TL;DR: For over ten years Cyrex has run engagements as pair hacking, at least two skilled adversaries on the same target so nothing slips through one person's blind spot, by hand, for the biggest names in games and enterprise. We have been accelerating a craft we have already mastered. The second seat is now an autonomous agent we built in-house, one that pursues thousands of attack paths in parallel while our engineers do the deep work only a human can. Wider coverage, harder findings, and a clear view of what comes next.
The idea was always two minds, not one
Cyrex has never sold a solo pentest. The reason is simple: one tester, however good, carries blind spots. They get attached to a hypothesis. They run out of hours before they run out of ideas. Pair hacking exists to break that pattern. Put two skilled adversaries on the same scope and the second mind catches what the first misses, questions the assumption the first accepted, and chases the path the first walked past.
That model has produced our best work for over a decade, across more than 200 companies and 500 million end users protected. So when we set out to make it sharper, we did not touch the principle. We changed who sits in the second seat.
The second hacker now never sleeps
We have spent more than a decade perfecting the human craft of this work, by hand, on some of the hardest targets in the world. What has changed is the second seat. One of those two adversaries is now an autonomous agent built in-house at Cyrex. Not a scanner. Not a checklist runner. An agent that reasons about a target, forms attack hypotheses, tests them, learns from what comes back, and keeps going across the entire surface without fatigue, without tunnel vision, and without quietly skipping the dull corner of the app where real problems often hide.
Here is what that second hacker is good at. It enumerates and probes at a scale no human can match, pursuing thousands of candidate paths in parallel rather than the handful a person can hold in their head. It is relentlessly consistent, applying the same rigour to hour ten as to hour one. And it has no ego about a hypothesis, so it abandons dead ends and pivots faster than a person will.
What this frees our engineers to do
The point of handing breadth and grind to an agent is not to remove the human. It is to aim the human at the work only a human can do and focus on areas that really need the engineer's attention.
With the full surface under continuous, parallel pressure from an autonomous partner, our engineers no longer have to choose where to spend their depth. They go deep, the agent goes wide, and the two streams feed each other. A path the agent surfaces becomes the thread an engineer pulls into a serious finding. That is where our people earn their keep: business-logic abuse that depends on understanding what an application is for, novel exploit chains that link three unremarkable issues into one critical compromise, and the contextual risk judgment that turns a list of vulnerabilities into advice a CISO can act on.
More of the surface genuinely tested, harder issues found, and a report shaped by senior human reasoning rather than tool output.
Battle-tested where it is hardest
Games are one of the most unforgiving environments in security. The attack surfaces are enormous, they change with every patch, and live economies turn a single overlooked flaw into real financial damage within hours of launch. It is the kind of work that rewards both breadth and depth at once, which is exactly what a human-plus-autonomous pairing delivers.
It is also work the most demanding studios in the world have trusted us with for years. Cyrex has secured launches for Funcom, Techland, Bethesda, Warner Bros, Epic Games and many more, across titles from Dune: Awakening to Dying Light 2 to Doom Eternal. You can see the full set of client stories in our portfolio.
The same approach carries straight into the enterprise work where the stakes are quieter but no less serious: fintech engagements where the damage lives in authorization logic and transaction flows, and regulated medtech environments where coverage and evidence both matter. Wherever the surface is large and the cost of a miss is high, a second adversary that never tires changes what a single engagement can find.
This is not us catching up
AI-Driven Offensive Security is not a trend we are chasing or a direction we are betting on. It is the natural acceleration of work we have done by hand, for over a decade, for studios and enterprises that cannot afford to be wrong. We are not here to add to the noise. We are telling you what we are already doing, from a position of having done the work longer than most have been talking about it.
There is far more to say about where this leads, and it should come from the people who built Cyrex rather than from a marketing page. In an upcoming piece we will sit down with cofounders Mathieu Huysman and Tim De Wachter to hear their take on how autonomous methods are reshaping offensive security, and what it means for the teams trusting us with their launches.
10+ years in, the first hacker matters more than ever. The second one just never sleeps. We are excited to show you what is next.
Frequently asked questions
What is pair hacking? Pair hacking is Cyrex's engagement model in which two skilled adversaries work the same target together, so the second perspective catches what the first misses. It improves coverage and the quality of findings compared with a single tester working alone.
How does an AI agent partner improve a penetration test? An autonomous agent can pursue thousands of attack paths in parallel with consistent rigour and no fatigue, giving full breadth across a large surface. That frees the human engineer to focus on deep, creative work like business-logic abuse and complex exploit chains, so the engagement goes both wide and deep at once.
Who does Cyrex work with? More than 150 studios and enterprises, across hundreds of engagements over 10 years, protecting over 500 million players, with work for names like Amazon Games, Techland, Bethesda, Warner Bros and Epic Games. The 60-plus client stories in our portfolio are the ones we can share publicly, a small window onto the full body of work.

Written by Mathieu Huysman
Mathieu is Co-Founder and CCO of Cyrex, the driving force behind the company's commercial growth since day one, with 11+ years of hands-on expertise across application security, penetration testing, and multiplayer architecture. He brings rare technical depth to every client conversation - because at Cyrex, expertise isn't just what's sold, it's what's lived.



