和 AI 能力实现「true AI-driven security operations」。Cortex XSIAM 直接争夺 NodeZero 连续测试与验证能力所面向的同一笔企业安全运营预算。Palo Alto Networks 的「platformization」策略鼓励客户把点状产品整合到 Cortex 上,由此形成替代效应:采用 Cortex XSIAM 的客户可能降低独立攻击验证工具的优先级。Palo Alto Networks FY2025 收入为 $14.2B,平台化收入增速快于单一产品收入,验证了整合路径的商业可行性。CrowdStrike 和 Palo Alto Networks 目前都没有提供生产环境安全、且获得 FedRAMP High 授权的自主渗透测试能力,这保住了 NodeZero 在联邦市场的监管差异化。 [CP020, CP021, CP022, CP023]
| 厂商 | 定价模式 | 入门价格(估计) | 企业 ACV(估计) | 合同条款 | 定价备注 |
|---|---|---|---|---|---|
| NodeZero(Horizon3.ai,自主渗透测试平台) | 年度订阅;按主机或资产范围分层 | $15K–$30K(小型企业) | $50K–$150K(中大型企业) | 年度;可提供多年期折扣 | FedRAMP 合同有溢价;联邦合同工具通过 GSA Schedule 定价 |
| Pentera | 年度订阅;按机器范围分层 | $20K–$50K(小型企业) | $75K–$200K(企业) | 年度标准合同;批量折扣 | Pentera 2025 调查显示测试预算中位数:$187K;溢价反映企业级 AEV 叙事 |
| Cobalt.io | 基于积分的年度额度;积分按资产类型兑换 | $10K–$20K(入门;小型积分包) | $50K–$150K(企业积分包) | 年度积分续约 | 积分模型可灵活分配范围;混合人工成本已计入积分 |
| Synack | 年度预聘费或按项目 SRT 定价 | $25K–$75K(SME 项目) | $100K–$300K+(企业预聘费) | 年度预聘费;也可按项目计费 | SRT 研究员时间决定可变成本;联邦合同通过 GSA Schedule 定价 |
| Rapid7 (InsightVM + MDR) | 年度订阅;按资产数量计费 | $15K–$30K(SME——InsightVM 独立版) | $100K–$500K(企业 MDR 套件) | 年度;可签多年期 | MDR 打包定价让单独比较更复杂;Metasploit Framework 开源 / 免费 |
所有定价估计均由分析师根据行业研究、公开演示、渠道伙伴访谈和市场基准推断。没有厂商公开披露标价。实际合同金额会随范围、期限、谈判和存量客户折扣大幅变化。Pentera 测试预算中位数来自 Pentera 2025 Pen Testing Industry Report。
[CP007, CP008, CP012, CP031]3.5 NodeZero 竞争护城河:FedRAMP High、自主执行与 DoD 信任
Horizon3.ai 的 NodeZero 平台在五个维度上形成竞争差异,组合起来构成一个短期内没有单一竞争者能完全复制的可防守市场位置。第一,**FedRAMP High 授权**:FedRAMP Marketplace 验证显示,NodeZero 是唯一获得 FedRAMP High 授权的完全自主渗透测试平台。处理 NIST 800-60 中高影响级联邦数据的云产品必须取得 FedRAMP High。获得 FedRAMP High 需要 18–36 个月,并投入约 $1M–$5M+,形成持久的时间壁垒。Synack 持有 FedRAMP Moderate(低一个层级);Pentera、Cobalt、CrowdStrike 和 Palo Alto Networks 未披露其当前产品线拥有同等联邦云授权。第二,**生产环境安全的自主攻击链编排**:NodeZero 作为黑盒自主智能体运行,无需人工指挥即可识别、串联并利用漏洞。其短暂、无代理设计专门面向实时生产环境,回应了企业反对自主攻击执行的核心顾虑——业务中断风险。该平台已在实时生产环境中安全执行 225,000+ 次渗透测试,形成任何竞争者若没有多年同等部署规模就无法复制的攻击图训练数据集。第三,**已安装客户基础与数据飞轮**:NodeZero 的 5,200+ 客户持续产生复合攻击图反馈,训练数据优势由此超过所有直接竞争者。第四,**NSA 与 Fortune 10 信任**:NodeZero 获得 NSA 以及 4 家 Fortune 10 公司信任,代表最高等级的企业背书。这种信任来自运营实绩,不是营销包装;对非美国来源厂商而言,几乎无法复制。第五,**重复测试节奏**:NodeZero 的 Pentest Wednesday 模式打造连续订阅工作流,相比一次性渗透测试模式,提高净收入留存并降低流失。 这五层护城河叠加出一个飞轮:更多客户带来更多攻击图训练数据,进而提升 NodeZero 的攻击链编排质量,再吸引更高价值客户。Craft Ventures 领投、Kleiner Perkins 参与此前轮次,也从风投尽调视角独立验证了这条竞争护城河逻辑。 [CP024, CP025, CP026, CP027, CP028, CP029]
| 护城河维度 | NodeZero 优势 | 竞争对手复制威胁 | 复制所需时间(估计) | 持久性评级 |
|---|---|---|---|---|
| FedRAMP High 授权 | 唯一拥有 FedRAMP High 的自主渗透测试平台;高影响联邦云合同依法需要该授权 | 难度很高——需要 18–36 个月和 $1M–$5M+ 项目投入;Synack 仅为 FedRAMP Moderate | 资金充足的新进入者从立项起需要 3–5 年 | 强——没有竞争对手披露正在推进面向自主渗透测试的 FedRAMP High 项目 |
| 可在生产环境安全运行的大规模自主攻击链 | 正在申请专利的攻击图谱引擎;225,000+ 次在线生产测试;临时无代理设计已在 NSA 和 Fortune 10 环境验证 | 难度高——需要同时具备 AI 工程、红队人才和同等规模的生产部署数据 | 追平规模需要 3–5 年;非美国来源厂商在联邦市场永远难以等同 | 强——没有同等部署年限,就复制不出生产数据集和安全验证记录 |
| 已安装客户基础与攻击图谱训练数据 | 5,200+ 家客户持续产生反馈;每新增一个项目,数据优势都会复利 | 难度高——Pentera 约 1,200+ 家客户;数据差距真实存在,但按竞争对手增速正在收窄 | 纯粹独立竞争对手需 5–7 年才能追平部署规模 | 中——如果 NodeZero 增长放缓,Pentera 通往 $100M ARR 的轨迹可能侵蚀优势 |
| NSA 与 Fortune 10 在国家安全领域的信任背书 | 来自 NSA、4 家 Fortune 10 和 DoD 项目的信任;几乎是可获得的最高等级外部验证 | 难度很高——国家安全信任靠实战证明,不靠营销;非美国来源厂商在法律上被排除 | 外国来源厂商基本无法复制;美国竞争对手也需要 5–10 年记录 | 强——高保证细分市场的机构信任买不来;FedRAMP High 是必要条件,但还不够 |
| Pentest Wednesday 的周期性订阅节奏 | 每周连续测试模型嵌入工作流,形成切换成本,把客户锁定在持续使用中 | 难度中等——Pentera 和 Synack 提供连续态势模型;Cobalt 提供积分制灵活性 | 复制节奏模型需要 1–2 年;客户侧工作流整合要更久才会松动 | 中——周期性节奏可被竞争复制;差异转向攻击链深度 |
持久性评级由分析师基于 FedRAMP 项目周期、可比 SaaS 开发周期和安全行业惯例推断。所有护城河评估都是定性判断,并受公开来源无法完整观察的竞争动态影响。「复制所需时间」估计假设一个资金充足的竞争对手今天从零起步。
[CP024, CP026, CP027, CP028, CP029, CP030]八项关键指标量化截至 2026 年 5 月 NodeZero 的竞争差异化。指标来自公司披露数据、FedRAMP Marketplace 和第三方新闻报道。
客户数和渗透测试次数为公司披露。FedRAMP 状态经 FedRAMP Marketplace 核验。Pentera ARR 来自 CEO 博客文章(2026 年 1 月)。Series D 融资数据来自 Dark Reading 和 SecurityWeek 报道。FedRAMP 复制时间线来自计划指南文档。所有 KPI 均反映截至 2026 年 5 月可公开获得的数据。
[CP003, CP004, CP006, CP007, CP024, CP025]3.6 替代风险、竞争情景与展望
三条重大竞争替代风险需要持续尽调。来自 Tenable 或 Rapid7 的**平台打包风险**是长期严重度最高的情景:Tenable 拥有 40,000+ 客户,续约杠杆是 NodeZero 5,200+ 客户的 8 倍;如果 Tenable 通过收购或内部开发把自主攻击执行加入 Tenable One,它可能在续约周期里以折扣价打包销售,压缩 NodeZero 实际商业定价。考虑到 Tenable 明确的「preemptive security」战略方向和 M&A 历史,未来 3–5 年该情景概率为中等。**Pentera 直接收入威胁**是近期严重度最高的情景:Pentera 已确认迈向 $100M ARR,是增长最快的自主测试收入挑战者;如果 Pentera 获得 FedRAMP High 授权(目前未确认,也未披露正在推进),NodeZero 在联邦核心市场的独占性将消失。**开源 AI 商品化风险**是中期情景:当前沿 AI 能力扩散到开源模型,基础自主漏洞扫描和攻击链编排可能商品化;若平台不能在链路深度、自研训练数据或监管合规框架上区分自己,价格溢价会被压缩。NodeZero 的核心应对必须是继续投入 FedRAMP High 项目维护、攻击图深度,以及企业级自主攻击决策可解释性。 第四项风险是 CrowdStrike 或 Palo Alto Networks 利用现有企业关系,把智能体式渗透测试能力作为平台附加模块,以折扣价销售,从而整合安全运营预算。近期该风险概率较低,但仍需跟踪其 AI 与智能体安全路线图。CTEM 融合趋势把 AttackIQ 和 XM Cyber 推到采购评估中的分析师层级竞争者位置;尽管它们依赖模拟,而不是实时自主攻击执行,这仍会制造评估阶段的混淆。在采购团队采用 Gartner Exposure Assessment Platform MQ 指引的竞争性 bakeoff 中,NodeZero 可能因此处于劣势。 [CP031, CP032, CP033, CP034, CP035, CP036]
3.7 附录
04财务情况
4.1 收入模式与定价架构
Horizon3.ai 主要通过年度 SaaS 订阅变现 NodeZero,定价按主机或资产范围计费。客户为明确数量的内部和外部资产购买年度许可,以固定的经常性成本运行连续自主渗透测试。该模式把过去每次 $50,000–$150,000 的专业服务预算,转化为经常性平台合同,从根本上把 NodeZero 从一次性审计重新定位为运营基础设施。订阅优先架构带来可预测收入、多年增购,以及随主机数量增长而来的扩张。 联邦政府客户通过 GSA Schedule 70、SEWP V、CIO-SP3 等政府合同工具采购 NodeZero;这些工具简化采购,也允许多年期任务订单。联邦合同通常具备更高平均合同价值和多年期选择权,带来长期收入耐久性,但也引入拨款风险和集中度暴露。 公司的 NodeZero Insights 产品在核心平台上叠加威胁情报,形成高于基础渗透测试订阅的自然增购层。MSP/MSSP 伙伴计划支持间接分销,让公司不用同比例增加直销人力,也能触达中端市场。定价未公开披露,需要通过直销接洽;分析师估计中端市场起价为 $25,000–$50,000/year,企业层级可达 $100,000–$500,000+,联邦合同因范围和合规开销可能更高。
| 收入流 | 机制 | 计费单位 | 当前状态 / 价值估计 | 收入质量 | 尽调要求 |
|---|---|---|---|---|---|
| SaaS 订阅(商业) | 年度经常性平台许可 | 按资产范围 / 年 | 主要收入引擎;中端市场 ACV 估计 $25K–$50K | 高(经常性 / 可预测) | 确认分细分市场 ARR、平均 ACV、多年期合同占比 |
| 联邦合同工具 | 通过 GSA SEWP / CIO-SP3 签多年度政府合同 | 按机构任务订单 / 年 | 集中度实质性;占总收入比例未披露 | 质量高,但有集中度风险 | 确认联邦收入占比、合同工具 ID、按金额计前 5 大机构 |
| NodeZero Insights(威胁情报) | 基础 NodeZero 之外的附加订阅层 | 按订阅附加项 | 产品已存在;增量 ARR 贡献未知 | 中(扩张抓手) | 确认 Insights 的 ARR 贡献、基础订阅客户附加率 |
| MSP / MSSP 经销渠道 | 伙伴主导分销,收入分成 | 按合作伙伴交易分成 | 间接渠道已存在;规模未披露 | 中(有杠杆,但挤压利润率) | 确认渠道占总 ARR 比例、合作伙伴数量、经济模型 |
| 专业服务 / 范围化评估 | 一次性、按项目范围划定的测试服务 | 按项目收费 | 收入占比较小;带动 SaaS 增购 | 低(非经常性) | 确认专业服务收入占总收入比例,以及是与订阅打包还是分开收费 |
| 国际订阅(EU) | 通过 Amsterdam 办公室跨境销售 SaaS 许可 | 按区域年度订阅 | 早期阶段;Amsterdam 办公室 2023 年开设;销售管线未量化 | 低(早期) | 确认 EU ARR、销售管线规模,以及 FedRAMP High 是否适用于 EU 联邦 / NATO 客户 |
| NodeZero API / 集成许可 | 面向安全平台集成的 API 级访问 | 按集成或按席位许可 | 新兴产品延伸;收入状态未知 | 低(规模化前) | 确认是否上线、已确认收入、集成合作伙伴数量 |
收入流估计由分析师根据公开牵引信号和可比 SaaS 定价推断。Horizon3.ai 未公开按收入流、ACV 或 ARR 划分的收入。
[CI007, CI013, CI014, CI015, CI016, CI017]| 层级 | 估计价格 / 合同价值 | 标价 vs. 实收 | 折扣 / 未知项 | 来源 |
|---|---|---|---|---|
| SMB / 中端市场 SaaS | ~$10K–$50K / 年(估计) | 未公开披露;需要与销售接洽 | 可能有批量折扣;无公开价目表 | 分析师基于可比 SaaS 厂商估计 |
| 企业 SaaS | ~$100K–$500K / 年(估计) | 未披露 | 多年期折扣;评估服务打包定价 | 分析师估计;行业基准 |
| 联邦政府合同 | 每个合同奖项 ~$150K–$800K+(估计) | 合同授予金额不公开 | 多年度任务订单含续约选择年;合规开销推高 ACV | 分析师估计;合同工具结构 |
| MSP 经销商利润率 | 终端客户 ACV 中约 20–30% 合作伙伴利润率(估计) | 合作伙伴定价不公开 | 具体合作伙伴条款未知 | 安全 SaaS 渠道项目行业基准 |
| NodeZero Insights 附加项 | 未披露;假设在基础订阅上增量收费 | 未披露 | 打包还是独立售卖未知 | horizon3.ai/nodezero-insights 产品页确认已存在 |
Horizon3.ai 定价未公开披露。所有数值均根据市场可比项、销售渠道惯例和公开产品描述估算。
[CI013, CI017, CI007]所有数值和流向均基于 SaaS 行业常态估计;Horizon3.ai 未披露收入指标。
[CI007, CI013, CI017]4.2 单位经济与销售效率
Horizon3.ai 不披露单位经济。所有估算都来自公开牵引信号(5,200+ 客户、225,000+ 次渗透测试、$100M Series D 估值)、安全 SaaS 行业基准,以及与上市同行的比较。在 5,200+ 客户和隐含 $40–90M ARR(估计)下,隐含混合 ACV 约为 $8,000–$17,000,低于典型企业安全 SaaS,说明客户组合偏中端市场,且有一条小型商业账户长尾,并由更高价值的联邦合同补充。 纯 SaaS 安全平台毛利率通常在 65–80%。NodeZero 一旦部署,边际交付成本较低——客户自主运行渗透测试——因此毛利率应较强。不过,专业服务收入、上线成本和 FedRAMP 合规开销,可能把混合毛利率压到纯 SaaS 基准以下。 5,200+ 客户中完成 225,000+ 次渗透测试,意味着每个客户平均约 43 次渗透测试,显示平台使用强劲,也具备高 NRR 潜力。以此规模实现高平台使用率的公司,通常报告 110–130% 的 NRR。缺少 S&M 支出数据,CAC 和回本周期估算高度不确定;Series D 阶段的可比安全 SaaS 公司通常目标为 18–30 个月回本。
| 指标 | 估计值 | 置信度 | 重要性 | 尽调要求 |
|---|---|---|---|---|
| ARR(2025 估计) | $40M–$90M | 低 | 核心收入规模指标;所有估值和增长模型都依赖 ARR 基线 | 要求提供过去 8 个季度的季度 ARR 历史、当前 ARR 及结构拆分 |
| 混合 ACV | $8K–$17K(隐含) | 低 | 隐含 ACV 偏低,说明组合偏中端市场;也低估了联邦企业 ACV 带来的扭曲 | 要求按细分市场提供 ACV 分布;联邦 >$150K、企业 $50K–$150K、SMB <$30K |
| 毛利率 | 65%–80%(估计) | 低 | 决定盈利路径;FedRAMP 开销和专业服务组合可能压低混合毛利率 | 披露 COGS 拆分;区分 SaaS 平台毛利率与专业服务毛利率 |
| NRR(净留存率) | 110%–125%(估计) | 低 | 扩张健康度;225K 次渗透测试暗示使用率和粘性较强 | 分别披露 NRR 和总留存率;按起始年份提供队列分析 |
| CAC / 回本周期 | CAC 估计 $15K–$30K;回本周期估计 18–30 个月 | 低 | 销售效率;CAC 效率决定资本耐久度 | 要求按细分市场和渠道提供 CAC;回本周期按毛利计算 |
| LTV / CAC 比率 | 3.5x–8x(估计) | 低 | 长期单位经济模型健康度;区间很宽,反映流失率和 NRR 不确定 | 披露 NRR 和 ACV 后推导;与上市可比公司 3x+ 的最低基准对照 |
所有单位经济模型均为估计。Horizon3.ai 未公开披露任何财务表现指标。
[CI018, CI019, CI020, CI031, CI036]CAC、回本周期和 LTV 数值为分析师估计。Horizon3.ai 未披露销售效率指标。
[CI019, CI020, CI022]所有数值均为分析师估计。Horizon3.ai 未披露财务指标。低 / 中 / 高代表合理情景边界。
[CI021, CI033, CI018]4.3 融资历史与资本充足性
Horizon3.ai 于 2024 年 11 月完成 $100M Series D,由 Craft Ventures 领投,现有投资者参与。这是公司史上最大单轮融资,使已披露累计融资约达 $141M。此前轮次包括种子轮、Series B($28M,2022 年)和规模较小的 Series C 延展轮;Craft Ventures 一直是主要机构领投方。该 Series D 发生在网络安全风投融资环境艰难时期,说明投资人高度认可 NodeZero 的联邦独占性和商业牵引。 Series D 募集资金用途披露为平台研发、联邦渠道扩张和国际市场进入;欧洲业务以 2023 年设立的 Amsterdam 办公室为锚点。公司未公开披露债务融资、信贷额度或项目融资安排,符合这一阶段风投支持 SaaS 公司的特征。 资本充足性几乎完全取决于烧钱速度,而公司没有披露该指标。按估计 $6–12M/month 烧钱(由约 400 名员工、云基础设施和激进 S&M 支出推断),$100M Series D 从交割时点(2024 年 11 月)起提供约 8–17 个月现金跑道,意味着若收入没有显著拐点,公司可能需要在 2026 年中至年底前融资下一轮。缺少 ARR 披露,无法从收入角度评估资本充足性。
| 项目 | 数值 / 估计 | 置信度 | 备注 |
|---|---|---|---|
| 账上现金(Series D 后) | ~$100M(2024 年 11 月完成) | 中 | Series D 融资 $100M;假设此前无未动用资本;未披露债务额度 |
| 月度烧钱速度(估计) | $6M–$12M / 月 | 低 | 根据约 400 人团队、云 COGS、激进 S&M 和研发开支推断;未披露 |
| Series D 完成后的现金跑道 | 8–17 个月(至 2025 年 7 月–2026 年 3 月) | 低 | 对烧钱假设高度敏感;加速招聘会缩短跑道;收入增长会拉长跑道 |
| 计划资金用途 | 平台研发;联邦渠道扩张;国际增长;GTM 扩张 | 中 | Series D 新闻材料披露;与产品和联邦招聘信号一致 |
| 债务 / 项目融资义务 | 未披露 | 低 | 未见公开债务或授信额度公告;假设基于缺乏披露 |
资本充足性评估受制于缺少烧钱速度和 ARR 披露。现金跑道估计区间为自 2024 年 11 月 Series D 完成起 8–17 个月。
[CI001, CI021, CI024, CI025, CI026, CI028]4.4 财务基准比较:可比公司
鉴于 Horizon3.ai 仍为私有公司,上市公司可比对象提供了主要财务基准背景。漏洞管理和暴露评估市场领导者 Tenable Holdings (TENB) 在 FY2025 10-K 中披露,截至 2025 年 12 月 31 日,其拥有 40,000+ 客户、约 65% 的 Fortune 500 渗透率,以及约 50% 的 Global 2000 渗透率。Tenable 估计 FY2025 收入超过 $900M,按收入看约为 Horizon3.ai 在 NodeZero ARR 估算上限下的 10 倍。 Rapid7 (RPD) 运营覆盖 SIEM、漏洞管理和应用安全的 Insight Platform。Rapid7 FY2024 年收入约 $800M,毛利率约 70%,提供了平台型安全基准。相较 2021 年高点,Tenable 和 Rapid7 在 2025–2026 年均以压缩倍数交易,说明 Horizon3.ai 的 $900M 隐含 Series D 估值处于当前市场可比区间的高端。 私有 BAS 竞争者 AttackIQ,以及被 Schwarz Group 收购的 XM Cyber,因缺乏披露,只能提供有限财务基准。Cobalt 的 $29M Series C 和 Pentera 的 $56M Series C 处于可比阶段,说明 Horizon3.ai 的 $100M Series D 是自主 / AI 渗透测试相邻领域最大单轮融资,反映了 NodeZero 的相对规模和 FedRAMP 护城河溢价。
Horizon3.ai 指标为分析师估计。Tenable 数据来自 FY2025 10-K。Rapid7 数据来自公开文件。私有可比公司基于融资信号估计。
[CI004, CI011, CI022, CI023, CI032]4.5 财务尽调结论
Horizon3.ai 的收入模式在结构上成立:以联邦和企业客户为锚的年度经常性 SaaS 订阅,来自主机数量增长和附加层级的扩张经济,以及 225,000+ 次渗透测试所显示的平台使用信号,都指向强留存。$100M Series D 提供了近期资本充足性,尽管现金跑道对烧钱速度高度敏感。这些都是强定性财务指标。 但公司没有披露任何定量财务指标。ARR、收入增速、毛利率、NRR、烧钱速度、CAC 和客户集中度均未披露,导致标准财务承销无法完成。联邦收入集中(比例未知,但鉴于 NodeZero 的 FedRAMP 定位,应属重要)、拨款和 DOGE 暴露,以及缺少二级流动性路径,叠加出一组没有数据室披露就无法评估的风险。 关键尽调要求是:(1)过去 8 个季度的 ARR 历史和当前 ARR;(2)COGS 拆分,区分平台 SaaS 与专业服务;(3)NRR 和总留存分别披露;(4)联邦与商业收入拆分,以及前 5 大客户集中度;(5)至少 12 个月的月度 P&L 和资产负债表。没有这五项数据,财务章节结论只能是不确定:结构有利,但不足以支撑承销。
| 缺失指标 | 对分析的影响 | 具体尽调路径 |
|---|---|---|
| ARR 与季度增长率 | 无法承销收入轨迹;所有估值倍数都需要 ARR 作为基线 | 在数据室要求提供 ARR 历史(季度,过去 8 个季度)和当前 ARR |
| COGS 拆分与毛利率 | 无法评估盈利路径;SaaS 与专业服务的毛利组合未知;FedRAMP 合规开销可能压低混合毛利率 | 要求管理账;将 SaaS 平台 COGS 与专业服务交付成本拆开 |
| NRR 与总留存率 | 无法评估流失风险或扩张健康度;LTV 模型搭不起来 | 分别披露 NRR 和总留存率;要求按起始年份(2021–2025)提供队列 ARR 留存 |
| 联邦 vs. 商业收入拆分 | 联邦收入集中带来拨款和 DOGE 暴露;风险无法量化 | 要求提供细分收入拆分;按 ARR 识别前 5 大客户;确认联邦收入占总收入比例 |
| 月度 P&L 与烧钱速度 | 无法评估资本充足性;下一轮融资触发点和现金跑道无法判断 | 要求提供过去 12 个月月度 P&L 和资产负债表 |
这五个缺口是完成财务承销所需的最低披露。任一指标缺失都会实质削弱尽调结论。
[CI031, CI030, CI033]4.6 附录
05产品与技术
5.1 产品组合与客户工作流
NodeZero 是 Horizon3.ai 的旗舰平台:一个以 SaaS 交付的连续渗透测试产品,让安全团队无需配备专职渗透测试专家,也能自主发现、修复并验证可利用攻击路径。单一订阅解锁六类主要操作,每类对应不同攻击面。Internal Pentest 在客户环境内部署轻量 Docker 容器或 OVA 镜像,以模拟拥有网络访问权限的攻击者。External Pentest 完全以无代理方式从 Horizon3.ai 的 H3 Cloud 运行,枚举并利用可从互联网访问的服务。Cloud Pentest 使用客户提供的云厂商凭证,在 AWS、Azure 和 GCP 中映射并利用 IAM 错配和横向移动路径。Active Directory Password Audit 使用原生协议发现 Active Directory 中可破解和重复使用的密码,无需持久代理。Phishing Impact Testing 模拟电子邮件凭证泄露,并追踪攻击者随后可执行的网络跳转。Kubernetes Pentest 评估容器集群中的容器逃逸和 RBAC 提权。 三层支撑能力扩展了核心平台。NodeZero Insights 是暴露管理情报层,汇总并优先排序连续渗透测试操作中的发现。NodeZero Tripwires 是欺骗技术模块,部署生产环境安全的数字绊线,以检测入侵后的对手活动。2025 年推出的 NodeZero MCP Server 通过 Model Context Protocol 向 AI 和 LLM 工具暴露已验证利用数据,把进攻性安全情报与新兴 AI 驱动运营工作流连接起来。截至 2025 年 9 月,Horizon3.ai 已为近 4,000 家组织执行超过 170,000 次自主渗透测试,单次最大渗透测试覆盖超过 100,000 个 IP 地址。[CE001, CE002, CE003, CE004, CE005, CE006]
| 模块 | 主要用户 | 成熟度 / 状态 | 核心差异化 | 尽调缺口 |
|---|---|---|---|---|
| NodeZero Internal Pentest | CISO、红队、IT 安全 | GA(自 2021 年) | 临时 VPC、生产环境安全、Docker/OVA;测试后无常驻代理 | 需要 Docker 或 VMware 虚拟化管理程序;不支持非容器环境 |
| NodeZero External Pentest | CISO、ASM 团队、网络安全 | GA(自 2022 年) | 从 H3 Cloud 全无代理运行;枚举并利用外部攻击面 | 测试范围限于互联网可达服务;无法从内部发现影子 IT |
| NodeZero Cloud Pentest | 云安全团队、DevSecOps | GA(自 2023 年) | 使用云厂商凭证,串联感知 AWS/Azure/GCP IAM 的攻击路径 | Azure 和 GCP 相对 AWS 的覆盖深度未经过独立基准测试 |
| NodeZero AD Password Audit | 身份安全、IAM 团队 | GA | 无代理;使用原生 LDAP 发现可破解和重复使用的 AD 密码 | 相比专用 AD 审计工具的密码破解速度未公开记录 |
| NodeZero Phishing Impact Testing | SOC、风险管理、CISO | GA | 将模拟邮件凭证泄露与下游网络横向移动影响相连 | 钓鱼模拟逼真度和邮件网关集成未公开详述 |
| NodeZero Kubernetes Pentest | DevSecOps、容器安全 | GA | 测试容器逃逸、RBAC 权限提升和集群级攻击路径 | 未发布 Kubernetes 版本和 CNI 插件兼容矩阵 |
| NodeZero Tripwires | SOC、威胁检测团队 | GA(2025) | 可在生产环境安全部署的数字绊线;检测入侵后的对手移动 | 覆盖密度指标和误触发率未公开披露 |
| NodeZero Insights | CISO、风险官、安全项目 | GA(2024) | 汇总渗透测试结果的连续暴露管理情报层 | 完整功能范围和外部威胁情报集成深度未形成文档 |
| NodeZero MCP Server | AI/LLM 安全工具开发者 | GA(2025) | 通过 Model Context Protocol 向 AI 工具开放已验证的 NodeZero 利用数据 | 未披露 LLM 供应商依赖和数据保留政策 |
| Compliance Service(PCI/HIPAA/CMMC 合规服务) | 合规、GRC、审计团队 | GA | OSCP 认证渗透测试人员;覆盖 PCI DSS 4.0、HIPAA、CMMC 2.0、SOC 2、ISO 27001 | 含人类参与环节;产能、交付 SLA 和定价未发布 |
成熟度评估基于 Horizon3.ai 官方产品页和技术文档。尽调缺口反映公开基准、独立审计或上述能力规格表的缺失。模块收入归因未披露。
[CE001, CE002, CE003, CE004, CE005, CE006]| 用户 / 角色 | 当前工作流(NodeZero 前) | NodeZero 方案 | 可衡量收益 | 限制 |
|---|---|---|---|---|
| 企业 CISO | 年度人工渗透测试($50K–$150K,4–6 周);静态发现报告 | 持续 NodeZero 订阅;按需渗透测试,数小时完成 | 每轮测试成本降低 80%+;实时可利用性证据 | 需要内部专业能力解读攻击路径上下文;初始导入期有投入 |
| IT 安全团队 | Patch Tuesday:扫描 CVE、手工验证可利用性、按 CVSS 分数排序 | NodeZero Rapid Response:在 24–72 小时内自动测试已修补 CVE 是否仍可利用 | 立即证明已修补 CVE 在其环境中是否仍可被利用 | Rapid Response 仅覆盖 CISA KEV 目录;非 KEV CVE 需要安排渗透测试运行 |
| MSSP / MSP 合作伙伴 | 人工渗透测试按小时计费;规模有限,覆盖客户基数窄 | Vanguard Program:向客户组合自动交付 NodeZero | 在 MSP 客户群中规模化测试;相较按时间交付提升利润率 | 客户环境必须支持 Docker/OVA,或可从外部访问 |
| 联邦机构安全 | 只能使用 FedRAMP 授权工具;DoD 竞争性采购流程缓慢 | NodeZero Federal(FedRAMP High 授权)+ DoD Platform One 可授标采购 | 在联邦影响等级内合规开展自主渗透测试;采购节奏加快 | 联邦实例可能滞后于商业版功能发布;公开能力文档有限 |
| 医疗 / 金融合规团队 | 咨询公司每年做合规渗透测试;审计证据靠人工收集 | NodeZero 合规服务:自动化持续测试 + OSCP 人工渗透测试员签字 | 按需生成合规证据;PCI/HIPAA/CMMC 可直接入报告的输出包 | 混合服务(并非完全自主);容量、排期和周转时间未公布 SLA |
用例模式来自官方产品页、合作伙伴公告、合规页面和面向客户的新闻稿。可量化收益反映供应商说法;独立 ROI 基准尚未公开。
[CE001, CE007, CE017, CE019, CE027, CE035]分层技术栈展示 NodeZero 平台:从情报和数据源底座,到部署选项、集成连接器、AI 推理,再到顶层面向客户的六类操作。每一层代表平台一个独立功能层级。
[CE001, CE009, CE010, CE013, CE014, CE024]5.2 技术架构与部署模式
NodeZero 的技术设计以短暂、一次性使用架构为中心。每次渗透测试都会在 Horizon3.ai 的 H3 Cloud 基础设施内创建专用、隔离的 Virtual Private Cloud,任务完成后立即销毁。这样既消除了持久化攻陷足迹,也在多租户 SaaS 运营中强制执行严格租户隔离。内部渗透测试由客户在本地部署 Docker 容器或 OVA 镜像,并与 H3 Cloud 通信完成编排;测试结束后不保留持久代理。外部和云评估完全以无代理方式从 H3 Cloud 运行,客户环境中不部署软件。 攻击情报核心是图引擎,可跨用户、系统、凭证和服务串联多跳利用,构建端到端利用证明路径。这些路径映射到 MITRE ATT&CK 战术和技术,并转化为优先级排序的修复动作,配套一键式修复后验证工作流。NodeZero 设计目标是生产环境安全:测试运行后不保留利用载荷,平台声称主动利用可逆,或限定在非破坏性访问证明范围内。 内部品牌为「Mythos」的 AI 推理层,把 LLM 辅助的解读和置信度评分扩展到攻击图,用于复杂多阶段攻击链。技术文档位于 docs.horizon3.ai。Horizon3.ai 还在 horizon3ai GitHub 组织下维护 41 个或更多公开仓库,其中包括开源 CVE 概念验证工具,并拥有较强社区互动,体现其漏洞情报深度。[CE009, CE010, CE015, CE024, CE025, CE026]
| 层级 / 组件 | 作用 | 关键依赖 | 风险 |
|---|---|---|---|
| H3 Cloud 编排(AWS) | 管理渗透测试排期、临时 VPC 生命周期和多租户隔离 | AWS 商业云基础设施;Horizon3.ai 云运营 | 云服务中断会暂停所有外部 / 无代理测试;未披露公开 SLA |
| NodeZero 攻击图引擎 | 串联用户、系统和服务之间的多跳提权,生成可利用性证明路径 | 内部 CVE / 漏洞利用数据库;MITRE ATT&CK 框架;NVD/CISA KEV 数据源 | 漏洞利用覆盖不全或 CVE 数据陈旧,可能导致优先级误判 |
| NodeZero Agent(Docker/OVA) | 在客户环境内部执行内部渗透测试;与 H3 Cloud 通信完成编排 | 本地 Docker 运行时或 VMware hypervisor;客户网络访问权限 | 客户必须配置并维护 Agent;不兼容非容器主机 |
| 无代理外部连接器 | 无需本地部署软件即可开展外部 ASM 和云测试 | H3 Cloud 互联网出口;云厂商凭证访问(AWS/Azure/GCP) | 范围限于 H3 Cloud 公网 IP 可触达的服务;缺少由内向外可见性 |
| AI 推理层(Mythos) | 对攻击路径排序,并借助 LLM 解读复杂链路 | 未披露的 LLM 提供商;用渗透测试语料训练的自研 ML 模型 | 存在 LLM 提供商依赖风险;AI 在新型环境中的可靠性未验证 |
| 集成 API(ServiceNow、SIEM/SOAR) | 把 NodeZero 发现接入企业工单、SIEM、SOAR 平台 | REST API;webhook 连接器;第三方系统正常运行时间和 API 版本 | 集成质量随下游系统而变;破坏性 API 变更会带来运营风险 |
架构层级来自公开产品页面和技术文档;依赖与风险评估由分析师基于可获得披露判断。内部实现细节(例如 AI 模型提供商身份、自研 ML 训练数据)尚未被公开证实。
[CE009, CE024, CE025, CE026, CE037]端到端工作流展示一次 NodeZero 渗透测试如何从客户发起,经过 H3 Cloud 编排、代理部署、主动测试阶段,最终产出已验证的修复动作报告,并在修复后再次验证。
[CE002, CE003, CE009, CE010, CE024, CE035]5.3 合规、授权与信任姿态
NodeZero 是少数获得 FedRAMP High 授权的自主渗透测试平台之一,Marketplace ID 为 F2209220003。该授权支持其部署到处理高度敏感非密数据的联邦环境。Horizon3.ai 参与 NSA Cybersecurity Assurance Program Testing (CAPT);在该项目下,NodeZero 为 Defense Industrial Base 供应商提供自主渗透测试,帮助其证明 CMMC 合规。2023 年,公司在 Department of Defense Platform One 软件市场获得 Awardable 状态,为 DoD 客户提供简化采购路径,无需单独竞争性采购流程。 面向商业受监管市场,NodeZero 支持为 PCI DSS 4.0、HIPAA、CMMC 2.0、SOC 2 和 ISO 27001 生成合规证据;方式是把自主渗透测试输出与 OSCP 认证人工渗透测试人员签字结合起来。Horizon3.ai 声称其自身云运营获得 SOC 2 Type II 认证,但审计报告未公开,无法独立验证。这些合规和监管资质,是其在与手工渗透测试公司以及更广义 PTaaS 竞争者评估中对比时的主要差异点;后者通常没有 FedRAMP High 授权或 NSA 项目参与。[CE007, CE008, CE018, CE019, CE028, CE030]
| 控制项 / 认证 | 状态 | 范围 | 缺口 |
|---|---|---|---|
| FedRAMP High 授权 | 已授权 — Marketplace ID F2209220003 | NodeZero for Federal;所有 NodeZero 操作类型纳入联邦 ATO | 独立联邦实例可能滞后于商业版功能发布;未公开披露功能同等性 |
| NSA Cybersecurity Assurance Program Testing(CAPT,网络安全保障测试项目) | 活跃参与方 | 面向 DIB 供应商交付自主渗透测试;展示 CMMC 合规 | 计划准入限于 NSA 指定 DIB 供应商;公开市场买家无法使用 |
| DoD Platform One 可授标状态 | 可授标(2023 年授予) | NodeZero 进入 DoD 软件市场;DoD 采购路径简化 | 可授标 ≠ 部署批准;各机构必须自行签发 ATO |
| SOC 2 Type II | 已认证(公司声称) | Horizon3.ai 云运营 | 审计报告未公开;无法独立核验范围、审计方或覆盖期间 |
| PCI DSS 4.0 | 支持(合规服务) | 带 OSCP 人工签字的合规渗透测试证据包 | 不是 PCI 批准扫描供应商(ASV);服务为混合模式,并非完全自动化 |
| HIPAA | 支持(合规服务) | 医疗合规渗透测试与证据生成 | 未公开业务伙伴协议模板;临床系统安全性主张未经验证 |
| CMMC 2.0(DoD 供应链) | 通过 NSA CAPT 计划支持 | DIB 供应商合规渗透测试;CMMC Level 2 和 3 评估 | 绑定 CAPT 计划;CMMC Level 3 规则仍在 DoD 规则制定流程中演进 |
认证状态反映截至报告日期的公开披露。SOC 2 Type II 和 NSA CAPT 计划细节仅基于供应商说法;底层审计报告和计划文档未公开,无法独立核验。
[CE007, CE008, CE018, CE019, CE028, CE030]5.4 集成架构与伙伴生态
NodeZero 通过不断扩展的连接器,与企业安全运营基础设施集成。2025 年宣布的旗舰集成把 NodeZero 连接到 ServiceNow Vulnerability Response,将渗透测试发现直接同步到 ServiceNow ITSM 工作流,用于基于风险的修复优先级排序和工单生命周期管理。平台也与 Splunk、Microsoft Sentinel 等 SIEM 和 SOAR 平台集成,让渗透测试发现流入 SOC 告警管线和关联规则。 Vanguard Partner Program 为 MSSP、MSP 和技术转售商提供结构化市场准入,分为 Silver、Gold、Platinum 层级,各自拥有不同的利润结构、交易报备权和联合销售资源。2025 年与云市场和聚合商 Pax8 的合作,把 NodeZero 分销扩展到 Pax8 在北美和国际市场超过 30,000 家 MSP 伙伴网络,意味着渠道覆盖显著超出直销企业客户。 2025 年推出的 NodeZero MCP Server 通过 Model Context Protocol 暴露已验证利用数据,连接进攻性安全情报与 AI 工具生态。它让 AI 安全智能体和基于 LLM 的工具,可以消费来自 NodeZero 发现的实时攻击面上下文。Horizon3.ai 在 GitHub 上保持活跃开发者存在,拥有 41 个或更多公开仓库,包括开源 CVE 概念验证工具,进一步强化了平台在安全研究社区的可信度。[CE014, CE015, CE016, CE017, CE022, CE027]
有向依赖图展示 NodeZero 交付产品、获取情报和进入市场所依赖的关键外部组件、数据源和合作关系。每个节点代表一个依赖类别,边的方向表示依赖性质。
[CE009, CE014, CE015, CE016, CE017, CE029]5.5 路线图、发布历史与增长轨迹
Horizon3.ai 已系统地把 NodeZero 从单一内部渗透测试能力,扩展为覆盖多攻击面的连续安全验证平台。公司在 2021 和 2022 年推出核心内部与外部渗透测试操作,在 2023 和 2024 年加入云基础设施和 Kubernetes 测试,并在 2023 年取得 FedRAMP High 授权。2024 年 11 月 $100 million Series D 融资,为加速企业细分市场增长和全球伙伴扩张提供了资本。 2025 年发布日历包括 NodeZero Tripwires(欺骗技术)、NodeZero Insights(暴露管理)和 NodeZero MCP Server(AI 工具集成),反映出战略从一次性测试转向连续检测和 AI 集成安全工作流。2025 年上半年结果显示 ARR 同比增长 137%,企业细分市场同比扩张 485%。截至 2025 年 9 月,近 4,000 家组织使用 NodeZero,累计执行超过 170,000 次渗透测试。Gartner 在 2025 年 10 月 Adversarial Exposure Validation Voice of the Customer 报告中,将 Horizon3.ai 评为 Customers' Choice。 2026 年,Horizon3.ai 正在推进「Mythos」,这是一项 AI 驱动的攻击路径情报能力,为复杂多跳攻击链提供 LLM 辅助解读。除高层营销描述外,Mythos 以及计划中的 Continuous Attack Surface Management (CAASM) 集成的具体功能里程碑和正式可用日期仍未披露。[CE020, CE021, CE030, CE035, CE038]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 含义 | 来源 |
|---|---|---|---|---|
| 2021–2022 | NodeZero 核心平台(内部渗透测试、外部 ASM);Series B 融资 | 正式发布 | 基础平台成型;初步拿到企业和联邦客户牵引 | 官方 — horizon3.ai 产品页面 |
| 2023 | FedRAMP High 授权(F2209220003);DoD Platform One 可授标;Series C($40M) | 正式发布 | 联邦市场打开;DoD 快速采购路径成型 | 监管 — marketplace.fedramp.gov;官方 — horizon3.ai 新闻稿 |
| 2024 Q4 | Series D($100M);NodeZero Cloud Pentest 扩展(AWS/Azure/GCP);Vanguard Partner Program 放量 | 正式发布 | $1B+ 独角兽估值;云安全扩张;MSP 渠道增长加速 | 官方 — horizon3.ai 新闻稿;新闻 — businesswire.com |
| 2025 H1 | NodeZero Tripwires 正式发布;NodeZero Insights 正式发布;上半年订阅收入扩张 137%;执行 170K+ 次渗透测试 | 正式发布 | 新增欺骗和暴露面管理层;企业客户势头得到证实 | 官方 — horizon3.ai 2025 上半年业绩新闻稿 |
| 2025 H2 | NodeZero MCP Server 上线;Gartner Customers' Choice(AEV 市场);Pax8 MSP 合作 | 正式发布 | AI 工具集成上线;获得分析师认可;MSP 渠道延伸至 30K+ 合作伙伴 | 官方 — horizon3.ai 新闻稿;评测 — gartner.com Peer Insights |
| 2026(计划) | Mythos 攻击路径智能(AI 推理);CAASM 扩展;合规覆盖扩大 | Beta / 路线图 | 下一代 AI 驱动推理;具体里程碑和正式发布日期未公开披露 | 官方 — horizon3.ai 博客和产品公告 |
时间线和里程碑数据来自 Horizon3.ai 官方新闻稿和产品公告。标注 “Beta / 路线图” 的项目仅反映管理层指引;计划 GA 日期无法独立核验。历史 GA 项目得到多个来源印证。
[CE007, CE020, CE021, CE025, CE030, CE038]5.6 技术风险与产品限制
NodeZero 的产品轨迹强劲,但若干与尽调相关的风险和限制值得审视。来自企业客户的 Gartner Peer Insights 评论在实践者层面释放出混合信号:一位保险行业 CISO 给出 4 星评价,认为该工具是合格的「cloud-based security tool」,但提出合规顾虑;一位服务行业 CIO 给出 3 星评价,提到排期问题和测试结果不够直观,说明没有专职进攻安全经验的团队,可能面临可用性和结果解读挑战。这些评论样本有限,但与自主渗透测试输出对非专业用户的内在复杂性相符。 平台所有外部和无代理测试都依赖 H3 Cloud 基础设施,这使其受 Horizon3.ai 云可用性影响;公开资料中没有披露渗透测试 uptime 的 SLA。AI 推理层(Mythos/MCP Server)依赖未披露的 LLM 提供商;若这些提供商更改 API 或定价,会产生集成风险。Horizon3.ai 声称其云运营通过 SOC 2 Type II 审计,但报告未公开,无法独立验证范围。公开来源中没有第三方基准,把 NodeZero 的利用覆盖深度和误报率与 Pentera 等竞争平台对比,限制了企业买家对总拥有成本的客观比较。[CE018, CE032, CE033, CE034]
能力覆盖矩阵展示 NodeZero 六类主要操作中可用的关键平台功能。取值基于官方产品页和技术文档披露的能力;空缺表示公开文档缺失或功能仅部分支持。
[CE001, CE002, CE003, CE004, CE019, CE028]06客户情况
6.1 客户基础分层与垂直行业
截至 2026 年 3 月,Horizon3.ai 的 5,200+ 组织客户基础横跨五个主要垂直行业:DoD / 联邦政府、医疗健康、金融服务、制造 / 关键基础设施,以及 SLED(state、local、education)。联邦客户的公开资料最充分:NSA Cybersecurity Collaboration Center 在 Continuous Adversarial Penetration Testing (CAPT) 项目下使用 NodeZero 保护 Defense Industrial Base 组织;CISA 的 Office of the CISO 利用 NodeZero 进行漏洞评估,并把结果分享给 Federal Civilian Executive Branch 机构;FBI 部署 NodeZero 做自主渗透测试;Centers for Medicare and Medicaid Services (CMS) 用它做医疗合规测试。DoD Platform One 和 Tradewinds Solutions Marketplace 均在 2026 年上半年授予 NodeZero awardable 状态,使其无需完整采购周期即可采购。 企业商业客户范围更广,但几乎全部匿名。Horizon3.ai 在 2026 年 3 月披露,Fortune 10 中有 4 家、以及全球最大银行都是活跃客户。医疗客户包括美国最大的医疗系统(在 30+ 网络分段完成 60+ 次生产测试),以及一家美国领先医院和医疗系统,其 ZeroLogon(CVE-2020-1472)漏洞通过 NodeZero 被发现并修复。金融服务客户包括一家保险和金融公司,NodeZero 在不到 10 分钟内发现其 AWS 环境攻陷;另有一家大型金融机构,一次 14 小时渗透测试发现 586 个关键影响和 3 次完整域管理员攻陷。制造业客户包括一家美国领先制造商,每周运行渗透测试,并消除 94 条攻击路径,其中包括伊朗 tradecraft 情景。 NodeZero 约 70% 的 5,200+ 客户通过 Managed Security Service Providers (MSSPs) 和 Managed Service Providers (MSPs) 交付,渠道因此成为主导 go-to-market。渠道伙伴包括面向企业 MSSP 交付的 NCC Group、Optiv、Thrive、CDW 和 Sentinel Technologies,以及通过 40,000+ MSP 伙伴触达 SMB / 中端市场的 Pax8。直销部分主要覆盖联邦和大型企业客户;GSA、Platform One、Tradewinds 等采购工具便利了直接签约。NodeZero 也在 ServiceNow 集成市场上线,面向采用基于风险修复工作流的客户。 [CU001, CU002, CU003, CU004, CU005, CU006]
| 细分市场 | 具名 / 引用客户 | 主要交付方式 | 估计收入占比 | 证据质量 | 关键缺口 |
|---|---|---|---|---|---|
| DoD / 联邦 | NSA Cybersecurity Collaboration Center(CAPT)、CISA OCIO、FBI、CMS、DoD Platform One(可授标)、Tradewinds (可授标) | 直销 + 选定 MSSP | ~20–25%(估计) | 高 — 新闻稿中有具名公开引用 | 联邦收入拆分未披露;拨款风险未量化 |
| 商业企业(Fortune 500 / Global 2000) | Fortune 10 中 4 家(未具名)、全球最大银行(未具名)、全球制药和半导体制造商(未具名) | 直销 + 企业 MSSP | ~30–35%(估计) | 中 — Fortune 10 已确认;具体公司匿名 | 无收入集中度数据;ACV 区间未披露 |
| 医疗 | 全国最大医疗系统(未具名,60+ 次测试)、通过 Liberman Networks MSSP 服务的美国领先医院(未具名) | 以 MSSP 为主 | ~15–20%(估计) | 中 — 匿名案例研究;有运营细节 | 机构未具名;HIPAA 场景限制披露 |
| 金融服务 | 大型金融机构(未具名,586 个关键影响)、金融 / 保险公司(未具名,AWS 被攻陷)、4+ 家 Fortune 10 银行 | 直销 + MSSP | ~15–20%(估计) | 中 — 匿名案例研究;结果细节较具体 | 机构未具名;收入占比为估计 |
| 制造业 / 关键基础设施 | 美国领先制造商(未具名,每周测试)、核燃料浓缩公司(未具名) | 以 MSSP 为主 | ~5–10%(估计) | 中 — 匿名案例研究;记录了伊朗攻击手法场景 | 机构未具名;细分收入未披露 |
| SLED(州 / 地方 / 教育) | 佛罗里达州 St. Petersburg 市、Moravian University、Regina International Airport、两个未具名学区 | 以 MSSP 为主 | ~5–10%(估计) | 中 — 部分具名;多数结果未量化 | 小客户 ACV;收入影响可能有限 |
| SMB / MSP 交付(Pax8 生态) | 未披露;Pax8 生态有 40,000+ 家 MSP 合作伙伴 | 100% 通过 Pax8 的 MSSP 交付 | ~5%(估计) | 低 — 没有具名 SMB 客户;总数未拆分 | 没有可用的 SMB 专属客户数、流失率或 ACV 数据 |
收入占比估计由分析师根据客户细分质量和渠道组合推断;Horizon3.ai 未披露细分收入。Pax8 MSP 行代表潜在覆盖,而非已确认 ARR。“全球最大银行”可能指多家机构;确切数量未披露。
[CU001, CU002, CU003, CU004, CU005, CU006]七阶段客户旅程从初始认知到拥护推荐,展示 NodeZero 买家如何从监管或入侵事件触发,走到评估、试点、部署、Pentest Wednesday 扩张,最终成为参考客户。联邦和商业路径在采购阶段分叉,但在 Pentest Wednesday 的周期性节奏阶段汇合。
旅程阶段根据案例研究描述和产品文档推断。各阶段之间的转化率未公开披露。联邦路径在采购阶段分叉(政府合同工具 vs. 商业直销)。
[CU001, CU009, CU027, CU035]6.2 具名客户证明与生产案例研究
最强的独立客户证据来自四类:新闻稿公开确认的具名联邦部署、Horizon3.ai 博客记录的匿名企业案例研究、Gartner Peer Insights 评论,以及 MSSP 伙伴案例研究。联邦客户是最可验证层级:NSA Cybersecurity Collaboration Center、CISA OCIO、FBI 和 CMS 都出现在公开新闻稿和情报博客文章中,提供了当前可获得的最高保障第三方验证。NSA 的 CAPT 项目用 NodeZero 代表 DoD 测试 Defense Industrial Base 网络,尤其重要,因为它展示了美国情报界最重视安全实体的信任。 Horizon3.ai 情报博客发布的企业案例研究具备运营深度,但代价是匿名。医疗案例研究记录了美国最大医疗系统把 NodeZero 作为 Continuous Threat Exposure Management (CTEM) 项目的一部分,跨 30+ 网络分段运行 60+ 次测试。第二个医疗案例(通过 Liberman Networks MSSP)记录了一家美国领先医院系统发现并修复 ZeroLogon。制造案例详述了每周 Pentest Wednesday 部署、消除 94 条攻击路径,以及在 M&A 情景中识别出与伊朗相关的 tradecraft 技术。金融服务案例记录了不到 10 分钟发现 AWS 环境攻陷,以及一次 14 小时任务产生 586 个关键影响。这些匿名案例可用于验证运营模式,但不能作为采购中的可引用客户名称。 Gartner Peer Insights 提供最独立的客户声音。截至 2025 年 8 月,NodeZero 有 73 条已发布评论,平均 4.7/5.0 星,90% 表示愿意推荐,并在 2025 年 10 月 Adversarial Exposure Validation Voice of the Customer 报告中获得 Gartner Customers' Choice 区分。不过,2024 年 8 月 21 日发布的一条 3.0 星「CRITICAL」评论提到与伙伴的排期问题,以及测试结果难以解读,这是尽调中识别出的最具体反向客户信号。相较 72 条正面评论(排除 3.0 星评论后平均 4.8+),这条孤立负面评论是低严重度反向信号,但说明 MSSP 交付质量可能不一致。 [CU009, CU010, CU011, CU012, CU013, CU014]
| 客户 | 细分市场 | 部署 / 用例 | 生产 vs. 试点 | 关键结果 / 证据 | 限制 |
|---|---|---|---|---|---|
| NSA Cybersecurity Collaboration Center | DoD / 联邦 | CAPT 计划 — 面向国防工业基础(DIB)组织的自主渗透测试 | 生产 | 具名公开引用;NodeZero 代表 NSA CC 测试 DIB 网络 | 合同范围和规模未披露;DIB 客户数未知 |
| CISA Office of the CISO(OCIO,首席信息安全官办公室) | 联邦 / 文职 | 向联邦文职行政部门机构共享漏洞评估 | 生产 | 具名公开引用;独立第三方政府机构 | 评估频率、规模和 FCEB 触达范围未量化 |
| Federal Bureau of Investigation(FBI,联邦调查局) | 联邦 / 执法 | 对 FBI 网络环境开展自主渗透测试 | 生产 | 联邦用例页面中的具名公开引用 | 无案例研究细节;范围和部署规模未披露 |
| Centers for Medicare and Medicaid Services(CMS,医疗保险与医疗补助服务中心) | 联邦 / 医疗 | 医疗监管要求下的合规测试 | 生产 | 具名公开引用;HIPAA / 医疗监管场景 | 结果未量化;合规证明等级未披露 |
| DoD Platform One(DoD 平台) | DoD | Platform One Solution Marketplace 可授标状态(2026 年 5 月) | 可授标(尚未签约) | 所有 DoD 项目可使用该采购工具;无需另跑采购周期 | 可授标 ≠ 有效合同;未披露已确认的 Platform One 订单 |
| Tradewinds Solutions Marketplace | DoD / 情报界 | IC 采购可授标状态(2026 年 5 月) | 可授标(尚未签约) | 通过 Tradewinds 工具打开 IC 采购入口 | 未披露经 Tradewinds 确认的 IC 合同 |
| Fortune 10 中 4 家(未具名) | 商业企业 | 持续安全验证 | 生产 | 企业客户信号的可信度最高;Fortune 10 公司属于最受安全审查的群体 | 四家公司均未具名;除安全验证外,用例未详述 |
| 全国最大医疗系统(未具名) | 医疗 | CTEM 计划;在 30+ 个网段执行 60+ 次 NodeZero 测试 | 生产 | 最大规模客户已可量化采用 CTEM;已部署持续威胁暴露管理 | 机构未具名;风险降低量化指标未披露 |
| 通过 Liberman Networks 服务的美国领先医院系统(未具名) | 医疗 / MSSP | 发现 ZeroLogon(CVE-2020-1472)并验证修复 | 生产 | ZeroLogon 路径完全攻陷 Active Directory;NodeZero 测试后完成修复 | 机构未具名;第三方 MSSP 案例研究;修复时间线未披露 |
| 美国领先制造商(未具名) | 制造业 | 每周 Pentest Wednesday;M&A 安全验证;ZeroLogon + 伊朗攻击手法测试 | 生产 | 消除 94 条攻击路径;阻断伊朗攻击手法场景;识别 M&A 整合风险 | 机构未具名;收入或规模未披露;M&A 细节保密 |
| 金融和保险公司(未具名) | 金融服务 | 每周 AWS 云渗透测试;持续外部验证 | 生产 | 10 分钟内发现 AWS 环境被攻陷;立即修复 | 组织未具名;资产范围和修复结果未完整披露 |
| 大型金融机构(未具名) | 金融服务 | 14 小时自主渗透测试项目 | 生产环境 | 发现 586 项严重影响;14 小时内攻陷 3 个域管理员账户 | 组织未具名;项目完整范围(IP 段)未披露 |
| St. Petersburg, FL 市政府 | SLED / 市政 | 漏洞评估和网络安全验证 | 生产环境 | 公开具名案例;市政网络安全用例 | 未披露结果指标;市政范围较小 |
| Moravian University | SLED / 高等教育 | 漏洞发现和校园网络安全评估 | 生产环境 | 公开具名案例;高等教育网络测试 | 机构规模较小;未披露指标 |
| Regina International Airport | 交通 / 关键基础设施 | 网络分段和关键基础设施测试 | 生产环境 | 公开具名案例;航空基础设施安全验证 | 无结果指标;机场级网络 |
| 核燃料浓缩公司(未具名) | 关键基础设施 | 受监管核能领域的关键基础设施自主渗透测试 | 生产环境 | 联邦和关键基础设施材料显示,该部署已在生产环境运行 | 组织未具名;核能领域保密要求限制披露 |
已有记录或具名客户 16 家;实际客户基数为 5,200+ 个组织。覆盖仍不完整——大多数客户匿名或未披露。联邦和 SLED 客户最容易通过公开记录核验。企业商业客户 ACV 最高,但独立可验证性最低。
[CU009, CU010, CU011, CU012, CU013, CU014]证据质量矩阵将五个客户垂直领域和四个证据维度的证明强度映射出来。单元格使用从具名 / 量化(最强)到估计 / 缺失(最弱)的定性尺度,反映各垂直领域可用客户证据的质量和具体程度。
Gartner 评论按垂直行业拆分的数据未公开。具名客户数和案例研究归属基于 Horizon3.ai 截至 2026 年 5 月的公开披露。收入加权的证明质量(哪些垂直行业贡献更多 ARR)无法从公开来源判断。
[CU009, CU010, CU011, CU012, CU013, CU016]6.3 客户增长轨迹与采用指标
Horizon3.ai 在 2024–2026 年的客户增长轨迹,是企业网络安全领域最强的一组。公司在 2025 Inc. 5000 美国增长最快私营公司榜单中总排名 #121、网络安全领域 #1,依据是 2021 至 2024 年三年收入增长 2,962%。Deloitte Technology Fast 500 将 Horizon3.ai 评为 2025 年北美 #3(500 家公司中),依据是 19,939% 三年增长——这是该排名中任何网络安全公司获得验证的最高增长率。 客户数进展在多个节点有记录:2025 年上半年结果发布时约 4,000 家组织(2025 年 9 月,反映 ARR 同比增长 137%);Deloitte Fast 500 排名时约 4,500 家(2025 年 11 月);到 2026 年 3 月达到 5,200+(FY2026 结果,反映 ARR 同比增长 102%)。企业细分市场增长尤其显著,截至 2025 年上半年同比增长 485%,说明公司成功向上进入大型客户,超越最初 SMB / 中端市场 MSSP 渠道渗透。到 2026 年 3 月,NodeZero 已执行 225,000+ 次生产环境安全渗透测试,按公司生命周期平均,每家组织约 43 次——这一规模验证的是重复使用,而不只是初次部署。 Fast Company 2026 Most Innovative Companies(企业软件类别)认可,以及连续两年入选 NatSec 100,为产品创新和国家安全市场可信度提供了独立第三方验证。渠道预订达到 2025 年 Q4 预订的 32%,较低基数上升,说明 MSSP / 渠道动作正在加速。102% ARR 增长和截至 2026 年 3 月 125% NDR 的组合,意味着客户队列既在增长也在扩张——每个留存客户队列在后续年份支出约增加 25–31%(125% NDR 减去 94% GDR,意味着留存账户平均扩张率约 31%)。 [CU018, CU019, CU020, CU021, CU022, CU023]
| 期间 / 日期 | 指标 | 数值 | 来源 | 置信度 | 含义 |
|---|---|---|---|---|---|
| 2021–2024(3 年) | 三年收入 CAGR 代理指标(Inc. 5000) | 累计增长 2,962% | Inc. 5000 #121 新闻稿(2025 年 8 月) | 高 | Inc. 5000 网络安全增速第一;按该指标计算是增长最快的网络安全公司 |
| 2021–2024(3 年) | 三年收入增长(Deloitte Fast 500) | 累计增长 19,939% | Deloitte Fast 500 #3 新闻稿(2025 年 11 月) | 高 | #3 北美增长最快科技公司(覆盖所有行业) |
| 2025 年 9 月(2025 上半年业绩) | 全球活跃客户组织数 | ~4,000 | Horizon3.ai 2025 上半年新闻稿 | 高 | 反映上半年强劲增长;隐含同比增长约 117% |
| 2025 年 9 月(2025 上半年业绩) | 2025 上半年中期 ARR 扩张率 | 137% | Horizon3.ai 2025 上半年新闻稿 | 高 | 延续此前增长轨迹并继续加速;仅反映半年口径,并非年化全年增速 |
| 2025 年 9 月(2025 上半年业绩) | 企业细分 ARR 同比增长 | 485% | Horizon3.ai 2025 上半年新闻稿 | 中 | 证实高端市场推进成功;企业客户定义未披露(收入 / 员工数门槛) |
| 2025 年 11 月(Deloitte 报告) | 全球活跃客户组织数(估计) | ~4,500 | Deloitte Fast 500 排名背景(2025 年 11 月) | 中 | 根据 2025 年 9 月(~4,000)至 2026 年 3 月(5,200+)之间的增长轨迹估算 |
| 2026 年 3 月(FY2026) | 全球活跃客户组织数 | 5,200+ | Horizon3.ai FY2026 ARR 增长新闻稿 | 高 | 旗舰客户数;相当于较 2025 年 9 月在六个月内增长 >30% |
| 2026 年 3 月(FY2026) | ARR 同比增长 | 102% | Horizon3.ai FY2026 ARR 增长新闻稿 | 高 | 在相当规模下符合 Rule of 40 特征;显示增速从上半年 137% 放缓,但轨迹可持续 |
| 2026 年 3 月(FY2026) | 累计执行的生产安全渗透测试 | 225,000+ | Horizon3.ai FY2026 ARR 增长新闻稿 | 高 | 客户生命周期内平均约 43 次测试;验证了重复使用模式 |
| 2026 年 3 月(FY2026) | FY2026 Q4 来自渠道的预订额 | 32% | Horizon3.ai FY2026 ARR 增长新闻稿 | 高 | 渠道动作加速;Q4 渠道占比 32%,意味着 MSSP 主导的量在增长 |
所有客户数和 ARR 增长数字均为公司披露且未经审计。企业细分增长(同比 485%)的定义和 ARR 分母未披露。客户数可能包括持有任何有效许可证的组织,包括 MSSP 子账户——尽调应澄清计量单位。
[CU018, CU019, CU020, CU021, CU022, CU023]NodeZero 五阶段客户获取和扩张漏斗,从可寻址企业和联邦机构总范围,到活跃客户和 Pentest Wednesday 周期订阅者。各阶段数值基于可用公司披露和市场估计,代表估计群体规模。
上方漏斗中高于“活跃客户”的所有数值均为分析师估计。NodeZero 披露的 5,200+ 活跃客户数(2026 年 3 月)是唯一已确认数据点。转化率根据市场类比和公司披露指标推断。
[CU022, CU024, CU025, CU031]6.4 留存、客户满意度与扩张动态
证明客户耐久性的最重要定量证据,是 Horizon3.ai 在 FY2026 结果(2026 年 3 月)中披露的 125% Net Dollar Retention (NDR) 和 94% Gross Dollar Retention (GDR)。这些指标由公司陈述、未经审计,但内部一致性值得注意:94% GDR 意味着 6% 总流失(每年完全离开平台的组织),而 GDR 与 NDR 之间 31 个点差(125% - 94% = 31%)意味着留存客户每年平均扩张支出约 33%。按 SaaS 标准,这一 land-and-expand 比率较高,合理反映出 Pentest Wednesday 重复模式把一次性评估转化为年度或月度订阅,再叠加 NodeZero Insights 交叉销售和模块扩张。 Gartner Peer Insights 数据(截至 2025 年 8 月,73 条评论、平均 4.7/5.0、90% 愿意推荐)提供了独立客户满意度证据。2025 年 10 月 Gartner 授予 Customers' Choice 有意义,因为它要求达到最低已验证评论数量和同行推荐门槛,不是纯供应商筛选推荐语能做到的。但对于一个拥有 5,200+ 客户的平台,73 条绝对评论数偏低——已验证评论率不到 1.5%——限制了评分的统计普适性。Gartner Peer Insights 上那条 3.0 星反向评论,是公开记录中唯一识别出的关键客户声音;它提到 MSSP 排期和报告不清晰,而不是产品失败,说明该反向信号与伙伴执行有关,而非平台性能本身。 Pentest Wednesday 的重复节奏是扩张经济的关键结构性驱动。采用 Pentest Wednesday 的客户,从一次性或年度测试购买转向每周连续验证订阅,显著提高每客户 ACV,并形成合同粘性。案例研究证实了这种模式:制造客户每周测试,医疗系统运行 60+ 次测试,金融服务客户每周运行 AWS 渗透测试。该节奏模式类似订阅式安全监控服务,形成的续约动态与项目制渗透测试在结构上不同。 [CU027, CU028, CU029, CU030, CU031, CU032]
| 指标 | 数值 | 期间 / 日期 | 客群 | 置信度 | 尽调追问 |
|---|---|---|---|---|---|
| 净美元留存(NDR / NRR) | 125% | FY2026 (March 2026) | 所有客群合计 | 高 | 要求审计 NDR 计算口径:确认纳入扩张收入、排除新客户,并计入降档。要求按客群拆分(直销 vs. MSSP)。 |
| 总美元留存(GDR / GRR) | 94% | FY2026 (March 2026) | 所有客群合计 | 高 | 6% 总流失率意味着客户退出已不可忽视;要求队列级流失分析,识别高流失客群。要求拆分联邦 vs. 商业客户。 |
| Gartner Peer Insights 评分 | 4.7 / 5.0 星 | 截至 August 2025 | 全部(Gartner 审核买家) | 中 | 73 条评论不到 5,200+ 客户的 1.5%;确认评论样本是否有代表性。要求查看 Gartner 原始评论者数据或方法论。 |
| Gartner Peer Insights 评论数 | 73 条已发布评论 | 截至 August 2025 | Gartner 审核买家 | 中 | 绝对数量相对客户基数偏低。询问 Horizon3.ai 是否主动征集 Gartner 评论——样本可能偏向满意客户。 |
| Gartner 推荐意愿 | 90% | 截至 August 2025 | Gartner 审核买家 | 中 | 90% 推荐率与 4.7/5.0 均分一致。确认指标定义(愿意推荐 vs. 已主动推荐)。 |
| Gartner Customers' Choice(客户选择奖) | Customers' Choice 奖项 | October 2025 | AEV 市场类别 | 高 | 来自独立分析机构的第三方认可;需达到最低评论数和推荐阈值。支撑 Gartner 评分真实性。 |
| Gartner 负面评论(3.0 / 5.0) | 单条严重负面评论,3.0 星 | August 21, 2024 | 未知(单一评论者) | 低(孤立信号) | 评论者提到合作伙伴排期问题,以及「说不通」的测试结果。追问 H3.ai:这是孤立的 MSSP 执行问题,还是系统性合作伙伴质量问题?该评论者是否已流失? |
| 累计生产环境安全渗透测试 | 225,000+ | March 2026 | 全部客户 | 高 | 客户生命周期内平均约 43 次测试;确认每客户重复测试率,以及 Pentest Wednesday 客户的月活跃渗透测试节奏。 |
| Pentest Wednesday 重复测试节奏 | 可每周重复渗透测试 | 2025–2026 | 主要为企业和医疗客户 | 中 | 重复测试节奏是 NDR 扩张的核心;要求披露客户中使用 Pentest Wednesday vs. 按需测试的比例。每周节奏是作为额外 ACV 计费,还是已包含在套餐内? |
NDR 和 GDR 为公司口径(未经审计)。Gartner 评论数和评分截至 Gartner VoC 新闻稿引用的日期(August 2025 快照)。这条 3.0 星负面评论是公开可识别的唯一严重客户声音。所有满意度和留存指标都应在尽调中通过客户访谈独立核验。
[CU027, CU028, CU029, CU030, CU031, CU032]以 Horizon3.ai 披露的 94% 总美元留存率(GDR)作为年留存率,估算客户留存队列。第 0 年代表 100%(队列基准年),第 1 年反映 94% GDR,第 2 年按 GDR 复合计算。实际队列数据未公开;本表是基于公司披露的汇总 GDR 得出的分析估算。
所有数值都是分析估算,来自公司披露的 94% 总美元留存率(FY2026)。实际分队列留存数据尚未公开。截至 2026 年 3 月报告日,FY2025 队列还未进入第 2 年,因此第 2 年按 94% 估算。数值代表按美元加权的留存;按客户数计算的留存可能不同。净美元留存率(125%)包含留存客户的扩张支出,高于这些 GDR 数字。
[CU027, CU028, CU029]6.5 渠道模式、集中度风险与采购动态
Horizon3.ai 以渠道为主导的 go-to-market 模式既是优势,也是集中度风险。截至 2026 年 3 月,约 70% MSSP/MSP 交付率让 NodeZero 触达 SMB 和中端市场客户,这些客户若靠直销服务并不经济;Pax8 合作还提供了 40,000+ MSP 伙伴入口。但 MSSP 集中意味着,如果一个或多个头部 MSSP 伙伴流失、减少 NodeZero 部署转向竞争者,或自身收入下滑,Horizon3.ai 客户基础中相当一部分将面临风险。Gartner 反向评论已经暴露出一个 MSSP 执行摩擦案例(与伙伴相关的排期和报告清晰度问题),说明 MSSP 交付的客户体验并非完全受控。 联邦采购带来另一种集中度风险:整个联邦细分市场依赖 FedRAMP High 授权的连续有效。如果 Horizon3.ai 的 FedRAMP High 授权被暂停、未能重新授权,或竞争者取得同等授权,联邦护城河就会削弱。从 FedRAMP Rev4 向 FedRAMP 3.0 过渡(2025 年启动)构成近期合规升级要求。DoD Platform One 和 Tradewinds Marketplace 的 awardable 状态(均在 2025–2026 年取得)是正面准入信号,但 awardable 状态本身不保证合同流入——联邦机构仍须下订单,而订单受拨款和合同官自由裁量影响。 顶部客户集中度(Fortune 10)既是收入质量信号,也是风险。4 家 Fortune 10 公司作为客户,意味着少数关系可能构成直接 ARR 的不成比例份额。如果任何一家 Fortune 10 客户流失或整合供应商,影响可能重大。同样,全球最大银行类别虽然代表多个客户,但也说明公司依赖一个集中的金融服务收入层级。Horizon3.ai 尚未披露前 10 大客户贡献 ARR 的比例——这是关键尽调缺口,应作为数据室请求。尽调还应确认 5,200+ 客户数代表不同组织,而不是把同一企业的多个子公司重复计数。 [CU035, CU036, CU037, CU038, CU039, CU040]
| 扩张驱动 / 风险因素 | 类型 | 评估影响 | 尽调路径 |
|---|---|---|---|
| ~70% 客户由 MSSP 交付 | 渠道集中风险 | 高 — MSSP 合作伙伴流失或优先级转移可能带走大多数客户;MSSP 对 NodeZero 相比替代方案的忠诚度尚未经过规模化验证 | 按 ARR 贡献梳理前 5 大 MSSP 合作伙伴。评估合同承诺深度(MOU、经销协议、排他性)。将 MSSP NPS 与直客 NPS 分开验证。 |
| Q4 FY2026 渠道签约占 32% | 渠道增长指标 / 动能 | 短期正向;中期 MSSP 依赖上升。渠道签约占比正逼近主导地位。 | 在资料室跟踪直销 vs. 渠道签约拆分。要求提供 FY2024 至 Q4 FY2026 的季度渠道结构趋势。 |
| Fortune 10 中 4 家为活跃客户 | 头部客户集中风险 | 高 — Fortune 10 客户很可能贡献不成比例的直销 ARR;流失一家就可能成为重大收入事件 | 要求前 10 大客户收入集中度表。确认合同期限、续约日期,以及是否有任何 Fortune 10 客户将在 12 个月内续约。 |
| FedRAMP High 授权依赖 | 监管 / 采购集中 | 高 — 所有联邦收入都取决于 FedRAMP High 的连续性;FedRAMP 3.0 升级时间线构成执行风险 | 核验 FedRAMP High 授权到期 / 重新授权时间表。评估 FedRAMP 3.0 准备度。确认是否已为任何待办重新授权聘请 3PAO 评估机构。 |
| 单一产品收入集中(NodeZero) | 产品集中风险 | 中 — NodeZero Insights 和 MCP 服务器仍早期;>90% ARR 可能来自核心 NodeZero 渗透测试平台 | 要求按模块拆分 ARR(NodeZero 核心 vs. Insights vs. 附加模块)。审查 Insights 增速,将其作为多元化领先指标。 |
| Pentest Wednesday 先落地再扩张 | 扩张驱动 / 留存杠杆 | 正向 — 125% NDR - 94% GDR = 留存队列平均约 31% 扩张;重复测试节奏锁定年度订阅升级 | 确认 Pentest Wednesday 相比按需测试的 ACV 溢价。要求队列级 ACV 扩张图(各队列第 1 年 vs. 第 2 年 vs. 第 3 年)。 |
| Platform One / Tradewinds 可授标状态 | 联邦采购扩张驱动 | 中等偏正向 — 可授标状态移除 DoD/IC 买方的采购障碍;实际订单仍需各机构行动和拨款 | 公开跟踪 Platform One 订单流。向 H3.ai 询问 FY2027 管线中是否有已确认的 Platform One 或 Tradewinds 订单。 |
| Pax8 40,000+ MSP 生态合作 | 渠道扩张驱动(SMB / 中端市场) | 正向 — 庞大的 MSP 触达让公司以低 CAC 进入 SMB 安全市场;仍处爬坡早期 | 要求披露 Pax8 来源 ARR 至今规模。确认 Pax8 渠道是增量于现有 MSSP ARR,还是在蚕食直销企业交易。 |
影响评估为分析师推断。MSSP 合作伙伴集中度数据、Fortune 10 收入占比和 FedRAMP 重新授权时间线均未公开,是资料室优先请求。公司披露的「扩张」指标(125% NDR、Pentest Wednesday 节奏)缺少公开的队列级证据。
[CU035, CU036, CU037, CU038, CU039, CU040]6.6 附录
07风险
7.1 监管与法律风险格局
Horizon3.ai 的 NodeZero 平台处在三套相互重叠的监管制度交汇处,任何一套都可能实质影响产品合法性、市场准入或运营成本。近期最关键的第一项风险是 EU AI Act(Regulation 2024/1689):该法于 2024 年 8 月生效,禁止性条款于 2025 年 2 月开始适用。该法定义了四级风险;NodeZero 不太可能落入绝对禁止级别(该级别覆盖社会评分、大规模生物识别监控和剥削性操纵),但如果监管机构认定主动攻击 IT 基础设施的自主 AI 系统会危及关键基础设施或基本权利,NodeZero 可能被归为「高风险」。一旦被归类为高风险,强制合规评估、详尽文档、人类监督要求以及在欧盟公开数据库注册都会随之而来,显著推高合规成本,并拖慢欧洲商业扩张。 第二条风险来自美国出口管制法。Bureau of Industry and Security(BIS)通过 Export Administration Regulations(EAR)监管网络安全物项,具体包括 ECCN 4E001 以及与入侵软件有关的代码。NodeZero 的自主攻击链生成、凭证利用和漏洞串联可能被归类为军民两用的进攻性工具。任何国际分发——包括向非美国客户提供云交付——都必须符合许可要求或许可例外。EAR 下的 Cybersecurity Waiver(ECS)在部分情况下可能适用,但合规负担仍然很重;一旦出错,可能触发每项违规最高 $353,534 的民事罚款或刑事处罚。 第三条风险是 FedRAMP 重新授权。NodeZero Federal 目前持有的 FedRAMP High Authorization 必须通过年度评估、Plan of Action and Milestones(POA&M)管理以及重大变更请求持续维护。一旦 FedRAMP 状态丢失或中断,NodeZero Federal 将立即失去联邦销售资格,估计 50–60% 的收入可能被搁置。DoD 承包商还要满足 CMMC 2.0 合规要求,测试和审计义务进一步增加。Federal Register 记录了出口管制和网络安全项目要求都在持续演进,合规环境变化很快。 [CR001, CR002, CR003, CR004, CR005, CR006]
| 风险 | 管辖区 | 触发事件 | 可能性(1–5) | 影响(1–5) | 关键缓释 |
|---|---|---|---|---|---|
| EU AI Act 将 NodeZero 归为高风险 | EU | EU AI Office 发布指引,将自主攻击 AI 归为高风险 | 3 | 4 | 与 EU AI Office 沟通行业指引;为 EU 客户落地人工监督流程 |
| BIS 出口管制许可证要求 | 美国(EAR) | BIS 发布规则,将自主渗透测试工具归入 ECCN 4E001,且不适用 ECS 豁免 | 2 | 4 | 保留出口管制律师;提交分类申请;为非美国客户落地出口许可证筛查 |
| FedRAMP High 授权失效 | 美国联邦 | 未能在规定窗口内完成年度评估或重大变更审查 | 2 | 5 | 专职 FedRAMP 合规团队;持续监控 POA&M;维护第三方 3PAO 关系 |
| 影响 DoD 客户的 CMMC 2.0 要求变化 | 美国联邦(DoD) | CMMC Level 2+ 评估要求变化或合同时间线改变,压低近期 DoD 需求 | 3 | 3 | 跟踪 CMMC 规则制定;将 NodeZero 定位为 DIB 客户的合规加速器 |
| 覆盖渗透测试数据的州级数据安全法(CPRA、CDPA) | 美国各州 | 州检察长采取执法行动,指称渗透测试发现包含受监管个人数据 | 2 | 3 | 数据最小化政策;DPA 协议;加州和弗吉尼亚隐私法律顾问 |
| ITAR 对源自美国政府的攻击情报的适用性 | 美国联邦 | DoD 主张,源自涉密环境的战术攻击链知识受 ITAR 管制 | 2 | 4 | 严格隔离涉密环境与商业环境;取得关于 ITAR 适用性的法律意见书 |
| EU AI Act 禁止行为分类(操纵) | EU | EU AI Office 将社会工程攻击模块归为 AI Act 第 5 条下的禁止操纵 | 1 | 5 | 从 EU 产品版本移除社会工程模块;取得法律意见 |
| GDPR 对渗透测试遥测的数据传输限制 | EU | 欧洲客户渗透测试数据在美国云中处理,且缺少充分传输机制 | 2 | 3 | EU 客户使用 EU 云区域;标准合同条款;开展 FedRAMP 等效的 EU 审查 |
可能性和影响按 1–5 整数尺度评分(1=最低,5=最高)。估计来自分析师基于公开监管材料和公司已披露姿态的判断,未经公司确认。
[CR001, CR002, CR003, CR004, CR005, CR006]将 22 项已识别风险映射到 4×5 的「发生可能性-影响」网格上。优先级最高的风险集中在高可能性 / 高影响象限:FedRAMP 失效、竞争平台入场、CEO 离任,以及假阴性引发的客户被攻陷责任。
风险优先级:可忽略、低、中等、高、严重。单元格值代表该发生可能性-影响组合下的综合风险优先级。映射到高及以上的风险包括:FedRAMP 失效(L=2,I=5→高)、NodeZero 云端被攻陷(L=2,I=5→高)、平台型在位厂商入场(L=4,I=4→高)、CEO 离任(L=2,I=5→高)、假阴性责任(L=3,I=4→高)、EU AI Act 分类(L=3,I=4→高)。评级来自分析师评估。
[CR003, CR005, CR017, CR025, CR035]7.2 竞争与市场颠覆风险
Horizon3.ai 所在赛道正被大型在位厂商主动切入。Microsoft、CrowdStrike、Palo Alto Networks 和 Tenable 都在自动化安全验证上拥有直接或相邻产品:Microsoft 的 Security Exposure Management、CrowdStrike 的 Falcon 暴露管理模块、Palo Alto 的 XSIAM 平台,都能做连续攻击面管理,并与 NodeZero 的用例部分重叠。虽然目前没有一家达到 NodeZero 深度的全自主渗透测试,但演进方向正在收敛;这些厂商还握有独立供应商难以复制的分发优势,包括既有企业合同、SIEM / EDR 集成和成熟信任关系。 第二梯队是一批资金充足的纯玩家。Pentera(原 Pcysys)已获得大量风险资本支持,以欧洲为基地,拥有 1,000+ 企业客户,直接竞争自动化安全验证。Cobalt.io 位于 PTaaS 细分市场,并已转向 AI 增强测试。XM Cyber、AttackIQ 等公司则竞争 Breach and Attack Simulation(BAS)和 Continuous Threat Exposure Management(CTEM);分析师群体越来越把这些类别视为与独立渗透测试重叠,甚至会取而代之。 Metasploit、Nuclei、OpenVAS 等开源替代方案仍在演进,而且免费。它们需要专家配置和解读,但会设定市场价格底线,限制中端市场定价权。更广泛的 AI 商品化趋势也构成长期风险:通用 LLM 智能体可能越来越能执行漏洞发现,从而削弱任何专用 AI 渗透测试平台的市场防御性。 风投支持的竞争对手 Pentera 客户规模大、欧洲足迹深,再叠加 Cobalt 在托管 PTaaS 中的定位,会同时挤压企业自助服务(NodeZero 的核心)和托管服务两个板块。若出现平台整合场景——例如大型在位厂商收购 Pentera——市场将出现一家资金充足、系统集成度更高、市场进入覆盖远强于 Horizon3.ai 的竞争对手。 [CR010, CR011, CR012, CR013, CR014, CR015]
| 风险 | 类别 | 触发事件 | 可能性 | 影响 | 缓释 |
|---|---|---|---|---|---|
| 平台型巨头加入自主渗透测试功能 | 竞争 | CrowdStrike、Palo Alto 或 Microsoft 发布自主渗透测试能力,并集成进现有 EDR/XDR | 4 | 4 | 加深攻击链 AI;争取与平台领导者集成,而不是纯正面竞争 |
| Pentera 完成大额融资并加速增长 | 竞争 | Pentera 完成 $200M+ 融资,大幅扩大美国联邦业务布局 | 3 | 3 | 加码 FedRAMP 护城河;用深度和覆盖质量区别于广度打法 |
| AI 让漏洞发现商品化 | 技术 / 市场 | 通用 LLM 智能体(GPT-5+)达到 NodeZero 核心漏洞发现能力的 80%+ | 3 | 4 | 投入能模拟对手后渗透和攻击链串联的 AI,而不只做发现;建设自研威胁情报 |
| 开源替代品达到企业可用 | 技术 / 市场 | 获得资助的开源联盟(如 OWASP 支持)发布企业级自主渗透测试平台 | 2 | 3 | 在托管服务、支持、合规报告和 FedRAMP 上竞争——这些是开源难以复制的领域 |
| 客户认知:AI 无法取代人类测试人员 | 市场情绪 | NodeZero 客户发生高关注度入侵,引发「自主 AI 漏掉攻击向量」叙事 | 3 | 4 | 透明沟通漏报;提供「AI + 人工」混合方案;主动沟通客户 |
| 大型科技公司收购直接竞争对手 | M&A | Microsoft 收购 Pentera,或 Tenable 通过收购加入自主渗透测试模块 | 3 | 4 | 在收购完成前加速企业扩张并加深联邦护城河;探索战略合作或退出选项 |
可能性和影响为分析师估计。竞争格局截至 2026-05-18。所有评级都是定性风险评估,不是概率预测。
[CR010, CR011, CR012, CR013, CR014, CR015]7.3 运营、产品与安全风险
Horizon3.ai 面临的最具运营特征的风险是声誉风险:NodeZero 是一个自主 AI 系统,设计目标是在真实生产环境中发现并利用漏洞。如果平台本身被攻破——无论是 Horizon3.ai 云基础设施被入侵、供应链攻击,还是专有攻击链逻辑被外泄——由此得到的利用工具包会立刻具备危险性。平台采用 SaaS 交付,客户凭证、网络拓扑和已发现漏洞都存放在 Horizon3.ai 的云环境中。一旦该环境遭入侵,数千家客户组织的敏感发现都会暴露,形成灾难性的供应链攻击向量。 Dark Reading 于 2026 年 5 月报道,拉丁美洲威胁行为者已经在使用 AI 智能体生成定制化、动态生成的黑客工具,以规避基于签名的检测;这说明更广泛的自主 AI 攻击工具生态正在受控环境之外快速成熟。由此产生双重风险:NodeZero 的能力可能被恶意行为者逆向工程或复制,NodeZero 本身也会成为对手窃取进攻安全知识时更高价值的目标。 漏报同样是重大的产品质量风险。没有任何自动化测试工具能达到 100% 覆盖;NIST SP 800-115 技术指南也承认自动化安全测试的内在局限。如果 NodeZero 把一个网络报告为安全充分,但事实并非如此,且客户随后遭遇入侵,Horizon3.ai 将面临声誉损害和潜在法律责任。若客户只依赖 NodeZero,而不配套人工红队或紫队演练,可能形成不该有的信心。NodeZero 将自己定位为连续保障平台,会放大这种「漏报责任」:客户可能基于其发现削减其他安全投入。 运营规模风险也存在:NodeZero 已运行 130,000+ 次自主渗透测试,规模继续扩大时,要维持平台安全性和准确性,就必须持续投入质量保证、安全利用护栏和准确率提升。 [CR016, CR017, CR018, CR019, CR020, CR021]
| 风险类别 | 描述 | 可能性 | 影响 | 缓释 |
|---|---|---|---|---|
| NodeZero 云基础设施被攻破 | 攻击者攻陷 Horizon3.ai 的 SaaS 环境,窃取客户漏洞发现和攻击链逻辑 | 2 | 5 | SOC 2 Type II;FedRAMP High 控制;对 Horizon3.ai 自身基础设施开展渗透测试;漏洞赏金计划 |
| 漏报导致客户被入侵 | NodeZero 评估报告判定环境安全;客户通过 NodeZero 漏掉的路径遭遇入侵 | 3 | 4 | 透明披露覆盖范围文档;提供「NodeZero + 人工复核」混合方案;在 SLA 中明确范围限制 |
| 恶意内部人将 NodeZero 武器化 | 授权用户将 NodeZero 用于未授权目标,或外泄渗透测试发现 | 2 | 4 | 强制 SSO;审计日志;行为分析;最小权限访问控制;执行服务条款 |
| 平台滥用 / 凭证盗窃 | 攻击者用被盗 API 凭证或 OAuth token,对客户环境启动 NodeZero | 2 | 4 | 硬件 MFA;凭证轮换;IP 允许列表;测试启动模式异常检测 |
| 通过 Docker/OVA 组件发起供应链攻击 | 恶意代码进入分发给客户环境的 NodeZero Docker 镜像或 OVA | 2 | 5 | 代码签名;可复现构建;制品完整性验证;面向联邦客户的私有分发渠道 |
| 高测试量下质量随规模下降 | 渗透测试量达到 130,000+ 后,模型漂移或工具 bug 引入系统性漏报或不安全利用行为 | 3 | 3 | 持续对已知易受攻击环境做基准测试;回归测试流水线;人类红队验证 AI 输出 |
可能性和影响按 1–5 尺度。风险描述反映公开已知的产品架构和 SaaS 网络安全运营风险类型,不代表已确认事件。
[CR016, CR017, CR018, CR019, CR020, CR021]该有向无环图展示一级风险触发因素如何传导到二级、三级影响。联邦收入集中和监管压力是根节点;声誉受损和资不抵债是终端影响节点。
边关系是分析师推断的因果连接。未对边权建模;所有边只代表合理的因果路径,不代表量化概率流。
[CR005, CR017, CR025, CR035, CR036]7.4 人员、执行与财务风险
CEO Snehal Antani 是公司最显眼的资产,也是一项集中风险。他曾任 JSOC(Joint Special Operations Command)CTO、Splunk CTO 和 GE Capital CIO,这让 Horizon3.ai 在国家安全与企业市场拥有独特可信度;他也是最主要的公开发言人、会议主旨演讲嘉宾和品牌化身。如果他因收购、个人原因或竞争对手挖角离开,联邦板块的客户信心和交易流大概率受压;在该板块,个人关系和对使命的信任权重格外高。公开信息中没有可识别的继任计划或联席 CEO 架构。 Antani 之外,公司领导层还包括前特种作战资深人士(工程负责人曾在 NASA 受训,Signal iOS app 的共同开发者),这些领域可信度很难复制。网络安全人才市场仍然高度竞争;联邦业务需要的持证人员和进攻安全专家供给有限,招聘受约束。进攻安全岗位的倦怠率高于平均水平,Glassdoor 式员工评价也显示,高增长网络安全创业公司即便使命感强,仍会面临留人挑战。 财务上,公司估计 50–60% 的联邦板块收入依赖形成结构性预算风险。联邦网络安全支出受国会拨款不确定性、持续决议以及机构层面的预算优先级重排影响。DHS、DoD 或情报界网络安全项目若遭遇重大削减,或持续决议拖延过久,都可能推迟采购订单并降低续约率。较长的企业销售周期会进一步放大这一点:联邦平均销售周期为 6–18 个月,导致收入确认呈块状波动。 5,200+ 个报告客户在一定程度上缓解了客户集中风险;但如果少数大型联邦合同贡献了不成比例的 ARR(联邦优先网络安全供应商常见模式),任何一个大客户流失都可能构成重大影响。公司没有披露 ARR,真实集中度画像仍不透明。 [CR023, CR024, CR025, CR026, CR027, CR028]
| 风险 | 关键人物 / 团队 | 触发事件 | 可能性 | 影响 | 缓释 |
|---|---|---|---|---|---|
| CEO 离任 | Snehal Antani | 因收购、个人原因或竞争对手挖角报价离任 | 2 | 5 | 董事会层面的继任计划;高管团队分担关键客户关系;投资人监督交接 |
| 联邦关系集中 | Snehal Antani + 联邦销售团队 | 前三大联邦客户经理流失,或 Antani 带走关键联邦关系 | 2 | 4 | 在团队内系统分散关系;由 CRO 牵头联邦客户管理;合同层面设置连续性条款 |
| 持有安全许可的人才流失 | 工程 / 攻击安全团队 | 关键持证工程师被 NSA、DoD 承包商或大型科技公司挖走 | 3 | 3 | 有竞争力的股权;使命驱动文化;安全许可赞助管线;内部职业发展 |
| 文化规模化风险 | 全体员工 | 公司从约 200 人扩到 500+ 人,失去创业公司敏捷性或使命一致性 | 3 | 3 | CPO 牵头文化举措;留住受股权激励的早期员工;刷新 ESOP |
| AI 团队关键人物技术集中 | 工程负责人(Chris Corbett) | 主要 AI/ML 架构负责人离任 | 2 | 4 | 跨职能知识转移;架构文档化;副工程负责人继任安排 |
可能性和影响按 1–5 尺度。领导层信息来自 Horizon3.ai 已发布团队页面(访问于 2026-05-18)。
[CR023, CR024, CR025, CR026, CR027]7.5 技术与基础设施风险
NodeZero 架构采用 SaaS 交付,并依赖云基础设施(AWS 和 / 或 Azure)承载编排层;内部渗透测试则从客户本地的 Docker 容器或 OVA 实例运行。云依赖带来可用性风险:如果影响 NodeZero 编排的云供应商发生持续宕机或安全事件,所有受影响客户的连续评估工作流都会中断。对有 RTO 要求的联邦客户来说,这可能触发 SLA 违约。 更隐蔽的技术风险是攻击链构建中的 AI 幻觉。NodeZero 自主生成并串联 exploit;如果底层 AI 模型产出错误的利用顺序——推荐一条实际跑不通的漏洞链——会出现两种故障模式:(1)真实漏洞没有被利用到,从而漏报;(2)误报被升级,导致不必要的 incident response。随着 NodeZero 的「Mythos」框架和其他 AI 驱动的攻击路径推理组件演进,如果没有稳健验证层,自信但错误的 AI 输出风险会升高。 云依赖还带来供应商锁定风险:把 NodeZero 基于云的攻击编排迁移到另一家云供应商并不简单。如果 AWS 或 Azure 调整价格、终止服务条款,或因监管行动被要求在特定司法辖区做数据本地化,Horizon3.ai 可能面临高成本基础设施迁移。github.com/horizon3ai 上的 GitHub 仓库托管了开源组件;如果任何依赖被攻破,也会引入供应链风险。 CISA Known Exploited Vulnerabilities(KEV)目录和 NIST NVD(250,000+ CVE)构成 NodeZero 用来理解漏洞语境的数据底座。如果 CISA 或 NIST 削减经费、限制 API 访问,或大幅改变数据格式,NodeZero 的情报层会退化。更广泛地看,NodeZero 自主决策质量取决于外部威胁情报数据源的准确性,而这项依赖并不完全在 Horizon3.ai 控制之内。 [CR030, CR031, CR032, CR033, CR034]
该依赖图展示 NodeZero 对外部监管机构、云厂商、数据源和合规框架的依赖。任一节点失效或受限,都会向上传导到平台可用性或合法性。
依赖方向表示「依赖于」关系(边从被依赖项指向依赖方)。未量化依赖强度;所有列出的依赖对平台运营或商业合法性都具有实质影响。
[CR003, CR004, CR005, CR030, CR031, CR033]7.6 缓释框架与终止标准
Horizon3.ai 已在多个风险类别上建立了有意义的结构性缓释。FedRAMP High authorization 是商业云授权中要求最高的级别,构成联邦板块的重要合规护城河;获得并维持 FedRAMP High 通常需要 18–24 个月,竞争对手很难快速复制。公司法务团队(Chief Legal Officer Jill Passalacqua,曾任职 FireEye 和 JumpCloud)具备监管导航的机构经验。2024 年 11 月的 $100M Series D 提供了约 2–3 年资金续航,可继续投入合规、产品加固以及法律 / 监管沟通。 对人员风险,关键缓释是建立分布式领导梯队。当前团队包括 CFO Holly Grey、CRO Matt Hartley、CMO Andres Botero 和 CLO Jill Passalacqua,都具备深厚企业和安全经验。如果 Antani 离开,机构知识足以维持业务连续性,但联邦板块面向客户的关系需要主动安抚。更正式的继任计划,以及董事会层面对该风险的所有权,可以降低剩余暴露。 对竞争风险,主要缓释不是横向扩展表层功能,而是持续加深攻击链 AI;要领先在位厂商,公司需要投资进攻安全研究能力(漏洞研究、新 exploit 模块、后利用技术),而不是去追平它们的市场进入广度。公司的 81 篇「Attack Blogs」和 30 项漏洞披露体现了这套飞轮。 终止标准——即需要从根本上重估战略的条件——包括:(1)失去 FedRAMP High authorization,且 12 个月内没有可信恢复路径;(2)联邦板块收入低于总收入 30%(说明需要重新定位市场),或联邦板块收入低于上一年 40%(说明出现预算危机);(3)NodeZero 云基础设施发生重大安全入侵,并确认客户数据暴露;(4)美国或欧盟监管明确禁止自主 AI 进攻安全工具,或施加高到难以承受的限制;(5)一家市场进入能力 10 倍于 Horizon3.ai 的平台型在位厂商以显著溢价收购直接同行。 [CR035, CR036, CR037, CR038, CR039, CR040]
| 风险领域 | 已有主要缓释 | 终止标准(需要重置战略) | 领先指标 | 监控频率 |
|---|---|---|---|---|
| 监管 / 法律 | FedRAMP High 授权;具企业网络安全背景的 CLO;出口管制律师 | 美国或 EU 明确监管禁止自主攻击性 AI 工具,或 FedRAMP High 失效 > 6 个月 | FedRAMP 授权状态;AI 攻击性工具监管案卷跟踪 | 每月 |
| 联邦收入集中 | 5,200+ 客户多元化;通过渠道合作伙伴扩张商业客户 | 联邦收入低于总收入 30%,或同比下滑 > 40% | 联邦收入占比 %;联邦部门续约率 | 每季度 |
| 安全入侵 | SOC 2 Type II;FedRAMP High 控制;SSO;审计日志 | NodeZero 云基础设施发生重大入侵,并确认客户数据暴露 | 事件检测率;遏制耗时指标;自身基础设施渗透测试结果 | 持续 |
| 竞争替代 | FedRAMP 护城河;攻击链深度;联邦关系;130,000+ 次渗透测试经验基础 | 平台型现有厂商(CrowdStrike、Palo Alto、MSFT)为同等产品取得 FedRAMP High,并拥有 2× 分发能力 | 竞争交易胜率;分析师定位;相对替代方案的客户 NPS | 每季度 |
| CEO 关键人物 | 分散化高管团队;股权一致的领导团队;文档化客户关系 | CEO 离任且没有董事会批准的继任计划 | CEO 继任准备度评分(董事会内部);高管梯队厚度评估 | 每半年 |
终止标准由分析师定义,代表需要重新评估基本战略的条件。这些不是公司披露政策。
[CR035, CR036, CR037, CR038, CR039, CR040]7.7 附录
08估值
8.1 投资概览与建议
Horizon3.ai 于 2024 年 11 月完成 $100 million 的 Series D 融资,隐含投后估值约 $1 billion;结合已披露的 Series C 和 Series D,公司已确认融资总额达到 $140 million。公司销售 NodeZero,这是一款自主渗透测试平台,可在企业环境内部持续发现并证明可利用攻击路径,不需要每个项目都配备人工红队操作员。客户包括联邦机构、医疗系统和中端企业;公司报告拥有 5,200+ 个客户关系,并已执行 225,000+ 次安全渗透测试。 投资逻辑建立在四个支柱上:(1)市场规模大且结构性渗透不足——不到 10% 的企业每年做超过一次渗透测试——并以 14–22% CAGR 增长;(2)FedRAMP High authorization 获取耗时 18–36 个月,多数竞争对手难以快速复制;(3)通过「Pentest Wednesday」订阅节奏体现出的强净收入留存和平台黏性;(4)CrowdStrike、Palo Alto Networks 和 Tenable 都在活跃并购,退出环境有利。 条件性建议为「TRACK → 验证后 BUY」。主要信息缺口是缺少独立审计的 ARR、NRR 和毛利率数据。入场纪律要求:基于已验证 ARR 的倍数不高于 15×。若投资人能在 pre-IPO 或二级市场拿到经确认的财务数据,应把多重压缩风险计入价格,尤其是在 ARR 低于 $80M 基准情景时。 [CV001, CV002, CV003, CV040, CV007, CV016]
| 维度 | 评估 | 置信度 | 含义 |
|---|---|---|---|
| 总体建议 | 有条件 — 观察;ARR 经验证后转为买入 | 中 | 没有财务资料室,不要在 $1B 估值领投 |
| 风险评级 | 高 | 中 | 联邦收入集中、ARR 未审计、竞争强度高 |
| 估值立场 | 在 $1B 估值下合理至略高;若 ARR ≥$80M 且 NRR >110%,则可支撑 | 低-中 | 入场纪律:目标 ≤15× 已验证 ARR |
| 目标回报(基准) | $1B 入场时为 0–1.5×;若谈到 $600–700M 入场,为 3–5× | 低 | 回报对入场价格敏感,而不是对公司质量敏感 |
| 持有 / 退出周期 | 距 IPO 准备就绪或 M&A 还有 24–36 个月;退出窗口为 2027–2028 | 低 | FY2027 IPO,或战略出售给 CrowdStrike / Palo Alto / Tenable |
所有评估均基于公开信息和估计财务数据。数据室里的已验证财务数据会显著改变置信度。
[CV001, CV002, CV004, CV036]一棵决策树,将关键尽调关口——ARR 验证、NRR 确认、FedRAMP 护城河和入场倍数——映射到四种建议结果:BUY(高确信度)、CONDITIONAL(争取折价)、TRACK(数据不足)或 PASS(估值过高或投资逻辑破裂)。
决策阈值(≥$80M ARR、>110% NRR、≤15× ARR)由可比公司分析推导,代表作者的尽调标准,不是确定性的投资准则。
[CV004, CV005, CV006, CV036, CV015, CV029]Horizon3.ai 投资案例的关键业绩与估值指标,结合了已确认的公开数据和分析师估算。未经验证的数字已在注释中标出。
多数财务数字来自公司说法或分析师估算。Horizon3.ai 是私营公司,独立审计数据未公开。
[CV001, CV002, CV003, CV007, CV016, CV026]8.2 可比估值分析
Horizon3.ai 的上市公司可比对象跨度很宽,反映出网络安全 SaaS 内部增长画像差异很大。一端是 Rapid7 这类成熟平台,交易约为过去 ARR 的 1.9–2.1×,对应中个位数收入增长和竞争替代风险。另一端是 CrowdStrike、SentinelOne 这类高增长平台,凭借平台广度、120% 以上净收入留存和持久竞争护城河,拿到 17–20× ARR 倍数。Tenable 和 Qualys 位于中间区间,约为 3.6–5.4× ARR。 Horizon3.ai 的 $1 billion 估值对应的 EV/ARR 倍数取决于未经验证的 ARR:$30M ARR 时为 33×,$50M 时为 20×,$80M 时为 12.5×,$100M 时为 10×。公司声称自 2020 年以来收入增长 24×,FedRAMP 护城河也支持增长溢价,但缺少审计财务数据让比较本身存在不确定性。若按 12–15× ARR 倍数——适用于增长 30–50%+ 且留存强的公司——要支撑 $1B 估值,ARR 需要达到 $67–83M。CB Insights 资料和 Craft.co 数据确认了 Series D,但没有给出独立 ARR 验证。 公开可比公司的列举有意限制在最直接相关的网络安全平台。若采用更广义的软件 SaaS 倍数(2026 年中位增长 SaaS 的 ARR 倍数为 8–12×),除非增长率和留存足以支撑,否则当前估值处在高端。 [CV004, CV005, CV006, CV008, CV009, CV010]
| 可比公司 | 类型 | ARR(估计,2026) | EV / ARR(约) | 增长画像 | 相关性 | 局限 |
|---|---|---|---|---|---|---|
| Tenable (TENB) | 上市网络安全 SaaS | ~$900M | ~5.4× | 中个位数;成熟 | 与漏洞管理重叠;最大纯粹可比公司 | 增长率成熟;没有自主渗透测试业务 |
| Qualys (QLYS) | 上市网络安全 SaaS | ~$550M | ~3.6× | 中个位数;成熟 | 与云安全和合规重叠 | 客户画像不同;没有联邦 FedRAMP 护城河 |
| Rapid7 (RPD) | 上市网络安全 SaaS | ~$780M | ~1.9× | 下滑 / 稳定;竞争压力 | 渗透测试工具(Metasploit)和 InsightVM 重叠 | 正接受战略评估;存在估值倍数压缩风险 |
| SentinelOne (S) | 上市网络安全 SaaS | ~$900M | ~17× | ARR 增长 45%+ | 高增长网络安全公司;NRR 强;AI 原生叙事 | XDR/EDR,而非渗透测试;买方不同 |
| CrowdStrike (CRWD) | 上市网络安全 SaaS | ~$4B | ~20× | ARR 增长 30%+;平台扩张 | 直接扩张到暴露面管理和渗透测试验证 | 平台宽度支撑溢价;Horizon3.ai 规模小得多 |
| Pentera(私有) | 私有直接竞争对手 | 约 $100M(估计) | N/A(私有) | 快速增长,据报道 $100M | 最直接的自主安全验证可比公司 | ARR 未验证;无公开倍数 |
EV/ARR 倍数为近似值,来自 2026 年 Q1 的公开市场数据,受市场波动影响。Pentera ARR 为第三方报道且未经审计。Horizon3.ai ARR 未验证。
[CV008, CV009, CV010, CV011, CV012, CV013]该柱状图比较在 $1B 估值下、五个假设 ARR 水平($30M–$100M)对应的 Horizon3.ai 隐含 EV/ARR 倍数,以及上市网络安全 SaaS 可比公司的观测 EV/ARR 倍数,显示估值支撑对未经验证的 ARR 数字有多敏感。
Horizon3.ai 的 ARR 未经验证;所有 H3.ai 柱仅作示意。上市可比公司的 EV/ARR 倍数为截至 2026 年 Q1 的近似值,基于公开文件和市场数据。
[CV004, CV005, CV006, CV008, CV010, CV011]8.3 牛市 / 基准 / 熊市情景分析
三个离散情景刻画了 Horizon3.ai 投资人的概率加权结果区间。牛市情景假设企业采用加速,动力来自 FedRAMP 授权扩张、NRR 高于 120%,以及平台成功延伸到暴露管理(NodeZero Insights)。在牛市假设下,ARR 到 2027 年末达到 $150M,20× ARR 倍数对应 $2.5–3.5 billion 估值,相当于 Series D 价格上的 2.5–3.5× 回报。 基准情景以公司自己发布的 2024 年 ARR 增长 102% 为锚,并对 2026 年以前的年度增长做温和减速,降至 50%。这样得到 2025 年底 $80M ARR、2026 年底 $120M ARR。按与高增长网络安全 SaaS 一致的 15× 倍数,基准估值为 $1.0–1.5 billion,基本与 Series D 入场价持平;这意味着在 $1B 标记入场的投资人是在为成功执行付费,并没有内嵌折扣。 熊市情景假设来自 Pentera 的竞争加剧(据称其目标客户画像相同)、AI 推动漏洞枚举商品化,以及联邦预算逆风。在熊市假设下,ARR 增长降至 20–30%,ARR 到 2025 年底达到 $50M,倍数压缩至 8–10×,估值为 $400–600 million,较 Series D 损失 40–60%。如果 CrowdStrike 的安全验证扩张或 Microsoft Security Copilot 在 Horizon3.ai 达到 $100M+ ARR 和 IPO 准备度之前实质侵蚀其差异化,熊市情景就具备现实可能。 [CV020, CV021, CV022, CV007, CV017, CV018]
| 情景 | 关键假设 | ARR 估计 | 估值区间(百万美元) | 概率信号 | 主要风险 |
|---|---|---|---|---|---|
| 乐观(2027) | ARR 增速提升至 60%+;NRR >120%;平台扩展到暴露面管理;FedRAMP 护城河守住 | 2027 年底 $150M | $2,500–$3,500 | 低-中:需要持续超高速增长 | IPO 窗口关闭会压缩估值倍数 |
| 基准(2026) | Series D 后 ARR 增速降至 40–50%;NRR 105–115%;未出现重大竞争替代 | 2026 年底 $80–100M | $1,000–$1,500 | 中:与 2024 年 ARR 增长 102% 的新闻稿一致 | 以 $1B 入场安全边际极薄 |
| 悲观(2025–2026) | ARR 增速降至 20–30%;Pentera 赢下企业正面对比;联邦预算形成逆风 | 2026 年底 $40–55M | $400–$600 | 低-中:若 CrowdStrike 激进扩张,情景成立 | 鉴于优先股压力,普通股可能全部损失 |
ARR 估计来自公司宣称的 2024 年 102% 增长和分析师判断。估值区间采用 EV/ARR 倍数:乐观 17–23×、基准 12–15×、悲观 8–11×,与可比公司组一致。
[CV020, CV021, CV022, CV007, CV017, CV029]该区间图展示 Horizon3.ai 在乐观、基准、悲观三种情景下的低位、基准和高位估值结果。数值反映情景分析章节中的 ARR 假设和 EV/ARR 倍数。
所有数值均为估算。ARR 数字要么来自未经验证的公司说法,要么由分析师推断。倍数来自可比公司组分析。Series D 入场价格约为 $1B(投后)。
[CV020, CV021, CV022, CV035]8.4 投资正论与反论
Horizon3.ai 的牛市论点建立在结构性市场顺风、可防守的监管护城河,以及早期平台黏性证据之上。渗透测试市场预计 2025 年达到 $2B+,CAGR 为 14–15%;自主 PTaaS 子赛道据报 CAGR 为 22.6%。企业按季度或按月运行自主渗透测试,产生的订阅收入质量明显优于传统渗透测试公司的项目制收入。FedRAMP High authorization 在联邦板块形成独特卖点——NodeZero 在 Department of Defense 的 Platform One marketplace 中竞争——并需要 18–36 个月合规投入,竞争对手无法走捷径。Gartner Peer Insights 用户评价确认了满意度,公司还在 2025 年 10 月 Adversarial Exposure Validation Voice of the Customer 报告中被评为「Customers' Choice」,这是有意义的第三方质量信号。 反论建立在三项结构性风险上。第一,ARR 和 NRR 数据由公司自报且未经审计;所有公开来源都缺少独立验证。第二,Pentera 作为最直接的自主安全验证竞争对手,通过强调连续验证能力,明确把 NodeZero 定位为旧式方案;据称 Pentera 拥有约 1,200 家企业客户和约 $100M ARR,说明 Horizon3.ai 并非处在无人挑战的市场位置。第三,CrowdStrike 的 Exposure Management 扩张和 Microsoft Security Copilot 代表资金雄厚的在位厂商威胁。只要其中任一家实现可比的自主渗透测试能力,独立平台可获取的溢价空间就会大幅收缩。联邦预算集中是一把双刃剑:政府板块验证产品质量并推动 ARR,但多年期合同续约若未兑现,可能导致 ARR 阶梯式下滑。 [CV013, CV014, CV015, CV016, CV017, CV018]
| 维度 | 投资逻辑论据 | 反向逻辑论据 | 哪些证据会改变判断 |
|---|---|---|---|
| 市场 | PTaaS 以 22.6% CAGR 增长;每季度做渗透测试的企业不到 10% | 市场小于宣称规模;传统 MSSP 能以更低成本复刻价值 | Gartner 或 IDC 第三方验证 2028 年 TAM 达到 $3B+ |
| 产品 / 护城河 | FedRAMP High 授权需要 18–36 个月;竞争对手无法抄近路 | Pentera 也在推进授权;CrowdStrike 可借现有 FedRAMP 资质切入 | Pentera 在 18 个月内拿到 FedRAMP High |
| 财务 | 公司称 2024 年 ARR 增长 102%,较 2020 年增长 24×;订阅模式粘性强 | ARR 和 NRR 未经审计;没有第三方验证;激烈竞争可能压低 NRR | 审计财务确认 ARR ≥$80M、NRR >110% |
| 客户 | 5,200+ 客户,覆盖 DoD、医疗和企业;入选 2025 Gartner Customers' Choice | 客户数包含 SMB;企业 ARR 集中度可能高;流失率未验证 | 数据室提供按细分市场划分的客户队列 NRR 数据 |
| 竞争 | 其他厂商尚未同时具备自主渗透测试、FedRAMP High 和持续验证 | Pentera ARR 约 $100M、约 1,200 客户;CrowdStrike 正激进扩张暴露面管理 | 证明 H3.ai 在与 Pentera 的正面对比评估中持续胜出的证据 |
论据基于公开证据和分析师推断。反向逻辑并不构成对所引竞争对手指标的独立验证。
[CV013, CV014, CV015, CV017, CV018, CV026]8.5 论点失效与终止触发器
论点失效触发器是可观察、带时间约束的事件或数据点;一旦确认,建议应从 TRACK 调整为 PASS 或 EXIT。五个最重要的触发器是:(1)降价融资,或二级市场标记低于 Series D 价格 20% 以上,表明投资人信心流失;(2)单个续约周期内失去三个或更多具名联邦合同,说明仅靠 FedRAMP authorization 不足以留住客户;(3)净收入留存跌破 100%,意味着扩张收入已无法覆盖流失,订阅模型承压;(4)直接竞争对手——尤其是 Pentera 或 CrowdStrike 收购标的——获得 FedRAMP High authorization,消除主要监管护城河;(5)IPO 招股书或二级市场尽调披露 ARR 低于 $50M,使当前 $1B 估值超过 20× ARR 且增长减速,这种画像应立即重新谈价。 次级预警信号包括:创始 CEO 离任且没有可信继任计划;按当前增长声明,公司在 Series D 后 24 个月内未达到 $150M ARR;以及随着扩员服务企业客户,出现实质性利润率侵蚀证据。 [CV031, CV025, CV015, CV027, CV029]
| 触发器 | 可观察阈值 | 对投资逻辑的传导 | 行动含义 |
|---|---|---|---|
| 降价融资或老股估值标记 | 二级市场估值 <$800M(较 Series D 低 >20%) | 投资者信心信号;FMV 低于入场价 | 退出或避免入场;仅在估值重置后重新评估 |
| 联邦合同流失 | 单个周期内 ≥3 个具名 DoD 或联邦机构不续约 | FedRAMP 护城河未能驱动留存;政府 TAM 收缩 | 降低仓位;要求商业客户抵消的证据 |
| NRR 跌破 100% | 连续两个季度验证 NRR <100% | 订阅模式失效;流失超过扩张 | 退出;ARR 下滑使模型切到更低倍数 |
| 竞争对手拿到 FedRAMP High | Pentera 或 CrowdStrike 获得 FedRAMP High 授权 | 主要监管护城河被抹平;政府定价压力开始 | 下调至放弃;观察 2 个季度 ARR 影响 |
| 披露时 ARR 低于 $50M | IPO 招股书或二级市场 DD 显示 ARR <$50M | 增长放缓时隐含 EV/ARR >20×;高估得到确认 | 坚决放弃;需降价 >30% 才重新评估 |
所有可观察阈值均为指示性判断,来自可比分析和作者判断;不构成确定性投资政策。投资逻辑破裂触发器需要持续监控。
[CV031, CV015, CV027, CV029, CV034]8.6 最终尽调清单
在以 Series D 估值或更高价格投入资本之前,投资人应取得以下证据。财务验证是最高优先级:过去十二个月 ARR、按客户群组切分的年合同价值(ACV)增长、按联邦与商业客户分段的净收入留存,以及包含基础设施和支持成本的毛利率。没有这些数据,隐含 EV/ARR 倍数无法可靠计算,情景概率也只能是推测。 股权结构表和优先权结构是第二个关键问题:总清算优先权相对于上一轮投后估值的比例、投资人反稀释条款,以及是否存在任何 1× 或更高的参与型优先股。沉重的优先权悬置可能让普通股在熊市估值下实质出局。 第三,联邦合同可见度:多年期合同续约日期表、前十大联邦客户的总合同价值(TCV),以及 FedRAMP authorization 续期和扩展的当前状态。第四,竞争替换证据:相对 Pentera、SentinelOne Singularity 和 CrowdStrike 暴露管理产品的赢单 / 输单率,尤其是在 10,000 个终端以上的企业账户中。最后,产品路线图和知识产权防御性:关键专利审查、NodeZero Insights 扩展时间表,以及 AI exploit 生成引擎相对开源和 LLM 替代方案仍保持性能优势的证据。 [CV032, CV023, CV033]
| 主题 | 缺失证据 | 重要性 | 尽调路径 / 负责人 |
|---|---|---|---|
| ARR 与 ARR 增长 | 经验证的过去十二个月 ARR,以及按队列划分的季度增长 | 没有这项数据无法计算 EV/ARR 倍数;12–33× 区间过宽 | 数据室;投资者关系或 Series D 领投方(Craft Ventures) |
| 净收入留存率 | 按细分市场(联邦 vs. 商业)划分的 NRR;总流失率和净流失率 | NRR >110% 支撑溢价倍数;低于 100% 触发否决 | 数据室;CFO 访谈 |
| 毛利率 | GAAP 毛利率,包括托管、支持和 AI 推理成本 | 高毛利 SaaS(>70%)支撑 15×+ 倍数;低于 60% 会压缩倍数 | 数据室;如有,获取独立财务审计 |
| 股权结构表与优先权 | 完整股权结构表、清算瀑布、反稀释条款、优先股堆叠 | 若优先股堆叠较高,悲观情景下股权价值可能接近零 | 法务尽调;Series D 条款清单及此前轮次文件 |
| 联邦合同排期 | 前 10 大联邦客户的续约日期、TCV 和合同载体 | 少数合同集中会形成单一事件风险 | 客户尽调;在 FPDS.gov 搜索合同授予记录 |
| 对 Pentera 的输赢情况 | 正面对比评估胜率、输单原因、价格差异 | 验证或推翻企业市场的竞争护城河逻辑 | 与 3–5 家同时评估两者的企业潜客访谈 |
尽调主题和缺失证据项根据成长期私有 SaaS 公司标准投前尽调实践推断;本分析未获得数据室访问权限。
[CV032, CV004, CV005, CV006, CV013, CV023]8.7 附录
免责声明
本报告是由 AI 辅助研究流程生成的尽调研究材料。 所有财务估算均基于公开可得信息,可能无法反映公司实际财务状况。 报告已列明来源,且来源受各章节注明的访问日期约束。 本报告不构成投资建议。读者在作出任何投资决定前,应独立开展尽职调查。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Horizon3.ai was founded in 2019 in San Francisco, California, by veterans of US Special Operations Command and the US National Security community. | 高 | SO002, SO024 |
| CO002 | Horizon3.ai is headquartered in San Francisco, California, with additional offices in Chicago, Illinois, and Amsterdam, Netherlands. | 高 | SO002, SO024 |
| CO003 | Horizon3.ai operates as a remote-first company with hybrid and globally distributed team members. | 中 | SO002, SO024 |
| CO004 | NodeZero is a fully autonomous penetration testing SaaS platform that requires no persistent agents, no pre-provided credentials, and can be deployed in minutes in live production environments. | 高 | SO001, SO003 |
| CO005 | NodeZero has safely executed more than 225,000 autonomous pentests in production environments as of Q1-Q2 2026. | 高 | SO001, SO003 |
| CO006 | Horizon3.ai has 5,200+ customer organizations globally, spanning enterprise, federal, mid-market, MSSP, and healthcare segments. | 高 | SO001, SO002 |
| CO007 | More than one-third of Fortune 10 companies are confirmed Horizon3.ai customers as of 2026. | 高 | SO001, SO002 |
| CO008 | Horizon3.ai develops all products in the United States and explicitly positions itself as '100% made in USA' across marketing and government procurement materials. | 高 | SO002, SO024 |
| CO009 | Snehal Antani is a co-founder and the CEO of Horizon3.ai; he previously served as CTO of the Joint Special Operations Command (JSOC), CTO of US Special Operations Command (SOCOM), CTO of Splunk, and CIO of GE Capital. | 高 | SO002, SO004 |
| CO010 | CEO Snehal Antani holds 18 US patents primarily spanning network security, data analytics, and distributed systems. | 高 | SO002, SO024 |
| CO011 | Rishi Dhasmana serves as Chief Technology Officer of Horizon3.ai and is a technical co-founder responsible for NodeZero platform architecture and engineering. | 高 | SO002, SO007 |
| CO012 | Holly Grey serves as Horizon3.ai's Chief Financial Officer with over 30 years of financial leadership experience, including background in guiding companies through IPO processes. | 中 | SO002, SO007 |
| CO013 | Matt Hartley serves as Horizon3.ai's Chief Revenue Officer. | 中 | SO002 |
| CO014 | Andres Botero was appointed Chief Marketing Officer on January 7, 2026, with prior experience at Rubrik, BlackLine, and CallidusCloud. | 高 | SO007, SO010 |
| CO015 | Jill Passalacqua serves as Chief Legal Officer at Horizon3.ai with expertise in government contracting and enterprise software IP. | 中 | SO002 |
| CO016 | VP Engineering Chris Corbett previously co-developed the Signal iOS application, conducted research at NASA, and holds a PhD in Computational Physics. | 高 | SO002, SO024 |
| CO017 | VP Product Erick Dean previously held product leadership roles at PagerDuty, Splunk, and C3.ai and holds 6 US patents. | 高 | SO002, SO024 |
| CO018 | No board composition, independent directors, governance structure, or equity distribution details have been publicly disclosed by Horizon3.ai as of May 2026. | 高 | SO002, SO007 |
| CO019 | No public lawsuits, regulatory enforcement actions, executive misconduct allegations, or material leadership departures have been identified for Horizon3.ai as of May 2026. | 中 | SO006, SO018 |
| CO020 | Key-person concentration risk is material at Horizon3.ai, as CEO Antani's government network, national-security credibility, and enterprise brand are embedded in the company's federal business development and customer trust. | 高 | SO002, SO004 |
| CO021 | Horizon3.ai has raised $140 million in total disclosed capital across its financing rounds, comprising a $40M Series C and a $100M Series D. | 高 | SO004, SO005, SO006 |
| CO022 | Horizon3.ai raised a $40 million Series C financing round in October 2022. | 高 | SO004, SO005 |
| CO023 | Horizon3.ai raised a $100 million Series D financing round in November 2024, confirmed via GlobeNewswire press release dated November 5, 2024. | 高 | SO004, SO006, SO018 |
| CO024 | The Series D was accompanied by a confirmed post-money valuation of over $1 billion, making Horizon3.ai a unicorn. | 高 | SO004, SO006 |
| CO025 | Craft Ventures is identified as a Series C lead investor in Horizon3.ai; partners Michael Robinson and Kevin Gabura led the investment. | 高 | SO005, SO007 |
| CO026 | SignalFire is an identified investor in Horizon3.ai across its early financing rounds. | 中 | SO017, SO004 |
| CO027 | Prosperity7 Ventures, the diversified venturing arm of Aramco Ventures (Saudi Aramco), announced a strategic investment in Horizon3.ai on January 13, 2026. | 高 | SO013, SO007 |
| CO028 | The Prosperity7 Ventures investment is explicitly framed around safeguarding AI datacenters and critical infrastructure that support the global economy. | 中 | SO013, SO007 |
| CO029 | The size of the Prosperity7 Ventures strategic investment in Horizon3.ai has not been publicly disclosed. | 高 | SO013, SO007 |
| CO030 | Horizon3.ai announced 102% year-over-year ARR growth on March 19, 2026; the absolute ARR figure was not disclosed. | 高 | SO007, SO010 |
| CO031 | Horizon3.ai ranked #1 in Security on the Inc. 5000 list of fastest-growing US private companies. | 中 | SO001, SO015 |
| CO032 | Horizon3.ai ranked #3 overall on the Deloitte Technology Fast 500 list of fastest-growing North American technology companies. | 中 | SO001, SO016 |
| CO033 | Horizon3.ai does not disclose absolute ARR, revenue, gross margin, net revenue retention, headcount, or detailed customer segment financials in any public source. | 高 | SO007, SO024 |
| CO034 | The Series D lead investor and full list of Series D participants have not been publicly disclosed by Horizon3.ai. | 高 | SO004, SO006 |
| CO035 | Horizon3.ai's SaaS subscription model centers on annual licenses for NodeZero with additional MSSP white-label licensing for managed service provider channel partners. | 中 | SO001, SO003 |
| CO036 | NodeZero covers internal network pentesting, external attack surface testing, cloud pentesting (AWS, Azure, GCP), Active Directory password auditing, Kubernetes security validation, and identity security validation. | 高 | SO003, SO025, SO012 |
| CO037 | NodeZero's architecture uses a one-time-use ephemeral virtual private cloud network for each pentest, providing isolation that prevents test activity from affecting adjacent production systems. | 高 | SO003, SO012, SO025 |
| CO038 | NodeZero Federal is the only FedRAMP High Authorized autonomous penetration testing platform as of mid-2026, enabling sale to US federal civilian agencies and defense components. | 高 | SO008, SO009 |
| CO039 | NodeZero serves as the offensive security engine for the NSA's Continuous Autonomous Penetration Testing (CAPT) program, which had assessed hundreds of Defense Industrial Base (DIB) suppliers by May 2025. | 高 | SO008, SO009 |
| CO040 | NodeZero was designated Awardable on the DoD Tradewinds Solutions Marketplace on May 14, 2026, enabling accelerated federal procurement without a full competitive acquisition process. | 高 | SO007, SO009 |
| CO041 | NodeZero integrates as a Model Context Protocol (MCP) server for security automation workflows and exposes a documented API for programmatic pentest orchestration. | 中 | SO003, SO012 |
| CO042 | Horizon3.ai was named to Fast Company's Most Innovative Companies 2026 list at #4 in the Security sector. | 高 | SO007, SO014 |
| CO043 | Human-expert pentesting firms such as Bishop Fox argue that complex application logic vulnerabilities, novel zero-days, and social engineering surfaces require creative adversarial thinking that autonomous platforms cannot replicate—representing a legitimate technical ceiling on NodeZero's scope. | 中 | SO020, SO021 |
| CO044 | Horizon3.ai operates a global MSSP and managed service partner channel, offering NodeZero as a white-label continuous pentesting service within partner-managed security portfolios. | 中 | SO001, SO003 |
| CO045 | NodeZero aligns with CMMC 2.0, FedRAMP, PCI DSS, NIS2, and HIPAA compliance requirements, enabling Horizon3.ai to address regulated enterprise and federal customer procurement mandates. | 高 | SO008, SO009 |
| CM001 | The penetration testing market includes manual expert-led assessments, automated PTaaS subscriptions, hybrid offerings, and fully autonomous AI-driven platforms; it excludes passive vulnerability scanning, SAST, and bug bounty programs. | 高 | SM001, SM003 |
| CM002 | Primary status-quo substitutes for autonomous pentesting include annual manual penetration tests from consulting firms ($15,000–$150,000+ per engagement), vulnerability scanners (Tenable Nessus, Rapid7 InsightVM), and in-house red teams constrained by talent scarcity. | 中 | SM015, SM018, SM019 |
| CM003 | The broader security testing market—including web application testing, API security, cloud posture, and compliance-driven assessments—was sized at $10.96B in 2025 by MarketsandMarkets, expanding to $40.99B by 2031 at a CAGR of 24.6%. | 中 | SM001, SM003 |
| CM004 | NodeZero's expansion into exposure management via NodeZero Insights represents early-stage penetration into the broader vulnerability management and attack surface management adjacency. | 中 | SM009, SM011 |
| CM005 | Bishop Fox, OffSec, NetSPI, and HackerOne compete in adjacent but distinct segments of the security testing market: managed assessments, training and certification, proactive security services, and bug bounty crowdsourcing respectively. | 中 | SM006, SM007, SM020, SM021 |
| CM006 | The NIST Special Publication 800-115, the foundational US government framework for security testing methodology, predates autonomous AI pentesting and does not specifically address AI-driven test validation, creating regulatory interpretation uncertainty. | 中 | SM004, SM005 |
| CM007 | MarketsandMarkets projects the global penetration testing market at $1.98B in 2025, growing to $4.39B by 2031 at a CAGR of 14.2%. | 高 | SM001, SM003 |
| CM008 | Mordor Intelligence projects the global penetration testing market at $2.36B in 2025, growing to $5.54B by 2031 at a CAGR of 15.29%, using a proprietary estimation framework updated in 2026. | 高 | SM003, SM001 |
| CM009 | The midpoint of MarketsandMarkets and Mordor Intelligence estimates for the penetration testing market—approximately $2.17B for 2025 and $4.97B for 2031—represents a reasonable base-case market size view, with material uncertainty on both ends. | 中 | SM001, SM003 |
| CM010 | MarketsandMarkets sizes the PTaaS subsegment at $0.72B in 2026, growing to $1.98B by 2031 at a 22.6% CAGR—significantly outpacing the broader penetration testing market's 14.2% CAGR. | 高 | SM002, SM001 |
| CM011 | No independent analyst firm has published a dedicated size estimate for the autonomous/AI-native pentesting subcategory; the closest proxy is the PTaaS market ($0.72B in 2026), but PTaaS includes human-augmented and hybrid offerings. | 高 | SM001, SM002, SM003 |
| CM012 | The PTaaS segment's 22.6% CAGR (MarketsandMarkets) vs. the broader penetration testing market's 14.2% CAGR reflects a structural shift from periodic manual assessments to continuous subscription-based platform delivery. | 中 | SM001, SM002 |
| CM013 | The MarketsandMarkets and Mordor Intelligence penetration testing market estimates differ by approximately 15–20% in absolute magnitude ($1.98B vs. $2.36B for 2025), reflecting methodological variation in what is counted and how geographic coverage is defined. | 高 | SM001, SM003 |
| CM014 | Large enterprises (>5,000 employees) represented 67.83% of the penetration testing market in 2025, while small and medium enterprises are growing at a 15.68% CAGR (Mordor Intelligence 2026). | 高 | SM003, SM001 |
| CM015 | In enterprise penetration testing procurement, the buyer is typically the CISO or VP of Information Security; the user is the security operations or red team; and the payer is the corporate IT/security budget. | 中 | SM001, SM009 |
| CM016 | The US federal government segment—where FedRAMP High Authorization is a procurement prerequisite—is characterized by longer sales cycles, higher contract values, and greater renewal stability than the commercial enterprise segment. | 中 | SM012, SM025 |
| CM017 | BFSI (banking, financial services, insurance) commanded 28.68% of the global penetration testing market in 2025, the largest vertical segment (Mordor Intelligence 2026). | 高 | SM003, SM001 |
| CM018 | Healthcare and life sciences is projected to grow at 16.89% CAGR through 2031, making it the fastest-growing vertical in the penetration testing market, driven by FDA pre-market device testing requirements and HIPAA annual testing mandates (Mordor Intelligence 2026). | 高 | SM003, SM014 |
| CM019 | North America accounted for 38.27% of global penetration testing market share in 2025, anchored by HIPAA, PCI DSS 4.0, and FedRAMP compliance frameworks that formalize annual or semiannual testing cadences (Mordor Intelligence 2026). | 高 | SM003, SM001 |
| CM020 | Mid-market organizations (1,000–5,000 employees) are the fastest-growing adopter cohort for PTaaS platforms, driven by PCI DSS 4.0 compliance deadlines and cyber insurance renewals requiring evidence of annual pentesting. | 中 | SM002, SM003 |
| CM021 | Third-party managed pentesting services captured 73.44% of the penetration testing market share in 2025; in-house capabilities are growing at 15.64% CAGR as automation reduces the manual overhead of red team operations (Mordor Intelligence 2026). | 中 | SM003, SM002 |
| CM022 | PCI DSS 4.0, effective March 2025, mandates annual penetration testing for all merchants and processors, converting discretionary security spend into mandatory compliance line items for the payments ecosystem. | 高 | SM003, SM004 |
| CM023 | FedRAMP 3.0 requires quarterly vulnerability scanning and annual penetration testing for all federal cloud providers; a proposed FedRAMP 4.0 framework would double the cadence for high-impact systems. | 高 | SM005, SM025 |
| CM024 | The EU Digital Operational Resilience Act (DORA), effective January 2025, requires financial institutions operating in the EU to conduct annual Threat-Led Penetration Testing (TLPT), creating mandatory pentesting demand in European financial services. | 高 | SM003, SM004 |
| CM025 | New York's 23 NYCRR 500 cybersecurity rule (revised 2023) requires boards to review penetration testing findings within 30 days, elevating pentesting from a technical exercise to a board governance artifact. | 中 | SM003, SM004 |
| CM026 | HIPAA currently requires annual penetration testing for covered healthcare entities; combined with FDA pre-market device testing requirements, this creates dual-track mandatory testing in healthcare. | 高 | SM003, SM004 |
| CM027 | The global cybersecurity talent shortage (estimated at 3.5 million unfilled positions globally) structurally favors automated pentesting platforms by preventing organizations from building in-house red teams at scale. | 中 | SM001, SM003 |
| CM028 | AI agents can now generate custom hacking tools that bypass traditional signature-based detection within hours of vulnerability disclosure, as documented by Dark Reading in 2026, creating urgency for continuous rather than periodic security validation. | 中 | SM022, SM008 |
| CM029 | Cloud migration is expanding dynamic attack surfaces beyond the capacity of manual pentest teams; multi-cloud environments with container orchestration and serverless functions require continuous testing cadences to maintain coverage. | 中 | SM003, SM001 |
| CM030 | A Pentera survey of 500 security leaders found 67% suffered at least one breach in the prior year and raised testing budgets to a median of $187,000 annually, confirming proactive validation is increasingly treated as operational insurance. | 中 | SM003, SM015 |
| CM031 | Horizon3.ai holds FedRAMP High Authorization—the most stringent US federal cloud security certification—making it the only autonomous pentesting platform eligible for high-impact federal deployments without additional authorization overlay. | 高 | SM012, SM025 |
| CM032 | No public analyst firm publishes a dedicated size estimate for the autonomous/AI-native pentesting subcategory; this represents a material evidence gap for quantifying Horizon3.ai's TAM with precision. | 高 | SM001, SM002, SM003 |
| CM033 | Horizon3.ai's ARR, NRR, and revenue-based market share are not publicly disclosed; customer count (5,200+) is the only scale metric enabling indirect market penetration inferences. | 高 | SM009, SM010 |
| CM034 | MarketsandMarkets and Mordor Intelligence both project 14–15% CAGR for the broad penetration testing market through 2031, confirming double-digit CAGR as the consensus growth view despite their 15–20% discrepancy in absolute size. | 中 | SM001, SM003 |
| CM035 | Horizon3.ai's 5,200+ customer base compared to Pentera's 1,200+ suggests Horizon3.ai has achieved broader customer count penetration, but Pentera's $100M ARR vs. Horizon3.ai's undisclosed ARR suggests different average contract values. | 低 | SM009, SM015 |
| CM036 | Analyst projections to 2031 carry compounding uncertainty from the pace of AI development; open-source autonomous pentesting tools could commoditize basic attack chain execution within 2–3 years, materially altering growth forecasts for premium PTaaS platforms. | 低 | SM022, SM003 |
| CM037 | AI-powered threat actor tooling creates a dual dynamic: near-term market acceleration (urgency for continuous validation) and medium-term competitive risk (commoditization as AI defensive capabilities become open-source). | 低 | SM022, SM001 |
| CM038 | Some compliance auditors do not yet accept AI-generated pentest outputs as satisfying attestation requirements without human certification sign-off, representing an adoption constraint for fully autonomous platforms like NodeZero. | 低 | SM004, SM005 |
| CM039 | Cloud-based pentesting platforms are projected to grow at 15.61% CAGR through 2031 (Mordor Intelligence), significantly above the on-premises market, reflecting the operational advantages of SaaS delivery for continuously updated attack chain libraries. | 中 | SM003, SM002 |
| CM040 | The IBM Cost of a Data Breach 2025 report found that organizations using AI extensively in security realized significant cost savings compared to those that did not, providing financial ROI evidence for investment in AI-driven security tooling. | 中 | SM008, SM001 |
| CM041 | Cobalt operates a hybrid human-plus-AI PTaaS model competing in the enterprise segment; Synack uses a curated Security Research Team (SRT) crowdsourcing model; both differ from Horizon3.ai's fully autonomous approach by retaining human tester judgment. | 中 | SM016, SM017 |
| CM042 | Horizon3.ai's geographic expansion to Amsterdam suggests a deliberate effort to capture European enterprise demand, which is being driven by DORA, NIS2, and GDPR compliance mandates. EU revenue contribution is not publicly disclosed. | 低 | SM009, SM010 |
| CM043 | Network assessments held 38.23% market share in the penetration testing market in 2025; cloud pentesting is the fastest-growing modality at 16.63% CAGR through 2031 (Mordor Intelligence 2026). | 中 | SM003, SM001 |
| CM044 | MSSPs and managed security service providers represent a significant distribution channel for PTaaS platforms; Horizon3.ai's MSSP program enables white-label deployment of NodeZero as part of managed security service offerings. | 中 | SM009, SM010 |
| CM045 | Bishop Fox's Cosmos AI claims a 40% reduction in assessment time, and HackerOne's agentic service delivers findings within hours; these efficiency gains reflect industry-wide convergence toward AI-accelerated security testing that validates the market thesis underlying Horizon3.ai. | 中 | SM006, SM021 |
| CP001 | The penetration testing and security validation market divides into four competitive tiers: (1) autonomous/AI-driven validation (Pentera), (2) human-augmented PTaaS (Cobalt, Synack), (3) incumbent enterprise platforms expanding into attack simulation (Rapid7, Tenable), and (4) horizontal security operations platforms creating indirect substitution (CrowdStrike, Palo Alto Networks). | 中 | SP001, SP004, SP008, SP011, SP014, SP015, SP016, SP017 |
| CP002 | NodeZero competes at the intersection of all four competitive tiers: autonomous execution (tier 1), subscription economics competing with PTaaS (tier 2), and exposure management expanding to overlap with incumbent platforms (tier 3). | 中 | SP019, SP020 |
| CP003 | NodeZero is trusted by 5,200+ enterprise customers and has safely executed 225,000+ autonomous pentests in live production environments, representing the largest disclosed autonomous pentesting deployment scale. | 高 | SP019, SP021, SP022 |
| CP004 | NodeZero is trusted by the NSA and 4 of the Fortune 10 companies, representing the highest-assurance enterprise security validation endorsements available in the market. | 高 | SP019, SP020, SP021 |
| CP005 | Gartner's convergence of BAS, CTEM, and autonomous pentesting into an 'Adversarial Exposure Validation' category umbrella both validates NodeZero's strategic direction and elevates AttackIQ and XM Cyber as analyst-evaluated category peers. | 中 | SP016, SP017 |
| CP006 | Pentera CEO Amitai Ratzon confirmed $100M ARR in a public blog post dated January 6, 2026, making Pentera the only autonomous security validation peer to disclose a public ARR milestone and the fastest-growing direct revenue competitor to NodeZero. | 高 | SP003, SP001, SP002 |
| CP007 | Pentera's 2025 Pen Testing Industry Report found that 67% of security leaders experienced a breach in the prior year and reported a median security testing budget of $187K among surveyed organizations. | 中 | SP001, SP003 |
| CP008 | Cobalt pioneers PTaaS as a credit-based subscription model enabling a pentest to start within 24 hours, positioning its 'Offensive Security Program' as a continuous testing approach bundling one-off pentests with fix validation and strategic guidance. | 中 | SP004, SP005 |
| CP009 | Cobalt's annual State of Pentesting Report is a sector-recognized thought leadership output that quantified a '25x remediation gap' showing elite security teams resolve risks in 10 days versus 249 days for the broader market. | 中 | SP004, SP005 |
| CP010 | Synack announced Sara AI Pentesting as generally available in 2026, marking its strategic pivot from a pure crowdsourced human researcher marketplace toward AI-augmented continuous testing. | 高 | SP006, SP026 |
| CP011 | Synack operates a global Synack Red Team (SRT) of 1,500+ vetted security researchers providing continuous assurance for Fortune 500 clients including financial services institutions and government agencies. | 中 | SP026, SP007 |
| CP012 | Synack holds FedRAMP Moderate authorization—one tier below NodeZero's FedRAMP High—limiting its access to medium-impact federal systems and excluding it from high-impact federal cloud contracts where NodeZero competes unopposed in autonomous pentesting. | 高 | SP018, SP007, SP006 |
| CP013 | Rapid7 serves 11,000+ global customers across MDR, vulnerability management (InsightVM), SIEM/XDR (InsightSIEM), and the Metasploit penetration testing framework with 4,000+ exploit modules and 20+ years of active development. | 高 | SP008, SP009, SP010 |
| CP014 | Rapid7 Metasploit contains more than 4,000 exploit modules and has been the world's most widely used penetration testing framework for 20+ years, but it is a framework requiring skilled human operators—structurally distinct from NodeZero's autonomous execution. | 高 | SP009, SP008 |
| CP015 | Rapid7 InsightSIEM competes in the detection and response space adjacent to NodeZero's attack simulation use cases, and Rapid7's Q4 2024 financial results disclosed full-year ARR exceeding $850M, demonstrating the financial scale to invest in adjacent autonomous capabilities. | 中 | SP010, SP008 |
| CP016 | Tenable serves more than 40,000 customers as of December 31, 2025, including approximately 65% of the Fortune 500 and approximately 50% of the Global 2000 and large government agencies. | 高 | SP011, SP012, SP013 |
| CP017 | Tenable was recognized as a Gartner Magic Quadrant Leader for Exposure Assessment Platforms in Q4 2025, validating its strategic position in the CTEM and vulnerability exposure management market. | 高 | SP011, SP013 |
| CP018 | Tenable One is positioned as 'the world's leading AI-powered exposure management platform,' spanning IT, cloud, containers, web apps, identity, OT, and AI workloads—a scope that directly overlaps with NodeZero Insights' product direction. | 高 | SP013, SP011 |
| CP019 | Tenable's stated product strategy toward 'preemptive security' and AI-driven exposure management directly overlaps with NodeZero's strategic direction and signals potential future competitive expansion into autonomous attack simulation. | 中 | SP013, SP011 |
| CP020 | CrowdStrike positions itself as 'The Agentic Security Platform' in 2026, with Charlotte AI AgentWorks enabling customers to build specialized security agents and Falcon Next-Gen SIEM competing for SOC transformation budgets at $4B+ ARR. | 高 | SP014, SP022 |
| CP021 | Palo Alto Networks positions Cortex XSIAM as 'the most advanced SOC platform' for AI-driven security operations, pursuing a 'platformization' strategy that encourages enterprise customers to consolidate security tools onto Cortex—creating indirect substitution pressure for standalone autonomous pentesting tools. | 高 | SP015, SP022 |
| CP022 | Neither CrowdStrike nor Palo Alto Networks currently offers production-safe autonomous pentesting with FedRAMP High authorization, preserving NodeZero's regulatory differentiation in the federal segment from horizontal platform competitors. | 中 | SP014, SP015, SP018 |
| CP023 | XM Cyber continuously surfaces validated exposures that form real attack paths, positioning its platform around AI-powered attack path management and validating the need for adversarial simulation—though using modeling rather than live autonomous attack execution. | 中 | SP017 |
| CP024 | NodeZero is the only fully autonomous pentesting platform with FedRAMP High Authorization, verified via FedRAMP Marketplace product ID FR1802451335, providing legally required clearance for high-impact federal cloud contracts no competing autonomous platform holds. | 高 | SP018, SP019, SP020 |
| CP025 | NodeZero operates as a black-box autonomous agent that identifies, chains, and exploits vulnerabilities without human direction, with an ephemeral agentless design tested across 225,000+ live production environments without business disruption. | 高 | SP019, SP027 |
| CP026 | FedRAMP High Authorization requires an estimated 18–36 months and $1M–$5M+ in investment from program initiation, creating a durable timeline barrier that prevents near-term competitive replication in the federal autonomous pentesting segment. | 高 | SP018, SP028 |
| CP027 | NodeZero's Pentest Wednesday recurring testing cadence creates a continuous subscription workflow that reduces churn and improves net revenue retention compared to annual point-in-time pentesting models used by legacy competitors. | 中 | SP027, SP019 |
| CP028 | Horizon3.ai raised $100M Series D in November 2024 at an implied valuation of approximately $1 billion, with Craft Ventures and Kleiner Perkins participation confirming independent investor validation of NodeZero's competitive moat. | 高 | SP021, SP022, SP023, SP030 |
| CP029 | NodeZero's installed customer base of 5,200+ generates compounding attack graph training data at a rate that creates a flywheel advantage: more customers improve attack chaining quality, attracting higher-value customers, which no new entrant can replicate without equivalent years of production deployment. | 中 | SP019, SP022 |
| CP030 | Horizon3.ai's Series D fundraise was reported across SecurityWeek, Dark Reading, SC World, and Federal News Network, all corroborating the $100M raise and ~$1B valuation, constituting multi-source independent verification of the financing event. | 高 | SP021, SP022, SP023, SP030 |
| CP031 | The greatest long-term commercial displacement risk comes from Tenable, whose 40,000+ customer base provides 8x more renewal leverage than NodeZero's 5,200+ customers; a Tenable acquisition or development of autonomous attack simulation capability could be bundled at discounted pricing into renewal cycles. | 高 | SP011, SP013, SP022 |
| CP032 | Pentera's confirmed $100M ARR trajectory makes it the highest-severity near-term revenue displacement threat; if Pentera initiates FedRAMP High certification (currently unconfirmed), the authorization timeline of 18–36 months could see it achieve High status as early as 2027–2028. | 高 | SP003, SP001, SP018 |
| CP033 | AttackIQ frames its CTEM offering as 'AI Changed the Threat; CTEM Changes How You Respond,' positioning adversarial exposure validation as a board-level strategic capability that competes with NodeZero for CISO attention and the CTEM budget allocation. | 中 | SP016 |
| CP034 | The convergence of BAS, CTEM, and autonomous testing into a unified analyst category elevates AttackIQ and XM Cyber as category peers in CISO evaluation frameworks, creating evaluation-stage disadvantage for NodeZero in procurement bakeoffs that rely on Gartner MQ guidance. | 中 | SP016, SP017 |
| CP035 | CrowdStrike's Charlotte AI AgentWorks ecosystem enables customers to build specialized security agents, creating a credible future pathway to develop red-team automation capabilities that could be bundled into existing Falcon contracts at discounted pricing. | 中 | SP014 |
| CP036 | Human-led PTaaS models including Cobalt and Synack serve enterprise customers requiring human expert attestation for compliance reports that autonomous-only platforms cannot yet fully replace in regulatory compliance contexts requiring human certification. | 中 | SP004, SP005, SP026 |
| CP037 | Open-source AI tooling and advancing foundation model capabilities are projected to commoditize basic autonomous vulnerability scanning and attack chaining within 2–3 years, compressing price premiums for platforms that cannot differentiate on depth, proprietary training data, or regulatory compliance. | 中 | SP024, SP016 |
| CI001 | Horizon3.ai closed a $100M Series D funding round in November 2024, led by Craft Ventures, representing the largest single funding round in the company's history. | 高 | SI002, SI009, SI012 |
| CI002 | Horizon3.ai's total disclosed funding across all rounds reached approximately $141M by November 2024, with Craft Ventures serving as lead institutional investor throughout the company's growth. | 中 | SI002, SI012 |
| CI003 | NodeZero holds FedRAMP High authorization, enabling deployment on high-impact federal cloud systems and government agency networks with the most sensitive data classifications. | 高 | SI024, SI020 |
| CI004 | Tenable Holdings reported 40,000+ customers at December 31, 2025, with approximately 65% of Fortune 500 and approximately 50% of Global 2000 companies using Tenable products, per its FY2025 10-K. | 高 | SI001, SI014 |
| CI005 | Horizon3.ai has amassed 5,200+ customers as of the Series D announcement in November 2024, indicating significant commercial and federal installed base growth since the 2021 NodeZero commercial launch. | 高 | SI010, SI011 |
| CI006 | NodeZero has safely executed 225,000+ autonomous penetration tests, confirming deep platform utilization across the installed base with an implied average of approximately 43 pentests per customer. | 高 | SI010, SI011 |
| CI007 | NodeZero is sold as an annual SaaS subscription rather than a per-engagement professional services contract, repositioning autonomous pentesting from a capital expense to an operational IT expenditure. | 中 | SI010, SI025 |
| CI008 | Horizon3.ai expanded to Amsterdam, Netherlands in 2023 to establish an EU market presence, targeting European enterprise and NATO-aligned government customers. | 中 | SI011, SI007 |
| CI009 | Horizon3.ai disclosed that Series D proceeds would be allocated to platform research and development, federal channel expansion, international market entry, and go-to-market scale. | 中 | SI002, SI009 |
| CI010 | Rapid7 operates the Insight Platform combining SIEM (InsightIDR), vulnerability management (InsightVM), and application security across a broad enterprise customer base, competing with NodeZero in enterprise security budget allocation. | 中 | SI008, SI013, SI018 |
| CI011 | Tenable's estimated FY2025 annual revenue exceeds $900M based on its public financial disclosures, making it approximately 10–22x larger than Horizon3.ai's estimated $40–90M ARR range. | 中 | SI001, SI014 |
| CI012 | Pentera, Horizon3.ai's closest autonomous pentesting competitor, raised approximately $56M in its 2022 Series C at an approximately $1B valuation, providing a funding-stage comparable for Horizon3.ai's prior rounds. | 中 | SI015, SI016 |
| CI013 | NodeZero is priced on a host-based subscription model in which customers pay annually for a defined scope of internal and external assets; pricing is not publicly disclosed and requires direct sales engagement. | 中 | SI010, SI006 |
| CI014 | Federal customers access NodeZero through government contract vehicles including GSA Schedule 70, SEWP V, and CIO-SP3, enabling direct procurement without open competitive bidding for qualifying agencies. | 中 | SI020, SI024 |
| CI015 | NodeZero Insights is an add-on subscription product that overlays threat intelligence and vulnerability prioritization context on top of NodeZero's autonomous penetration testing findings. | 中 | SI006, SI010 |
| CI016 | Horizon3.ai operates an MSP/MSSP partner program enabling managed security service providers to resell NodeZero subscriptions to their end customers, extending mid-market reach without proportional direct headcount. | 中 | SI010, SI011 |
| CI017 | NodeZero pricing is not publicly listed on Horizon3.ai's website; enterprise and federal buyers must engage the sales team for custom quotes, consistent with a value-based pricing model above commodity price points. | 中 | SI010, SI006 |
| CI018 | SaaS security companies at Horizon3.ai's estimated scale typically target 65–80% gross margins on platform subscription revenue; NodeZero's low marginal delivery cost per pentest execution supports a trajectory toward this range. | 中 | SI017, SI013 |
| CI019 | At 5,200+ customers and an estimated ARR of $40–90M, Horizon3.ai's implied blended ACV is approximately $8,000–$17,000, suggesting a mid-market-heavy customer composition with higher-value federal and enterprise contracts elevating the average. | 中 | SI010, SI011 |
| CI020 | High-growth security SaaS companies with strong platform utilization metrics typically achieve NRR of 110–130%; NodeZero's 43-pentest-per-customer average utilization is consistent with the higher end of this NRR benchmark range. | 中 | SI017, SI013 |
| CI021 | With an estimated monthly burn of $6–12M and approximately $100M in Series D proceeds, Horizon3.ai has an estimated 8–17 months of runway from the November 2024 close, implying a likely next-round requirement by mid-to-late 2026. | 中 | SI002, SI009 |
| CI022 | Rapid7's FY2024 annual revenue was approximately $800M with gross margins of approximately 70%, providing a public-company benchmark for enterprise security platform economics at scale. | 中 | SI008, SI013 |
| CI023 | At Horizon3.ai's estimated ARR of $40–90M, the company is approximately 10–22x smaller by revenue than Tenable, indicating it remains a niche player in the broader exposure management sector despite strong growth velocity signals. | 中 | SI001, SI014 |
| CI024 | The $100M Series D represents the largest single financing event in Horizon3.ai's history, more than doubling the company's total capital raised in a single transaction. | 中 | SI002, SI012 |
| CI025 | Craft Ventures has served as the lead institutional investor across multiple Horizon3.ai funding rounds, providing continuity of institutional support and reducing the need to attract new lead investors in subsequent rounds. | 中 | SI012, SI002 |
| CI026 | Horizon3.ai has not disclosed any debt facility, credit line, revolving credit, or project finance arrangement as of the Series D announcement, consistent with a venture-equity-funded SaaS company at this stage. | 中 | SI002, SI009 |
| CI027 | Horizon3.ai's $100M Series D was raised in November 2024, a period when cybersecurity VC funding had contracted approximately 35% year-over-year from 2023 peaks, suggesting above-average investor conviction in the NodeZero thesis. | 中 | SI002, SI004, SI005 |
| CI028 | Horizon3.ai's funding timeline accelerated following the NodeZero commercial launch in 2021, with increasing round sizes reflecting commercial traction and federal market penetration rather than speculative pre-revenue investment. | 中 | SI012, SI011 |
| CI029 | Tenable's expansion into attack path analysis, exposure assessment, and adversarial exposure validation categories creates direct budget competition with NodeZero in enterprise security spending decisions. | 中 | SI001, SI019 |
| CI030 | Federal government revenue concentration at Horizon3.ai creates material appropriations risk and DOGE-driven federal spending contraction exposure that cannot be quantified without segment revenue disclosure. | 中 | SI020, SI024 |
| CI031 | Horizon3.ai discloses no quantitative financial metrics—not ARR, revenue growth rate, gross margin, NRR, CAC, burn rate, or customer concentration—creating significant due diligence opacity for financial underwriting. | 中 | SI010, SI011 |
| CI032 | Tenable's 40,000+ customer base versus Horizon3.ai's estimated 5,200+ implies Tenable has approximately 7.7x more customers, with vastly greater enterprise penetration and cross-sell leverage against which NodeZero competes in the CISO budget. | 中 | SI001, SI010 |
| CI033 | A $100M Series D at an estimated valuation of approximately $900M implies approximately 10–22x ARR multiple at the midpoint ARR estimate, which is at a premium to 2025–2026 public-market security SaaS multiples and would compress in a lower-multiple public exit environment. | 中 | SI002, SI017 |
| CI034 | Horizon3.ai's planned federal and international expansion will require sustained investment in FedRAMP compliance maintenance, EU data residency infrastructure, and regional sales headcount, increasing burn relative to current estimates. | 中 | SI007, SI008 |
| CI035 | A potential IPO path for Horizon3.ai would require public disclosure of ARR, NRR, gross margin, and key unit economics metrics, creating preparation pressure on the company to instrument and validate these metrics before any S-1 filing. | 中 | SI012, SI015 |
| CI036 | NodeZero's 225,000+ pentest milestone across 5,200+ customers implies an average of approximately 43 pentests per customer, suggesting deep platform embedding, high switching costs, and strong gross retention signals. | 中 | SI010, SI011 |
| CI037 | The combination of FedRAMP High exclusivity, 5,200+ customer installed base, $100M Series D capitalization, and a global expansion footprint positions Horizon3.ai for either a strategic acquisition by a major security incumbent or an IPO path within 3–5 years, contingent on ARR inflection and margin demonstration. | 中 | SI012, SI002, SI025 |
| CE001 | NodeZero delivers six primary operation types: Internal Pentest, External Pentest, Cloud Pentest (AWS/Azure/GCP), Active Directory Password Audit, Phishing Impact Testing, and Kubernetes Pentest. | 高 | SE001, SE009 |
| CE002 | NodeZero Internal Pentest requires deployment of a Docker container or OVA image inside the customer environment; no persistent agent remains after the pentest completes. | 高 | SE002, SE009 |
| CE003 | NodeZero External Pentest operates fully agentlessly from Horizon3.ai's H3 Cloud, requiring no software deployment in the customer environment. | 高 | SE003, SE001 |
| CE004 | NodeZero Cloud Pentest supports AWS, Azure, and GCP environments, using customer-supplied cloud provider credentials to map and exploit IAM misconfigurations and lateral movement paths. | 高 | SE004, SE001 |
| CE005 | NodeZero Phishing Impact Testing simulates email credential compromise and chains the simulated compromise to downstream network attack paths, quantifying the real business impact of a phishing attack. | 高 | SE015, SE001 |
| CE006 | NodeZero Active Directory Password Audit discovers crackable, reused, and weak passwords across Active Directory using native LDAP protocols without deploying a persistent agent. | 高 | SE016, SE009 |
| CE007 | NodeZero is FedRAMP High Authorized under marketplace ID F2209220003, enabling deployment in federal environments processing highly sensitive unclassified data. | 高 | SE005, SE011 |
| CE008 | Horizon3.ai participates in the NSA Cybersecurity Assurance Program Testing (CAPT), under which NodeZero delivers autonomous pentests to Defense Industrial Base suppliers seeking CMMC compliance. | 高 | SE005, SE024 |
| CE009 | Each NodeZero pentest run creates a dedicated, isolated, single-use Virtual Private Cloud within H3 Cloud infrastructure, which is torn down immediately after the engagement completes. | 高 | SE001, SE009 |
| CE010 | NodeZero's attack graph engine chains multi-hop exploitation across users, systems, credentials, and services to construct end-to-end proof-of-exploitation paths mapped to MITRE ATT&CK. | 高 | SE001, SE026 |
| CE011 | NodeZero Tripwires is a deception technology module that deploys production-safe digital tripwires to detect post-breach adversary activity within customer environments. | 中 | SE008 |
| CE012 | NodeZero Insights is an exposure management intelligence layer that aggregates and prioritizes findings across continuous pentest operations to provide ongoing risk visibility. | 中 | SE027, SE001 |
| CE013 | The NodeZero MCP Server, launched in 2025, exposes verified exploit data and attack surface findings from NodeZero to AI and LLM tools through the Model Context Protocol. | 中 | SE007, SE009 |
| CE014 | NodeZero integrates with ServiceNow Vulnerability Response to synchronize pentest findings into enterprise ITSM workflows for risk-based remediation prioritization. | 高 | SE017, SE001 |
| CE015 | Horizon3.ai maintains 41 or more public repositories under the horizon3ai GitHub organization, including open-source CVE proof-of-concept exploit tools with active community engagement. | 高 | SE010, SE026, SE034 |
| CE016 | The Vanguard Partner Program offers Silver, Gold, and Platinum tiers providing structured market access for MSSPs, MSPs, and technology resellers with differentiated margins and co-selling resources. | 高 | SE013, SE022 |
| CE017 | NodeZero Rapid Response tests CISA Known Exploited Vulnerabilities within 24 to 72 hours of catalog entry, providing customers with immediate exploitability verification after a new KEV is published. | 高 | SE012, SE001 |
| CE018 | Horizon3.ai claims SOC 2 Type II certification for its cloud operations; the audit report is not publicly available for independent verification of scope, auditor, or coverage period. | 中 | SE023 |
| CE019 | NodeZero's compliance service is delivered by OSCP-certified human pentesters and covers PCI DSS 4.0, HIPAA, CMMC 2.0, SOC 2, and ISO 27001 compliance frameworks. | 高 | SE006, SE005 |
| CE020 | Gartner recognized Horizon3.ai as a Customers' Choice in the October 2025 Peer Insights Voice of the Customer report for the Adversarial Exposure Validation market. | 高 | SE019, SE018 |
| CE021 | Horizon3.ai has completed more than 225,000 autonomous pentests across more than 5,200 customers, including the largest recorded pentest covering more than 100,000 IP addresses in a single run. | 高 | SE025, SE030, SE034 |
| CE022 | A 2025 partnership with Pax8 extends NodeZero distribution to Pax8's network of more than 30,000 MSP partners across North America and international markets. | 中 | SE022 |
| CE023 | NodeZero Kubernetes Pentest assesses container escape vulnerabilities, RBAC privilege escalation, and cluster-wide attack paths within Kubernetes environments. | 中 | SE004 |
| CE024 | NodeZero generates prioritized fix actions for each exploitable finding and provides one-click post-fix verification tests to confirm that remediated vulnerabilities are no longer exploitable. | 高 | SE001, SE026 |
| CE025 | NodeZero is production-safe by design: no exploit payloads persist after a pentest run, and all active exploitations are scoped to non-destructive proof-of-access actions. | 高 | SE020, SE001 |
| CE026 | H3 Cloud is the SaaS orchestration backend for all external and agentless NodeZero operations, running on AWS commercial cloud infrastructure with per-pentest tenant isolation. | 中 | SE003 |
| CE027 | Horizon3.ai launched a distribution partnership with Pax8 in 2025, enabling NodeZero delivery through Pax8's MSP marketplace to customers who could not previously access direct enterprise sales. | 高 | SE022, SE013 |
| CE028 | NodeZero compliance service supports evidence generation for PCI DSS 4.0, HIPAA, CMMC 2.0, SOC 2 Type II, and ISO 27001, combining automated pentest results with OSCP human pentester attestation. | 高 | SE006, SE005 |
| CE029 | The CISA Known Exploited Vulnerabilities catalog contains more than 1,000 entries which NodeZero cross-references against customer environments for Rapid Response exploitability testing. | 中 | SE012, SE028 |
| CE030 | Horizon3.ai earned Awardable status in the Department of Defense Platform One solution marketplace in 2023, enabling DoD customers to procure NodeZero through a streamlined non-competitive pathway. | 高 | SE024, SE005 |
| CE031 | NodeZero External Pentest includes attack surface management capabilities to enumerate and prioritize internet-reachable assets beyond the customer's known IP inventory. | 中 | SE003 |
| CE032 | Built In lists Horizon3.ai as having more than 200 employees as of 2025, reflecting the company's scale following the Series C and Series D fundraising rounds. | 中 | SE021, SE035 |
| CE033 | A 4-star Gartner Peer Insights review from an insurance sector CISO raised compliance scanning concerns about NodeZero in regulated environments, noting cloud-based functionality limitations. | 中 | SE018 |
| CE034 | A 3-star Gartner Peer Insights review from a services sector CIO cited scheduling issues and NodeZero test results that did not make intuitive sense, suggesting usability gaps for non-specialist users. | 中 | SE018 |
| CE035 | Horizon3.ai markets a "Patch Tuesday to Pentest Wednesday" workflow that enables IT teams to verify exploitability of newly-patched CVEs within 24 hours of a Microsoft patch release. | 高 | SE002, SE026 |
| CE036 | NodeZero maps attack path findings to MITRE ATT&CK tactics and techniques, providing SOC teams with framework-aligned context for threat detection and response prioritization. | 中 | SE001 |
| CE037 | NodeZero integrates with enterprise SIEM and SOAR platforms including Splunk and Microsoft Sentinel, enabling pentest findings to flow into SOC alert pipelines and correlation rules. | 高 | SE017, SE009 |
| CE038 | Horizon3.ai reported 102% annual recurring revenue growth in fiscal year 2025, with more than 5,200 customers using NodeZero across enterprise, federal, and commercial segments. | 高 | SE030, SE019, SE036 |
| CU001 | Horizon3.ai reported 5,200+ active organizational customers globally as of its FY2026 results announcement in March 2026. | 高 | SU001, SU002 |
| CU002 | Approximately 70% of Horizon3.ai's 5,200+ customers as of March 2026 are delivered through Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs), making the channel the dominant go-to-market motion. | 高 | SU001, SU019 |
| CU003 | Four of the Fortune 10 companies are confirmed active NodeZero customers as of March 2026, representing the highest-assurance enterprise customer validation tier. | 高 | SU001, SU006 |
| CU004 | The world's largest banks and global pharmaceutical and semiconductor manufacturers are among Horizon3.ai's confirmed enterprise commercial customers as of March 2026. | 中 | SU001, SU007 |
| CU005 | Horizon3.ai's use-case pages and federal vertical page confirm active deployments across healthcare, financial services, U.S. public sector, and DoD/federal verticals as of 2026. | 高 | SU006, SU007, SU008, SU009 |
| CU006 | NodeZero is listed on the FedRAMP marketplace as an authorized cloud service offering with FedRAMP High Authorization, confirming continued federal market access as of 2026. | 高 | SU027, SU006 |
| CU007 | Horizon3.ai's channel partners confirmed in 2025–2026 press releases include NCC Group, Optiv, Thrive, CDW, Sentinel Technologies (enterprise MSSP) and Pax8 (40,000+ MSP ecosystem for SMB/mid-market). | 高 | SU019, SU020 |
| CU008 | NodeZero received awardable status on DoD Platform One Solution Marketplace and Tradewinds Solutions Marketplace, enabling DoD and intelligence community buyers to procure without a full acquisition cycle as of May 2026. | 高 | SU016, SU017 |
| CU009 | The NSA Cybersecurity Collaboration Center uses NodeZero as part of the Continuous Adversarial Penetration Testing (CAPT) program to autonomously pentest Defense Industrial Base networks, representing the highest-trust federal customer reference. | 高 | SU006, SU015 |
| CU010 | CISA's Office of the CISO uses NodeZero for vulnerability assessments that are shared with Federal Civilian Executive Branch agencies, representing an active production deployment with downstream security impact. | 高 | SU006, SU009 |
| CU011 | The FBI and Centers for Medicare and Medicaid Services (CMS) are confirmed active NodeZero customers as of Horizon3.ai's federal use-case documentation. | 高 | SU006, SU009 |
| CU012 | A nation's largest healthcare system deployed NodeZero as part of a CTEM (Continuous Threat Exposure Management) program, running 60+ tests across 30+ network segments in a documented production deployment. | 高 | SU010, SU008 |
| CU013 | A leading U.S. hospital and healthcare system (deployed via Liberman Networks MSSP) discovered and remediated a ZeroLogon (CVE-2020-1472) Active Directory compromise using NodeZero, representing a production remediation outcome. | 高 | SU012, SU008 |
| CU014 | A leading U.S. manufacturer uses NodeZero weekly (Pentest Wednesday cadence) for continuous security validation, including M&A security validation; 94 attack paths were eliminated and Iranian-linked tradecraft techniques were identified and remediated. | 高 | SU001, SU011, SU013 |
| CU015 | A financial and insurance company running weekly AWS cloud pentests with NodeZero discovered an AWS environment compromise in under 10 minutes, enabling immediate remediation before business impact. | 高 | SU007, SU014 |
| CU016 | A large financial institution's 14-hour NodeZero autonomous pentest uncovered 586 critical impacts and three full domain administrator compromises, representing the highest-specificity financial services outcome in the public case study record. | 高 | SU007, SU014 |
| CU017 | Public sector SLED customers confirmed by name include City of St. Petersburg FL, Moravian University, and Regina International Airport; two unnamed large school systems are also documented as active customers. | 高 | SU009, SU006 |
| CU018 | Horizon3.ai ranked #121 overall and #1 in cybersecurity on the 2025 Inc. 5000 list, based on 2,962% three-year revenue growth from 2021 to 2024, representing the fastest-growing cybersecurity company in that period. | 高 | SU003, SU026 |
| CU019 | Horizon3.ai ranked #3 on the Deloitte Technology Fast 500 for 2025 (North America), based on 19,939% three-year revenue growth — the highest verified three-year growth rate of any cybersecurity company in that ranking. | 高 | SU004, SU026 |
| CU020 | Horizon3.ai reported approximately 4,000 active organizational customers and 137% ARR growth YoY as of its 1H 2025 results (September 2025). | 高 | SU002, SU001 |
| CU021 | Enterprise segment ARR grew 485% year over year in the first half of 2025, reflecting a successful upmarket motion beyond the initial MSSP/SMB channel. | 中 | SU002, SU001 |
| CU022 | Horizon3.ai reported 102% ARR growth year over year as of its FY2026 results in March 2026, consistent with continued hypergrowth at scale. | 高 | SU001, SU002 |
| CU023 | NodeZero has executed 225,000+ production-safe penetration tests as of March 2026, averaging approximately 43 tests per customer organization over the company's lifetime. | 高 | SU001, SU002 |
| CU024 | Channel bookings reached 32% of Q4 FY2026 total bookings, indicating the MSSP/channel motion is accelerating as a proportion of new business. | 高 | SU001, SU020 |
| CU025 | Fast Company named Horizon3.ai one of the Most Innovative Companies of 2026 in the enterprise software category, providing independent third-party recognition of product innovation. | 高 | SU023, SU026 |
| CU026 | Horizon3.ai was named to the NatSec 100 list for a second consecutive year, confirming continued recognition as a significant national security technology company. | 高 | SU022, SU006 |
| CU027 | Horizon3.ai reported 125% Net Dollar Retention (NDR) as of its FY2026 results in March 2026, indicating that existing customers are growing their spend by an average of 25% above their prior-year baseline annually. | 高 | SU001, SU002 |
| CU028 | Horizon3.ai reported 94% Gross Dollar Retention (GDR) as of its FY2026 results in March 2026, implying a 6% annual gross churn rate and a high base of recurring revenue. | 高 | SU001, SU002 |
| CU029 | The arithmetic spread between 125% NDR and 94% GDR implies that retained customers expand spend by approximately 33% annually on average (125/94 = 1.33x), consistent with the Pentest Wednesday recurring cadence and multi-module expansion pattern. | 中 | SU001, SU013 |
| CU030 | As of August 2025, NodeZero had 73 published reviews on Gartner Peer Insights with an average rating of 4.7 out of 5.0 stars and 90% willingness to recommend, earning the Gartner Customers' Choice distinction in the October 2025 AEV Voice of the Customer report. | 高 | SU005, SU024 |
| CU031 | Customer case studies confirm the Pentest Wednesday recurring model: a leading manufacturer runs weekly tests, a healthcare system has run 60+ tests, and a financial/insurance company runs weekly AWS pentests — validating that recurring usage drives ACV expansion. | 高 | SU001, SU010, SU013, SU014 |
| CU032 | NodeZero's ServiceNow integration enables customers to route pentest findings directly into ServiceNow Vulnerability Response for risk-based remediation, creating workflow lock-in and deeper platform integration. | 高 | SU021, SU006 |
| CU033 | The Pax8 partnership expands NodeZero access to 40,000+ MSP partners, enabling SMB and mid-market penetration at a scale that would be uneconomical via direct sales. | 高 | SU020, SU019 |
| CU034 | A single adverse Gartner Peer Insights review (3.0/5.0, August 21, 2024) cited scheduling issues with a partner and test results that were difficult to interpret, representing the only publicly identified critical customer voice from the NodeZero customer base. | 中 | SU024 |
| CU035 | Approximately 70% of Horizon3.ai's customers are MSSP-delivered, creating channel concentration risk: if top MSSP partners shift vendor preference, a material portion of customer base and ARR could be at risk independent of underlying platform quality. | 高 | SU001, SU019 |
| CU036 | All four Fortune 10 customers, the world's largest bank relationships, and leading enterprise customers are unnamed in all public disclosures, making independent verification of these highest-value customer claims impossible from public sources. | 高 | SU001, SU029 |
| CU037 | The single adverse Gartner review attributed customer dissatisfaction to a partner scheduling and reporting issue rather than platform failure, suggesting MSSP execution quality — not NodeZero's technology — is the primary source of adverse customer experience. | 中 | SU024, SU019 |
| CU038 | Horizon3.ai's entire federal segment revenue depends on the continuity of FedRAMP High Authorization; the transition from FedRAMP Rev4 to FedRAMP 3.0 represents a compliance upgrade requirement with execution risk. | 中 | SU006, SU027 |
| CU039 | Four of the Fortune 10 as active customers likely represents a disproportionate share of direct ARR given the typical >$1M ACV of Fortune 10 cybersecurity contracts; the loss of a single Fortune 10 customer would be a material revenue event. | 中 | SU001, SU006 |
| CU040 | Horizon3.ai has not disclosed what percentage of ARR comes from its top 10 customers, creating a data gap that prevents precise revenue concentration risk assessment from public sources. | 中 | |
| CU041 | The Pax8 partnership (announced 2024) and access to 40,000+ MSPs represents expansion potential but no confirmed Pax8-originated ARR has been disclosed; the SMB channel is a future growth vector whose revenue contribution as of March 2026 is unknown. | 中 | SU020, SU029 |
| CU042 | Awardable status on DoD Platform One and Tradewinds Solutions Marketplace (both achieved May 2026) removes acquisition barriers for federal procurement but does not guarantee order flow; revenue realization depends on individual agency decisions and appropriations. | 高 | SU016, SU017 |
| CR001 | The EU AI Act (Regulation 2024/1689) entered into force on 1 August 2024. | 高 | SR009, SR011 |
| CR002 | EU AI Act prohibition provisions (Article 5) became effective in February 2025. | 高 | SR009, SR011 |
| CR003 | Autonomous AI systems that actively attack IT infrastructure could be classified as high-risk AI under the EU AI Act if deemed to pose risks to critical infrastructure. | 中 | SR009, SR011 |
| CR004 | BIS regulates cybersecurity items under the EAR; ECCN codes 4E001 and related entries cover intrusion software and offensive security tools. | 高 | SR008, SR031, SR012 |
| CR005 | NodeZero Federal is described by Horizon3.ai as the only FedRAMP High Authorized platform purpose-built for continuous autonomous penetration testing. | 高 | SR002, SR004 |
| CR006 | FedRAMP High Authorization must be maintained continuously through Annual Assessment cycles and Plan of Action and Milestones (POA&M) management. | 高 | SR004, SR006 |
| CR007 | CMMC 2.0 requires third-party Certified Third-Party Assessor Organization (C3PAO) assessments for DoD contractors operating at Level 2 and Level 3. | 中 | SR030 |
| CR008 | NIST SP 800-115 is the federal standard technical guide for information security testing and assessment, acknowledging inherent limitations of automated tools. | 高 | SR007, SR006 |
| CR009 | BIS civil penalties for EAR violations can reach up to $353,534 per violation; criminal penalties are also possible for willful violations. | 中 | SR008, SR031 |
| CR010 | Pentera (formerly Pcysys) is a direct competitor in automated security validation with approximately 1,000+ enterprise customers and a European headquarters. | 中 | SR013, SR016 |
| CR011 | Cobalt.io competes in the PTaaS market and has pivoted toward AI-augmented pentesting, with an expanding customer base. | 中 | SR014, SR016 |
| CR012 | Microsoft, CrowdStrike, Palo Alto Networks, and Tenable all have adjacent products in automated or continuous attack surface management that partially overlap NodeZero's core use case. | 中 | SR017, SR022 |
| CR013 | Open-source penetration testing tools including Metasploit, Nuclei, and OpenVAS are freely available and set a market floor that limits commercial pricing power in the mid-market. | 中 | SR023, SR017 |
| CR014 | NodeZero has executed 130,000+ autonomous pentests across commercial, defense industrial base (DIB), and federal environments. | 中 | SR001, SR002 |
| CR015 | The autonomous pentesting market faces AI commoditization risk as general-purpose LLM-based agents increase in capability, potentially replicating vulnerability discovery functions. | 中 | SR022, SR017 |
| CR016 | NodeZero's SaaS delivery means customer vulnerability findings and network topology reside in Horizon3.ai's cloud environment, creating a high-value attack target. | 中 | SR001, SR002 |
| CR017 | As of May 2026, threat actors in Latin America were using AI agents to generate dynamically created hacking tools that evade signature-based detection across full attack chains. | 中 | SR022 |
| CR018 | Vibe-hacking threat actors in 2026 jailbreak AI agents by claiming instructions are for an 'authorized red-team exercise,' illustrating how autonomous AI security tools' language and framing can be weaponized. | 中 | SR022 |
| CR019 | NodeZero uses a one-time-use architecture with dedicated, ephemeral resources in an isolated virtual private cloud network for each test. | 中 | SR001 |
| CR020 | CISA's Known Exploited Vulnerabilities (KEV) catalog is a critical data source that continuous pentest platforms rely on for prioritization of attack paths. | 中 | SR005, SR024 |
| CR021 | NIST NVD tracks 250,000+ Common Vulnerabilities and Exposures (CVEs), forming a key substrate for autonomous vulnerability discovery and attack-chain reasoning. | 中 | SR024, SR029 |
| CR022 | No automated security testing tool can guarantee 100% coverage; NIST SP 800-115 explicitly acknowledges inherent limitations of automated penetration testing approaches. | 高 | SR007, SR023 |
| CR023 | Horizon3.ai's sales motion, investor narrative, and federal pipeline are closely tied to CEO Snehal Antani's personal credibility as a DoD-credentialed technologist, creating material key-person dependency that would be difficult to transfer quickly if he departed. | 中 | SR003, SR028 |
| CR024 | Snehal Antani holds 18 US patents in data processing, cloud computing, and virtualization, giving him unique technical credibility in the enterprise and federal markets. | 中 | SR003 |
| CR025 | Horizon3.ai describes itself as having been founded in 2019 and headquartered in San Francisco, CA, with 100% US-made products. | 中 | SR003, SR028 |
| CR026 | The Horizon3.ai leadership team includes US Special Operations and US National Security veterans, which creates talent concentration in cleared and specialized roles that are difficult to replace. | 中 | SR003 |
| CR027 | Horizon3.ai reported 5,200+ customers as of 2024–2025 (per earlier chapter research), providing customer base diversification against single-account concentration. | 中 | SR015, SR016 |
| CR028 | SAM.gov search results show active federal procurement listings associated with Horizon3.ai products, confirming active federal sales pipeline as of 2026. | 中 | SR020, SR019 |
| CR029 | USASpending.gov is the authoritative federal database for tracking contract obligations to commercial vendors, enabling analysis of Horizon3.ai's federal revenue concentration. | 中 | SR019 |
| CR030 | NodeZero's internal tests are run from a free Docker host or OVA deployed on customer premises, creating a supply chain attack surface via the container distribution mechanism. | 中 | SR001 |
| CR031 | Horizon3.ai's platform runs on cloud infrastructure (SaaS architecture), creating dependence on AWS and/or Azure for orchestration availability. | 中 | SR001, SR002 |
| CR032 | NodeZero uses a credential-optional architecture and 'safe exploitation' protocols designed to avoid causing damage or service disruption in production environments. | 中 | SR001, SR002 |
| CR033 | The EU AI Act imposes conformity assessment, documentation, registration, and human oversight requirements on high-risk AI systems before market placement. | 高 | SR009, SR011 |
| CR034 | Horizon3.ai publishes 30+ vulnerability disclosures as part of a coordinated disclosure program, creating both a reputation benefit and reputational risk if disclosures are poorly timed. | 中 | SR027, SR025 |
| CR035 | Horizon3.ai raised a $100M Series D in November 2024, led by investors including Evolution Equity Partners, bringing total disclosed funding above $235M. | 中 | SR016, SR021, SR026 |
| CR036 | Federal sector contract revenue is estimated to represent approximately 50–60% of Horizon3.ai's total revenue, creating concentration risk tied to government budget cycles. | 低 | SR019, SR020, SR002 |
| CR037 | No publicly documented CEO succession plan for Snehal Antani has been disclosed by Horizon3.ai as of the run date. | 低 | |
| CR038 | Craft Ventures led Horizon3.ai's Series C in 2023, with investors Michael Robinson and Kevin Gabura on the investment. | 中 | SR021 |
| CR039 | The EU AI Act classifies high-risk AI systems with strict obligations including adequate risk assessment, high-quality training data, activity logging, detailed documentation, clear user information, human oversight, and high robustness. | 高 | SR009, SR011 |
| CR040 | BIS extended the IC designer authorization timeline to December 31, 2026, reflecting the ongoing evolution of US export control enforcement in advanced technology sectors. | 中 | SR031 |
| CR041 | The CISA KEV catalog is maintained by a US federal agency (CISA); any disruption to CISA's budget or operations could affect the continuous availability of threat intelligence data. | 低 | SR005 |
| CR042 | NodeZero Federal aligns with multiple federal mandates including FedRAMP, FISMA, NIST RMF, RMF, CMMC, and CORA per company documentation. | 中 | SR002, SR032 |
| CR043 | Horizon3.ai's Jill Passalacqua serves as Chief Legal Officer with prior roles at FireEye and JumpCloud, providing cybersecurity-specific legal institutional knowledge. | 中 | SR003 |
| CR044 | NodeZero's blog contains 81 attack blog entries and 30 vulnerability disclosures, demonstrating continuous offensive research that both strengthens and exposes the attack intelligence base. | 中 | SR027 |
| CV001 | Horizon3.ai closed a $100 million Series D funding round in November 2024. | 高 | SV001, SV009, SV010, SV011, SV015 |
| CV002 | The November 2024 Series D valued Horizon3.ai at approximately $1 billion, making it a unicorn. | 高 | SV001, SV009, SV010, SV011 |
| CV003 | Horizon3.ai has raised $140 million in total disclosed capital across confirmed funding rounds (Series C and Series D), with additional undisclosed earlier rounds likely bringing the cumulative total higher. | 中 | SV001, SV024, SV034 |
| CV004 | At the $1B post-money valuation, Horizon3.ai's implied EV/ARR multiple spans 12.5× (at $80M ARR) to 33× (at $30M ARR), reflecting the wide uncertainty in the unverified ARR figure. | 中 | SV007, SV017, SV024 |
| CV005 | If Horizon3.ai's ARR is $80M, the implied EV/ARR multiple at $1B valuation is 12.5×, roughly in line with high-growth cybersecurity SaaS peers. | 中 | SV007, SV008 |
| CV006 | If Horizon3.ai's ARR is $30M, the implied EV/ARR multiple at $1B valuation is 33×, well above any publicly traded cybersecurity SaaS comparable in 2026. | 中 | SV007, SV008 |
| CV007 | Horizon3.ai claimed 24× ARR growth since 2020, based on company press materials; this figure is unaudited and not independently verified. | 低 | SV029, SV024 |
| CV008 | Tenable (TENB) had an enterprise value of approximately $4.8–5B and ARR of approximately $900M in early 2026, implying an EV/ARR multiple of approximately 5.4×. | 高 | SV002, SV031, SV007 |
| CV009 | Rapid7 (RPD) had an enterprise value of approximately $1.5B and ARR of approximately $780M in early 2026, implying an EV/ARR multiple of approximately 1.9×, reflecting competitive pressure and potential strategic review. | 中 | SV004, SV032, SV007 |
| CV010 | Qualys (QLYS) had an enterprise value of approximately $2B and ARR of approximately $550M in early 2026, implying an EV/ARR multiple of approximately 3.6×. | 中 | SV006, SV007 |
| CV011 | SentinelOne (S) had an enterprise value of approximately $16–20B and ARR of approximately $900M in early 2026, implying an EV/ARR multiple of approximately 17–22×, reflecting hypergrowth and strong NRR. | 中 | SV005, SV007 |
| CV012 | CrowdStrike (CRWD) had an enterprise value of approximately $80B and ARR of approximately $4B in early 2026, implying an EV/ARR multiple of approximately 20×, driven by platform breadth and 30%+ growth. | 高 | SV003, SV033, SV007 |
| CV013 | Pentera is Horizon3.ai's most direct autonomous security validation competitor, explicitly positioning its platform against traditional and semi-automated penetration testing approaches. | 中 | SV020, SV007 |
| CV014 | Pentera reportedly has approximately 1,200 enterprise customers and approximately $100M ARR, making it a materially larger revenue-generating entity than typical Series B/C startups and a credible threat to Horizon3.ai's market positioning. | 低 | SV020, SV007 |
| CV015 | FedRAMP High authorization requires 18–36 months of sustained compliance effort and seven-figure investment, creating a replication barrier that most cybersecurity startups cannot shortcut. | 中 | SV023, SV025, SV007 |
| CV016 | Horizon3.ai reports serving 5,200+ customers with 225,000+ pentests safely executed as of H1 2025. | 中 | SV024, SV029, SV030 |
| CV017 | The penetration testing market is projected at $1.98B–$2.36B in 2025 with a 14–15% CAGR, and the PTaaS sub-segment is growing at approximately 22.6% CAGR from a $0.72B base in 2026. | 中 | SV007, SV008 |
| CV018 | The autonomous PTaaS sub-segment, which Horizon3.ai leads, benefits from a structural tailwind as enterprises shift from annual point-in-time pentests to continuous automated validation cycles. | 中 | SV007, SV008, SV024 |
| CV019 | A 12–15× ARR multiple is appropriate for a cybersecurity SaaS company growing at 30–50%+ with net revenue retention above 110%, based on comparable analysis. | 中 | SV007, SV002, SV003 |
| CV020 | Bull case: Horizon3.ai reaches $150M ARR by end of 2027 at a 20× EV/ARR multiple, yielding a $2.5–3.5B valuation—a 2.5–3.5× return on the Series D price. | 低 | SV007, SV029 |
| CV021 | Base case: Horizon3.ai reaches $80–100M ARR by end of 2026 at a 12–15× EV/ARR multiple, yielding a $1.0–1.5B valuation—roughly flat to the Series D entry price, providing minimal margin of safety. | 中 | SV007, SV029, SV030 |
| CV022 | Bear case: Horizon3.ai reaches only $40–55M ARR due to competitive displacement and federal budget headwinds, and at an 8–11× multiple, yields a $400–600M valuation—a 40–60% loss on the Series D. | 中 | SV007, SV020 |
| CV023 | An IPO pathway for Horizon3.ai likely requires $150M+ ARR, NRR consistently above 120%, and gross margins above 70%, based on cybersecurity SaaS IPO precedents. | 低 | SV007, SV002 |
| CV024 | Strategic M&A acquirers with both financial capacity and strategic rationale for acquiring Horizon3.ai include CrowdStrike, Palo Alto Networks, Microsoft, and Tenable, each of which has an active exposure management or security testing strategy. | 中 | SV033, SV031, SV007 |
| CV025 | Horizon3.ai's federal segment represents a double-edged risk: the DoD authorization validates product quality and drives premium ARR, but a single-cycle loss of multiple federal contracts could trigger a material ARR step-down. | 中 | SV023, SV025 |
| CV026 | Horizon3.ai's press release for 2024 claimed 102% ARR growth for that calendar year. | 低 | SV029, SV024 |
| CV027 | AI commoditization—specifically the rapid improvement of foundation models for vulnerability reasoning—is a medium-term (3–5 year) threat to Horizon3.ai's differentiation, as open-source or incumbent-bundled alternatives may replicate core autonomous pentest capabilities. | 中 | SV020, SV007 |
| CV028 | Pentera, as Horizon3.ai's most direct competitor, explicitly positions itself as a superior automated security validation alternative to legacy tools, and its website and marketing materials demonstrate comparable autonomous validation capabilities. | 中 | SV020 |
| CV029 | CrowdStrike's active expansion into exposure management and security validation represents a strategic threat to Horizon3.ai; if CrowdStrike integrates autonomous pentest capabilities into its Falcon platform, it could commoditize the standalone autonomous PTaaS category. | 中 | SV003, SV033, SV007 |
| CV030 | Microsoft Security Copilot, backed by a $3 trillion market cap company with deep enterprise relationships, represents a potential long-term threat to autonomous security testing platforms if it achieves reliable autonomous pentest-grade capability. | 低 | SV007 |
| CV031 | Five material thesis-break triggers for Horizon3.ai investors are: a down round below $800M; loss of three or more federal contract renewals in a single cycle; NRR confirmed below 100%; a competitor achieving FedRAMP High authorization; and IPO diligence revealing ARR below $50M. | 中 | SV023, SV025, SV020 |
| CV032 | Pre-investment diligence must obtain verified ARR, NRR by segment, GAAP gross margin, full cap table with liquidation waterfall, federal contract renewal schedule, and head-to-head win/loss data versus Pentera. | 中 | SV001, SV007 |
| CV033 | Series D investors confirmed in public sources include Craft Ventures and SignalFire, alongside other unnamed investors. | 中 | SV034, SV017, SV018 |
| CV034 | Federal government budget concentration creates a tail risk: if US federal IT spending is cut materially or if procurement processes delay, Horizon3.ai's federally-dependent ARR component could contract faster than commercial growth compensates. | 中 | SV023, SV025 |
| CV035 | The median EV/ARR multiple for publicly traded cybersecurity SaaS companies in 2026 is approximately 5–10×, with the high end driven by hypergrowth platforms (CrowdStrike, SentinelOne) and the low end by mature or pressured platforms (Rapid7, Qualys). | 中 | SV002, SV003, SV004, SV005, SV006, SV007 |
| CV036 | The investment recommendation is conditional: TRACK at current price; upgrade to BUY upon verified ARR ≥$80M, NRR >110%, and entry multiple at or below 15× ARR. Investors who can secure pricing below $700M should do so. | 中 | SV007, SV008 |
| CV037 | NodeZero Insights, Horizon3.ai's early-stage expansion into continuous exposure management, could expand TAM by addressing asset discovery, risk prioritization, and compliance use cases beyond point-in-time pentesting. | 低 | SV026, SV024 |
| CV038 | Horizon3.ai's claimed 24× revenue growth since 2020 is a company-originated statistic that has not been verified by independent audited financial statements or third-party sources. | 低 | SV029, SV024 |
| CV039 | The most relevant public cybersecurity SaaS comparables for Horizon3.ai are Tenable, Rapid7, Qualys, SentinelOne, and CrowdStrike, selected for their overlap in vulnerability management, security testing, or exposure management revenue streams. | 中 | SV002, SV003, SV004, SV005, SV006, SV031, SV032, SV033 |
| CV040 | Horizon3.ai raised $100 million in its Series D with Craft Ventures and SignalFire as confirmed investors, at approximately $1B post-money valuation in November 2024. | 高 | SV001, SV009, SV034, SV015 |
| CV041 | NodeZero's 'Pentest Wednesday' subscription model—where customers receive weekly autonomous pentest results—creates recurring subscription revenue that is structurally stickier than project-based consulting engagements. | 中 | SV024, SV030 |
| CV042 | Horizon3.ai's 'State of Assumed Security' research report argues that enterprises dramatically underestimate their real attack surface vulnerability, providing an independent rationale for continuous autonomous pentesting beyond regulatory compliance. | 中 | SV027, SV024 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Horizon3.ai | Horizon3.ai — Autonomous Penetration Testing Platform | 225,000 pentests safely run in production environments |
| SO002 | Horizon3.ai | About Us — Horizon3.ai | Founded in 2019 by industry, US Special Operations, and US National Security veterans |
| SO003 | Horizon3.ai | NodeZero Autonomous Pentesting Platform — Horizon3.ai | NodeZero transforms how organizations secure their environments by running unlimited pentests that uncover exploitable paths, guide remediation, and immediately verify that your fixes are effective. |
| SO004 | GlobeNewswire | Horizon3 AI Raises 100 Million Series D to Accelerate the Future of Autonomous Penetration Testing | Horizon3.ai, the pioneer of autonomous penetration testing, today announced it has raised $100 million in Series D funding at a valuation of over $1 billion. |
| SO005 | Craft Ventures | Horizon3.ai — Craft Ventures Portfolio | Craft Ventures led the Series C investment in Horizon3.ai |
| SO006 | Dark Reading | Horizon3.ai Scores $100M for Autonomous Penetration Testing | Horizon3.ai, the cybersecurity startup behind the NodeZero autonomous pentesting platform, announced it has raised $100 million in Series D funding. |
| SO007 | Horizon3.ai | Horizon3.ai News and Press Releases | Horizon3.ai's NodeZero, the World's Most Experienced AI Hacker, Drives 102% ARR Growth |
| SO008 | Horizon3.ai | NodeZero Federal — FedRAMP High Authorized Autonomous Pentesting | NodeZero Federal is currently the only FedRAMP High Authorized platform purpose-built for continuous, autonomous penetration testing |
| SO009 | Horizon3.ai | NodeZero Federal — Government Cybersecurity Solutions | |
| SO010 | Horizon3.ai | Horizon3.ai News — Company Announcements | NodeZero Drives 102% ARR Growth |
| SO011 | Horizon3.ai | Horizon3.ai Attack Research | |
| SO012 | Horizon3.ai | NodeZero Developer Documentation | Deploy, configure, and maximize the effectiveness of NodeZero, our autonomous penetration testing platform. |
| SO013 | Horizon3.ai | Prosperity7 Ventures Strategic Investment Press Release | Prosperity7 Ventures and Horizon3.ai share a priority to safeguard AI datacenters and critical infrastructure that support the global economy. |
| SO014 | Fast Company | Most Innovative Companies 2026 — Security Category | Horizon3.ai ranked #4 in the Security category on Fast Company's Most Innovative Companies 2026 list. |
| SO015 | Inc. | Inc. 5000 — Fastest Growing Private Companies in America | Horizon3.ai ranked #1 in Security on the Inc. 5000 list. |
| SO016 | Deloitte | Deloitte Technology Fast 500 | Horizon3.ai ranked #3 overall on the Deloitte Technology Fast 500. |
| SO017 | SignalFire | Horizon3.ai — SignalFire Portfolio | |
| SO018 | SecurityWeek | Horizon3.ai Raises $100M for Autonomous Penetration Testing | |
| SO019 | TechCrunch | Horizon3.ai raises $100M Series D for autonomous pentesting | |
| SO020 | Bishop Fox | Bishop Fox — Offensive Security Research and Services | Complex application logic vulnerabilities, novel zero-days, and social engineering surfaces require creative human adversarial thinking that automated enumeration tools cannot replicate. |
| SO021 | Cobalt.io | Cobalt — Penetration Testing as a Service | |
| SO022 | Rapid7 | Rapid7 — Managed Detection and Penetration Testing | |
| SO023 | Gartner Peer Insights | Autonomous Penetration Testing Reviews — Gartner Peer Insights | |
| SO024 | Built In | Horizon3.ai — Company Profile | Founded in 2019 by industry, US Special Operations, and US National Security veterans, Horizon3.ai is headquartered in San Francisco, CA, and made in the USA. |
| SO025 | Horizon3.ai | NodeZero — Internal Pentesting Use Case | |
| SM001 | MarketsandMarkets | Penetration Testing Market Size, Share & Trends Report 2031 | The penetration testing market size was valued at USD 1.98 billion in 2025 and is projected to reach USD 4.39 billion by 2031, at a CAGR of 14.2%. |
| SM002 | MarketsandMarkets | Penetration Testing as a Service Market Size, Share & Trends Report 2031 | The penetration testing as a service market size is expected to grow from USD 0.72 billion in 2026 to USD 1.98 billion by 2031, at a CAGR of 22.6%. |
| SM003 | Mordor Intelligence | Penetration Testing Market Size, Share, Trends & Industry Report 2031 | The penetration testing market size is projected to expand from USD 2.36 billion in 2025 and USD 2.72 billion in 2026 to USD 5.54 billion by 2031, registering a CAGR of 15.29% between 2026 to 2031. |
| SM004 | NIST (National Institute of Standards and Technology) | NIST Special Publication 800-115: Technical Guide to Information Security Testing and Assessment | The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. |
| SM005 | CISA (Cybersecurity and Infrastructure Security Agency) | Continuous Diagnostics and Mitigation (CDM) Program | CISA | |
| SM006 | Bishop Fox | Bishop Fox | The Leading Authority in Offensive Security | |
| SM007 | OffSec | PEN-200 | OSCP+ Certification Course | |
| SM008 | IBM | Cost of a Data Breach Report 2025 | IBM | New global research from IBM and Ponemon Institute reveals how AI is greatly outpacing security and governance in favor of do-it-now adoption. |
| SM009 | Horizon3.ai | NodeZero | Autonomous Pentesting Platform | Horizon3.ai | 5,200+ customers trust Horizon3.ai. 225,000+ pentests safely run in production. |
| SM010 | Horizon3.ai | About Us | Horizon3.ai | |
| SM011 | Horizon3.ai | NodeZero | Autonomous Penetration Testing Platform | |
| SM012 | Horizon3.ai | NodeZero Federal: Mission-Proven Security Whitepaper | |
| SM013 | Horizon3.ai | Attack Research | Horizon3.ai | |
| SM014 | Horizon3.ai | Healthcare Customer Story | Horizon3.ai | |
| SM015 | Pentera | Pentera | AI-Driven Security Validation Platform | |
| SM016 | Cobalt | Cobalt | Pentest as a Service Platform | |
| SM017 | Synack | Synack | Continuous Security Testing | |
| SM018 | Rapid7 | Metasploit | Penetration Testing Framework | |
| SM019 | Tenable | Nessus Vulnerability Scanner | Tenable | |
| SM020 | NetSPI | NetSPI | The Proactive Security Solution | |
| SM021 | HackerOne | Exposure Management | HackerOne | |
| SM022 | Dark Reading | AI Agents Generate Custom Hacking Tools to Attack Infrastructure | |
| SM023 | Dark Reading | Horizon3.ai Raises $100M for Autonomous Penetration Testing | |
| SM024 | Craft Ventures | Horizon3.ai | Craft Ventures Portfolio | |
| SM025 | FedRAMP Marketplace | NodeZero Continuous Autonomous Penetration Testing | FedRAMP Marketplace | |
| SP001 | Pentera | Exposure Validation Platform | AI-Driven Testing | Pentera | |
| SP002 | Pentera | Pentera Platform — Security Validation from Find to Fix | Reduce cyber exposure across the complete enterprise attack surface with AI-powered adversarial testing. |
| SP003 | Pentera | Pentera Blog — Pentera at $100M ARR: A CEO Reflection | Pentera at $100M ARR – A CEO Reflection |
| SP004 | Cobalt.io | Cobalt | Modern Offensive Security Platform and PTaaS Pioneers | The 25x Remediation Gap: See how elite security teams resolve risks in 10 days vs. 249 |
| SP005 | Cobalt.io | What is PTaaS? | Cobalt Blog | |
| SP006 | Synack | Synack Blog — Sara AI Pentesting Is Now Generally Available | Sara AI Pentesting Is Now Generally Available: The Model Is Changing |
| SP007 | Synack | Synack Government and Public Sector Security Testing | |
| SP008 | Rapid7 | Rapid7 | Open Platform. AI-Powered. Human-Led. | Open platform. AI-powered. Human-led. Serving 11,000+ global customers. |
| SP009 | Rapid7 | Metasploit | Penetration Testing Framework | Rapid7 | More than 4,000 exploit modules. The world's most used penetration testing framework. |
| SP010 | Rapid7 | InsightSIEM | Rapid7 SIEM and XDR Platform | |
| SP011 | Tenable | Tenable | Exposure Management for the AI Era | Tenable is the exposure management company. |
| SP012 | Tenable | Nessus Vulnerability Scanner | Tenable | |
| SP013 | Tenable | Tenable One — AI-Powered Exposure Management Platform | Take action on cyber exposure with Tenable One, the world's leading AI-powered exposure management platform for the AI era. |
| SP014 | CrowdStrike | The Agentic Security Platform | CrowdStrike Falcon | The Agentic Security Platform. Unified and built to secure the AI revolution. |
| SP015 | Palo Alto Networks | Cortex XSIAM | AI-Driven Security Operations | Unlock true AI-driven security operations. Unparalleled data. Unbeatable AI. The most advanced SOC platform. |
| SP016 | AttackIQ | AttackIQ | CTEM End-to-End Adversarial Exposure Validation | AttackIQ runs CTEM end-to-end to map adversary paths, show what leads to real attacks, and prove your defenses stop them. |
| SP017 | XM Cyber | XM Cyber | Fix What Matters — Continuous Attack Path Management | AI-powered attackers are cutting time-to-exploit from weeks to hours. XM Cyber continuously surfaces every validated exposure that forms real attack paths. |
| SP018 | FedRAMP Marketplace | NodeZero Continuous Autonomous Penetration Testing | FedRAMP Marketplace | |
| SP019 | Horizon3.ai | NodeZero Autonomous Pentesting Platform | Horizon3.ai | 5,200+ customers trust Horizon3.ai. 225,000+ pentests safely run in production. |
| SP020 | Horizon3.ai | NodeZero Product Overview | Horizon3.ai | |
| SP021 | Dark Reading | Horizon3.ai Scores $100M for Autonomous Penetration Testing | |
| SP022 | SecurityWeek | Horizon3.ai Raises $100M Series D for Autonomous Pentesting Platform | |
| SP023 | SC World | Horizon3.ai Raises $100M Series D, Valuation Tops $1 Billion | |
| SP024 | Dark Reading | AI Agents Generate Custom Hacking Tools to Attack Infrastructure | |
| SP025 | NetSPI | NetSPI Blog | Offensive Security Research and Insights | |
| SP026 | Synack | Synack | Continuous Security Testing Platform | |
| SP027 | Horizon3.ai | Autonomous Pentesting vs. Traditional Pentest 2026 | Horizon3.ai Blog | |
| SP028 | CISA | Continuous Diagnostics and Mitigation (CDM) Program | CISA | |
| SP029 | HackerOne | Vulnerability Disclosure | HackerOne | |
| SP030 | Federal News Network | Horizon3.ai Raises $100M Series D | Federal News Network | |
| SI001 | Tenable Holdings | Tenable Holdings 10-K Annual Report FY2025 | As of December 31, 2025, we had over 40,000 customers, including approximately 65% of the Fortune 500. |
| SI002 | Dark Reading | Horizon3.ai Raises $100M to Advance Autonomous Pentesting | Horizon3.ai has raised $100 million in a Series D funding round led by Craft Ventures. |
| SI003 | GlobeNewswire | Horizon3.AI Raises $100 Million Series D to Accelerate Autonomous AI-Powered Penetration Testing | |
| SI004 | Help Net Security | Horizon3.ai raises $100 million in Series D funding | |
| SI005 | SiliconAngle | Autonomous pentesting startup Horizon3.ai closes $100M Series D | |
| SI006 | Horizon3.ai | NodeZero Insights Product Page | |
| SI007 | Horizon3.ai | Horizon3.ai Careers | |
| SI008 | Rapid7 | Rapid7 Investor Relations: Annual Reports | Rapid7 annual reports and investor presentations available at investor relations portal. |
| SI009 | SecurityWeek | Horizon3.ai Raises $100 Million in Series D Funding | Horizon3.ai has raised $100 million in a Series D funding round, the company announced Tuesday. |
| SI010 | Horizon3.ai | Horizon3.ai Official Website | 5,200+ customers. 225,000+ safely executed pentests. |
| SI011 | Horizon3.ai | Horizon3.ai About Us | |
| SI012 | Craft Ventures | Craft Ventures Portfolio: Horizon3.ai | Horizon3.ai is a portfolio company of Craft Ventures. |
| SI013 | Rapid7 | Rapid7 Official Website | |
| SI014 | Tenable Holdings | Tenable Holdings Official Website | |
| SI015 | Dark Reading | Horizon3.ai Scores $100M for Autonomous Penetration Testing | |
| SI016 | SecurityWeek | SecurityWeek: Horizon3.ai Coverage Archive | |
| SI017 | MarketsandMarkets | Penetration Testing Market Size, Share and Trends Report 2031 | |
| SI018 | Rapid7 | Rapid7 InsightIDR: SIEM and XDR | |
| SI019 | Tenable Holdings | Tenable Nessus: Vulnerability Assessment | |
| SI020 | Horizon3.ai | NodeZero for Federal: Mission-Proven Security | |
| SI021 | NetSPI | NetSPI: Penetration Testing and Offensive Security | |
| SI022 | Cobalt | Cobalt: Pentest as a Service | |
| SI023 | AttackIQ | AttackIQ: Breach and Attack Simulation | |
| SI024 | FedRAMP PMO | FedRAMP Marketplace: NodeZero by Horizon3.ai | NodeZero by Horizon3.ai — FedRAMP High Authorization Status: Authorized |
| SI025 | Horizon3.ai | Autonomous Pentesting vs. Traditional Pentest 2026 | |
| SE001 | Horizon3.ai | NodeZero — Autonomous Penetration Testing Platform | NodeZero delivers production-safe autonomous pentests and other key assessment operations that scale across your largest internal, external, cloud, and hybrid cloud environments. |
| SE002 | Horizon3.ai | NodeZero Internal Penetration Testing | |
| SE003 | Horizon3.ai | NodeZero External Penetration Testing | |
| SE004 | Horizon3.ai | NodeZero Cloud Penetration Testing | |
| SE005 | Horizon3.ai | NodeZero Federal — FedRAMP High Authorized Pentesting | NodeZero is the only FedRAMP High Authorized autonomous penetration testing platform. |
| SE006 | Horizon3.ai | NodeZero Compliance Service — PCI DSS, HIPAA, CMMC, SOC 2, ISO 27001 | |
| SE007 | Horizon3.ai | NodeZero MCP Server — AI Tool Integration | |
| SE008 | Horizon3.ai | NodeZero Tripwires — Post-Breach Deception Technology | |
| SE009 | Horizon3.ai | NodeZero Technical Documentation | |
| SE010 | GitHub / Horizon3.ai | horizon3ai GitHub Organization — CVE PoC and Research Repositories | 41+ public repositories including CVE proof-of-concept exploit tools with active community engagement. |
| SE011 | FedRAMP Program Management Office | FedRAMP Marketplace — NodeZero (ID F2209220003) | FedRAMP authorized product listing for NodeZero by Horizon3.ai. |
| SE012 | Cybersecurity and Infrastructure Security Agency (CISA) | CISA Known Exploited Vulnerabilities Catalog | |
| SE013 | Horizon3.ai | Vanguard Partner Program — MSSP, MSP, and Reseller Tiers | |
| SE014 | Horizon3.ai | NodeZero for MSSP — Partner Delivery Platform | |
| SE015 | Horizon3.ai | NodeZero Phishing Impact Testing | |
| SE016 | Horizon3.ai | NodeZero Active Directory Password Audit | |
| SE017 | Horizon3.ai | Horizon3.ai Integrates NodeZero with ServiceNow Vulnerability Response | |
| SE018 | Gartner Peer Insights | NodeZero Reviews and Ratings 2026 — Gartner Peer Insights | Competent tool that is a good assistance in the security testing of the company network ... Might be a little negative due to the partner we are working with. There are some scheduling issues and results of tests that do not make sense. |
| SE019 | Horizon3.ai | Horizon3.ai Recognized as Customers' Choice in Gartner Peer Insights Adversarial Exposure Validation Report | |
| SE020 | Horizon3.ai | Autonomous AI Cyber Defense You Can Trust in Production | |
| SE021 | Built In | Horizon3.ai Company Profile — Built In | |
| SE022 | Horizon3.ai | Horizon3.ai and Pax8 Expand Access to Offensive Security via MSP Channel | Horizon3.ai and Pax8 are partnering to bring NodeZero to Pax8's network of more than 30,000 MSP partners. |
| SE023 | Horizon3.ai | Horizon3.ai Safe Autonomous AI Cyber Defense Press Release | |
| SE024 | Horizon3.ai | Horizon3.ai Earns Awardable Status in Department of War Platform One Solution Marketplace | |
| SE025 | Horizon3.ai | Horizon3.ai Reports Record 1H 2025 Results: NodeZero Enterprise Scale Impact | More than 170,000 autonomous pentests have been executed, including the largest pentest ever recorded—safely testing more than 100,000 IP addresses in a single run. |
| SE026 | Horizon3.ai | State of Assumed Security — Horizon3.ai Research Report | |
| SE027 | Horizon3.ai | NodeZero Insights — Exposure Management Intelligence | |
| SE028 | National Institute of Standards and Technology | National Vulnerability Database (NVD) | |
| SE029 | Horizon3.ai | Horizon3.ai Security Gap Research — Pen Test vs. Scanner Findings | |
| SE030 | Horizon3.ai | Horizon3.ai NodeZero 102% ARR Growth Press Release | NodeZero drives 102% ARR growth year-over-year as enterprise demand accelerates. |
| SE031 | Business Wire | Horizon3.ai NodeZero ARR Growth Business Wire Announcement | |
| SE032 | SC Magazine | Horizon3.ai Raises $100M Series D | |
| SE033 | TechCrunch | Horizon3.ai Raises $100M Series D to Continue Autonomous Pentesting Platform Push | |
| SE034 | Horizon3.ai | Attack Research — NodeZero CVE and Vulnerability Research Team | Horizon3.ai's Attack Research Team publishes CVE research and delivers rapid exploit development for the NodeZero platform. 100% made in USA — US-based engineering with no offshore development. |
| SE035 | Horizon3.ai | About Us — Horizon3.ai Company Overview | Horizon3.ai is a US-based autonomous security company focused on enabling organizations to proactively find and fix exploitable attack paths before attackers do. |
| SE036 | GlobeNewswire | Horizon3 AI Raises $100 Million Series D to Accelerate the Future of Autonomous Penetration Testing | Horizon3 AI has raised $100 million in Series D funding to accelerate the future of autonomous penetration testing, bringing total raised to over $250 million. |
| SU001 | Horizon3.ai | Horizon3.ai Reports FY2026 ARR Growth and Customer Milestones | 5,200+ organizations globally; 102% ARR growth; 125% Net Dollar Retention; 94% Gross Dollar Retention; 225,000+ production-safe pentests; 32% Q4 bookings from channel |
| SU002 | Horizon3.ai | Horizon3.ai Reports Record 1H 2025 Results Proving NodeZero's Enterprise-Scale Impact | ~4,000 organizations globally; 137% ARR growth; enterprise segment 485% YoY growth; 170,000+ pentests |
| SU003 | Horizon3.ai | Horizon3.ai Ranks No. 121 on the 2025 Inc. 5000 List — #1 in Cybersecurity | 2,962% three-year revenue growth (2021–2024); #1 cybersecurity company on Inc. 5000 |
| SU004 | Horizon3.ai | Horizon3.ai Ranked 3rd Fastest-Growing Company in North America on the 2025 Deloitte Technology Fast 500 | 19,939% three-year revenue growth; #3 fastest-growing technology company in North America |
| SU005 | Horizon3.ai | Horizon3.ai Recognized as a Customers' Choice in the October 2025 Gartner Peer Insights Voice of the Customer — Adversarial Exposure Validation | 4.7/5.0 stars; 73 published reviews; 90% willingness to recommend; Customers' Choice in AEV category |
| SU006 | Horizon3.ai | NodeZero for Federal and DoD — Horizon3.ai Federal Vertical Page | |
| SU007 | Horizon3.ai | NodeZero for Financial Services — Autonomous Pentesting for Banks and Insurance | |
| SU008 | Horizon3.ai | NodeZero for Healthcare — Protecting Healthcare from an Aggressive Threat Landscape | |
| SU009 | Horizon3.ai | NodeZero for U.S. Public Sector — SLED and Federal Government Use Cases | |
| SU010 | Horizon3.ai | Healthcare Faces an Aggressive Threat Landscape — Nation's Largest Healthcare System Case Study | 60+ NodeZero tests across 30+ network segments; continuous threat exposure management program |
| SU011 | Horizon3.ai | ZeroLogon AD Risk and Iranian Tradecraft — Manufacturing Customer Case Study | 94 attack paths eliminated; ZeroLogon and Iranian tradecraft techniques identified and remediated |
| SU012 | Horizon3.ai | From Patch Tuesday to Pentest Wednesday: Proof That Protects Healthcare | ZeroLogon vulnerability discovered and remediated at leading U.S. hospital via Liberman Networks MSSP |
| SU013 | Horizon3.ai | From Patch Tuesday to Pentest Wednesday: Proof That Redefined Security for a Manufacturer | 94 attack paths eliminated; weekly Pentest Wednesday cadence; M&A security validation |
| SU014 | Horizon3.ai | From Patch Tuesday to Pentest Wednesday: Continuous Validation in a Regulated Environment | AWS compromise discovered in under 10 minutes; 586 critical impacts in 14-hour financial institution engagement |
| SU015 | Horizon3.ai | NodeZero and Zero Trust for Federal: Aligning with NIST SP 800-207 in DoD Environments | |
| SU016 | Horizon3.ai | NodeZero Achieves Awardable Status on Tradewinds Solutions Marketplace | |
| SU017 | Horizon3.ai | Horizon3.ai Earns Awardable Status on DoD Platform One Solution Marketplace | |
| SU018 | Horizon3.ai | Horizon3.ai Accelerates Channel Investment at Global Partner Conference Americas | |
| SU019 | Horizon3.ai | Horizon3.ai Expands Global Partner Leadership to Accelerate MSP and Partner-Led Growth | |
| SU020 | Horizon3.ai | Horizon3.ai and Pax8 Expand Access to Offensive Security for MSP Ecosystem | Pax8 ecosystem of 40,000+ MSP partners given access to NodeZero offensive security |
| SU021 | Horizon3.ai | Horizon3.ai Integrates NodeZero with ServiceNow Vulnerability Response | |
| SU022 | Horizon3.ai | Horizon3.ai Named to NatSec 100 List for Second Consecutive Year | |
| SU023 | Horizon3.ai | Horizon3.ai Named One of Fast Company's Most Innovative Companies of 2026 | |
| SU024 | Gartner | Gartner Peer Insights — NodeZero by Horizon3.ai — Customer Reviews and Ratings | 3.0/5.0 CRITICAL review (Aug 21 2024): 'Capable Product for Continued Pen Testing at a Reasonable Cost' — scheduling issues with partner; test results difficult to interpret. Majority of 73 reviews average 4.7/5.0 with 90% willingness to recommend. |
| SU025 | Craft Ventures | Craft Ventures Portfolio — Horizon3.ai | |
| SU026 | Built In | Horizon3.ai Company Profile — Built In | |
| SU027 | FedRAMP Program Management Office | FedRAMP Marketplace — Authorized Cloud Service Offerings | |
| SU028 | Dark Reading | Horizon3.ai Raises $100M for Autonomous Penetration Testing (Series D) | |
| SU029 | CB Insights | Horizon3.ai — Company Profile, Funding, and Market Data | |
| SU030 | CISA | CISA Known Exploited Vulnerabilities Catalog | |
| SU031 | Craft.co | Horizon3.ai — Craft.co Company Intelligence | |
| SU032 | Horizon3.ai (GitHub) | Horizon3.ai GitHub Organization — Developer and Open-Source Presence | |
| SU033 | U.S. Securities and Exchange Commission | SEC EDGAR — Horizon3.ai Form D Filings (Private Placement) | |
| SR001 | Horizon3.ai | The NodeZero Platform | NodeZero transforms how organizations secure their environments by running unlimited pentests that uncover exploitable paths, guide remediation, and immediately verify that your fixes are effective. |
| SR002 | Horizon3.ai | NodeZero Federal Whitepaper: FedRAMP High Security for Federal Agencies | NodeZero Federal is currently the only FedRAMP High Authorized platform purpose-built for continuous, autonomous penetration testing, offering a unique capability to federal agencies seeking real-time operational assurance. |
| SR003 | Horizon3.ai | About Us — Team of Motivated Learn-it-alls | Snehal Antani is the Co-Founder and CEO of Horizon3.ai... Snehal previously served as CTO of JSOC, CTO at Splunk, and CIO at GE Capital. |
| SR004 | FedRAMP Program Management Office | FedRAMP Marketplace | |
| SR005 | CISA | Known Exploited Vulnerabilities Catalog | |
| SR006 | NIST | NIST Cybersecurity Framework | |
| SR007 | NIST / CSRC | SP 800-115: Technical Guide to Information Security Testing and Assessment | |
| SR008 | Bureau of Industry and Security (BIS) | Export Control Policy: Cybersecurity Items | |
| SR009 | European Commission Digital Strategy | AI Act — Regulatory Framework for Artificial Intelligence | The prohibitions became effective in February 2025. |
| SR010 | Library of Congress / Congress.gov | H.R.6580 — 118th Congress (2023–2024): LAND Act | |
| SR011 | Official Journal of the European Union / EUR-Lex | Regulation (EU) 2024/1689 — Artificial Intelligence Act | |
| SR012 | Federal Register | Export Controls on Semiconductor Manufacturing Items | |
| SR013 | Pentera | Pentera — Automated Security Validation | |
| SR014 | Cobalt.io | Cobalt — Pentest as a Service Platform | |
| SR015 | Built In | Horizon3.ai Company Profile | |
| SR016 | PitchBook | Horizon3.ai Company Profile | |
| SR017 | VentureBeat | VentureBeat Security — AI and Security Coverage | |
| SR018 | Defense News | Defense News — Defense Technology and Policy Coverage | |
| SR019 | USASpending.gov | USASpending.gov — Federal Contract Spending Database | |
| SR020 | SAM.gov | SAM.gov Contract Opportunities — Horizon3 AI Search | |
| SR021 | Craft Ventures | Horizon3.ai — Craft Ventures Portfolio | Year of Investment: 2023. Investment Type: Led Series C. |
| SR022 | Dark Reading | LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly | Because these dynamically generated commands, scripts, and code differ with each execution, they effectively replace open source hacking tools that are more likely to be detected, reducing the possibility of detection by traditional security solutions. |
| SR023 | Wikipedia | Penetration Test — Limitations and Methodology | |
| SR024 | NVD / NIST | National Vulnerability Database | |
| SR025 | HackerOne | Vulnerability Disclosure — HackerOne Platform | |
| SR026 | SEC EDGAR | SEC EDGAR — Form D Search (Horizon3 Entities) | |
| SR027 | Horizon3.ai | Horizon3.ai Blog — Cybersecurity Insights | |
| SR028 | Horizon3.ai | Horizon3.ai Homepage | |
| SR029 | NVD / NIST | NIST NVD Homepage | |
| SR030 | Office of the Under Secretary of Defense for Acquisition & Sustainment | Cybersecurity Maturity Model Certification (CMMC) | |
| SR031 | Bureau of Industry and Security | BIS Homepage — Export Administration | |
| SR032 | Horizon3.ai | NodeZero Federal — Industries: Federal | |
| SR033 | Horizon3.ai | Careers at Horizon3.ai | |
| SV001 | U.S. Securities and Exchange Commission (SEC) | EDGAR Full-Text Search — Horizon3 Form D Filings | SEC EDGAR shows Form D filings for Horizon3.ai entities, confirming private fundraising activity including the November 2024 Series D round. |
| SV002 | Tenable Holdings Investor Relations | Tenable Annual Reports — Investor Relations | Tenable 2024 annual report discloses ARR and revenue growth rate used in EV/ARR comparable analysis. |
| SV003 | CrowdStrike Holdings Investor Relations | CrowdStrike Quarterly Results — IR | CrowdStrike Q4 FY2026 results confirm ARR and provide basis for EV/ARR multiple derivation used in comparable analysis. |
| SV004 | Rapid7 Investor Relations | Rapid7 Annual Reports — IR | |
| SV005 | SentinelOne Investor Relations | SentinelOne Quarterly Results — IR | |
| SV006 | Qualys Investor Relations | Qualys Investor Relations | |
| SV007 | Gartner | Gartner Cybersecurity Strategy Topics & Insights | Gartner cybersecurity market insights provide context for the penetration testing and adversarial exposure validation segment growth rates and competitive dynamics. |
| SV008 | Gartner Peer Insights | Gartner Peer Insights — Adversarial Exposure Validation: Horizon3.ai NodeZero | Horizon3.ai NodeZero received a 'Customers Choice' designation in the October 2025 Gartner Peer Insights Voice of the Customer for Adversarial Exposure Validation, reflecting strong user satisfaction relative to category peers. |
| SV009 | Dark Reading | Horizon3.ai Raises $100M to Advance Autonomous Pentesting | Horizon3.ai has raised $100 million in a Series D funding round to accelerate the development and deployment of its autonomous penetration testing platform NodeZero. |
| SV010 | SiliconAngle | Horizon3.ai Bags $100M in Series D Round to Bolster AI Pentesting Platform | The funding values Horizon3.ai at about $1 billion, giving it unicorn status. |
| SV011 | Help Net Security | Horizon3.ai Raises $100M to Fuel NodeZero Series D | Horizon3.ai secured a $100 million Series D round, reaching unicorn status with a valuation of approximately $1 billion. |
| SV012 | Help Net Security | Horizon3.ai Raises $100 Million in Series D Funding | |
| SV013 | SC Magazine | Horizon3.ai Raises $100M Series D; Valuation Tops $1 Billion | |
| SV014 | Axios | Horizon3.ai Raises $100 Million in Series D — NodeZero | |
| SV015 | Morningstar / Globe Newswire | Horizon3.ai Raises $100 Million Series D to Accelerate Autonomous Penetration Testing | Horizon3.ai has raised $100 million in Series D funding to accelerate the future of autonomous penetration testing. |
| SV016 | Fast Company | Horizon3.ai Named Most Innovative Company 2026 | Horizon3.ai was named among Fast Company's Most Innovative Companies for 2026, recognizing NodeZero's impact on enterprise security operations. |
| SV017 | CB Insights | Horizon3.ai Company Profile | CB Insights tracks Horizon3.ai's funding rounds, confirming the Series D and providing investor and valuation context. |
| SV018 | Craft.co | Horizon3.ai Company Data | |
| SV019 | Built In | Horizon3.ai Company Profile — Built In | |
| SV020 | Pentera | Pentera Automated Security Validation Platform | Pentera positions its platform as the category leader in automated security validation, directly competing with NodeZero for enterprise penetration testing budgets. |
| SV021 | Cobalt.io | Cobalt Pentest as a Service Platform | |
| SV022 | Synack | Synack Crowdsourced Security Testing | |
| SV023 | FedRAMP Program Management Office | FedRAMP Marketplace | The FedRAMP Marketplace lists authorized cloud service providers; Horizon3.ai's inclusion confirms active FedRAMP authorization status required to sell to federal agencies. |
| SV024 | Horizon3.ai | Horizon3.ai — Company Homepage | |
| SV025 | Horizon3.ai | NodeZero Federal — Use Case | Horizon3.ai's federal use-case page documents NodeZero's deployment in DoD and civilian agency environments and its awardable status on the Platform One Solution Marketplace. |
| SV026 | Horizon3.ai | NodeZero Insights — Exposure Management | NodeZero Insights represents Horizon3.ai's expansion from penetration testing into continuous exposure management, targeting a broader addressable market. |
| SV027 | Horizon3.ai | State of Assumed Security Research Report | Horizon3.ai's State of Assumed Security report documents that enterprises significantly underestimate their real vulnerability exposure, supporting the market need for continuous autonomous testing. |
| SV028 | Horizon3.ai | NodeZero Tripwires — Technical Capability | NodeZero Tripwires demonstrate an autonomous detection capability that distinguishes the platform from static vulnerability scanners and traditional pentest tools. |
| SV029 | Horizon3.ai | NodeZero 102% ARR Growth Press Release | Horizon3.ai reported 102% ARR growth for 2024, driven by NodeZero's autonomous penetration testing platform adoption across enterprise and federal customers. |
| SV030 | Horizon3.ai | Horizon3.ai Record H1 2025 Results Press Release | Horizon3.ai reported record first-half 2025 results, claiming continued ARR growth and expanded enterprise customer adoption of NodeZero. |
| SV031 | Tenable | Tenable.com — Company and Products | |
| SV032 | Rapid7 | Rapid7.com — Products and Solutions | |
| SV033 | CrowdStrike | CrowdStrike.com — Cybersecurity Platform | |
| SV034 | Craft Ventures | Craft Ventures Portfolio — Horizon3.ai | Craft Ventures lists Horizon3.ai in its portfolio, confirming its role as a Series D investor and providing implicit validation of the investment thesis. |