He broke into systems for fun before he could spell "firewall." Now he gets paid to break into yours - first, so the criminals can't.
// Subject: S. Rosenblatt. Status: friendly. Threat level: to attackers only.
At Strike's New York office, the product on the screen does something most security vendors only promise: it attacks you constantly. Autonomous agents probe every asset, every day, then hand the findings to human hackers who confirm what's real. The pitch is blunt - 98% of the companies Strike runs against turn up a critical vulnerability, and most of them had no idea.
Santiago Rosenblatt is the founder and CEO. He started Strike in 2020 after a pandemic detour back to Uruguay, where he spent his mornings interviewing CISOs and CTOs the way other founders study spreadsheets. The complaint was always the same: real penetration tests happened once, maybe twice a year, cost a fortune, and arrived too slowly to matter. Attackers didn't keep a calendar. So why should defense?
His answer was to make pentesting continuous - and then, with the Strike360 engine, to let AI run the first wave so the human experts spend their time on the findings that bite. The model worked well enough that 120+ companies across 20+ countries now sit behind it, including Santander, Okta, Mercado Libre and Scotiabank.
In early 2025 the company raised a $13.5M Series A led by FinTech Collective to push deeper into the U.S. and Brazil. The investor list reads like a who's-who of people who know exactly what they're buying: the co-founder of Auth0, a former CISO of Palo Alto Networks. They are not easy to impress, and they wrote checks anyway.
What's striking is how ordinary he makes the company sound when he describes it. Strike isn't selling fear. It's selling tempo. The bet is that the gap between when a flaw appears and when someone notices it is the only number that really matters - and that closing it should be cheap enough for a Series-B startup, not just a multinational bank. Everything Strike does bends toward shrinking that gap.
Attack speeds were outpacing company response times, and cybercriminals were exploiting vulnerabilities before companies even knew they existed.// Santiago Rosenblatt
The first thing to know about him is the age: six. That's when he poked at PayPal and NBA League Pass, not to steal anything, but because a locked door is an invitation when you're a kid who likes to know how things work. The breaking was never the point. The understanding was.
The turning point came at fourteen. He found a glitch in an online marketplace that let him buy electronics for the price of shipping. Most teenagers would have called it a cheat code and quietly cashed in. He saw a fork in the road instead - a flaw that valuable, in the wrong hands, ruins people. He picked the side that builds locks rather than picks them.
By fifteen he was helping regional companies tighten their defenses. He stacked a computer engineering education across several universities, with a final stop at Oxford, and then went to work where the stakes were high: leading application security for the likes of Scotiabank, dLocal and Delivery Hero. He became the first cybersecurity specialist at PedidosYa, standing between 30 million users and the people who wanted in.
Then the offers came - Amazon, Facebook, the kind of names that end the conversation. He said no. The pandemic sent him home to Uruguay, and instead of taking a safe seat at a giant, he started asking security chiefs what kept them up at night. The answers became a company.
He didn't build it alone, and he didn't build it in a vacuum. He co-founded Strike with Facundo Lopez Juncal and assembled a bench of operators who'd spent careers on offense. The cap table tells its own story: Sergej Epp, a former CISO of Palo Alto Networks, and Matias Woloski, co-founder of Auth0, are the kind of backers who can smell a hollow security pitch from across a room. They didn't just write checks; they lent credibility that money can't buy in a market built on trust.
To understand why Strike landed, it helps to know how the old way worked. A company hires a firm. Humans test the systems for a few weeks. A PDF arrives. By the time anyone reads it, the codebase has shipped a dozen new releases, and the report is already describing a building that no longer exists. The whole ritual happens once or twice a year because it is expensive and slow, which is precisely backwards from how software actually changes.
Rosenblatt's reframing was to treat testing as a feed rather than a photograph. Strike's platform sets up fast - in some cases a couple of hours - and starts surfacing findings in a fraction of the time a traditional engagement takes. Then it never really stops. Continuous attack simulation runs against every asset, and when something looks dangerous, a human on Strike's bench confirms it before it ever reaches a customer's inbox. The point is not to drown teams in noise; it's to hand them the handful of things that would actually hurt.
The numbers he likes to cite are the ones that make procurement teams sit up. Critical vulnerabilities found in 98% of companies tested. Detection windows measured in hours instead of weeks. A trial-to-paid conversion that suggests the product mostly sells itself once a CISO sees what it digs up. And the guarantee - find nothing serious in three months and get half your money back - that doubles as a marketing line and a dare.
Underneath it sits Strike360, the AI engine he has been building toward an explicit goal: automate a large share of pentesting work so the expensive human expertise gets aimed at the hard problems. He's framed it as autonomous agents doing the relentless first pass at high accuracy and low false positives, with people supplying the judgment machines still can't. It is a deliberately unromantic division of labor, and it is the whole company in one sentence.
Cybersecurity isn't just for big corporations anymore; any business operating online needs to secure its systems.
Traditionally, penetration testing occurs at most once or twice yearly because it's extremely costly and time-consuming. We created a solution enabling consistent testing.
Strike is flipping the script on traditional security testing. Our AI-driven platform will accelerate vulnerability detection and remediation at a scale never seen before.
Strike offers a 50% money-back guarantee if it finds no medium, high or critical vulnerability within three months. Reportedly, it has never had to pay out. Confidence, with a price tag attached.
He guards 6 to 9 a.m. daily for himself before the company gets its claws in - the discipline of someone who learned early that systems, including your own, need maintenance windows.
Strike360's autonomous agents run continuous attack simulations aiming for 98% accuracy and just 2% false positives, then hand off to expert hackers. Machines for speed, people for truth.
The aspiration is unglamorous and enormous at once: make continuous, affordable security the default for anyone with a login page. He has talked about automating roughly half of all pentesting through AI while keeping human validation in the loop, and has worked with MIT on the automation problem itself.
From a New York base, the map is expansion - the U.S. and Brazil first, then wherever there's an online business that can't afford to learn about its weaknesses from an attacker. The kid who once walked through other people's doors now spends his days making sure they're locked.
There's a tidy symmetry to it. The skills that made a six-year-old dangerous are the exact skills that make a CEO useful: pattern recognition, patience, and an instinct for the gap nobody else is looking at. He spent his teens learning how attackers think, his twenties learning how defenders fail, and he built Strike at the intersection - a company run by someone who has stood on both sides of the door. That is rarer than it sounds, and it is most of why the people who fund security companies took his call.
"Cybersecurity isn't just for big corporations anymore. Any business operating online needs to secure its systems."// Santiago Rosenblatt, Founder & CEO, Strike