Intruder Review 2026: Honest Pros & Cons

Name: Intruder
Availability: OnlineOnly

Intruder is a cloud-based continuous vulnerability scanner that monitors your external attack surface for security weaknesses. It runs 140,000+ checks against web applications, APIs, cloud infrastructure, and network services.

Intruder consolidated vulnerability management dashboard showing scan results and prioritization

Founded in 2015 and selected for the GCHQ Cyber Accelerator, Intruder now serves 3,000+ customers. It has a 4.8/5 rating on G2 from 154 reviews.

Feature	Details
Deployment	Cloud-only SaaS
Security checks	140,000+
Cloud connectors	AWS, Azure, GCP
AI analyst	GregAI
Compliance	SOC 2, ISO 27001, PCI DSS, HIPAA, DORA
Integrations	15+ (Jira, Slack, GitHub, etc.)
API access	Pro, Premium, and Vanguard plans
Free trial	14 days (Cloud plan features)
Starting price	See intruder.io/pricing

What is Intruder?

Intruder scans internet-facing systems for vulnerabilities on a continuous basis. When your infrastructure changes or a new threat emerges, it triggers scans automatically.

No manual scheduling required. The Verizon 2024 Data Breach Investigations Report found that vulnerability exploitation as an initial access vector grew significantly year over year, reinforcing the need for continuous scanning of internet-facing assets.

The platform differs from traditional DAST tools in scope. Where most DAST scanners focus on web application logic (XSS, SQLi, authentication flaws), Intruder covers the broader attack surface: exposed ports, misconfigured services, outdated software, and cloud misconfigurations alongside web application vulnerabilities.

Scope Difference

Intruder is an attack surface management platform with vulnerability scanning, not a deep application security tester. It finds exposed services and known CVEs across your entire perimeter.

For detailed web app testing of authenticated flows and business logic, pair it with a dedicated DAST scanner like ZAP or Burp Suite.

Key Features

Attack Surface Monitoring

Automatically discovers new subdomains, exposed services, and cloud resources. Scans trigger when changes are detected so new assets get tested before attackers find them.

GregAI Analyst

Intruder’s AI security analyst. It verifies findings, suppresses false positives, and ranks what to fix first based on exploitability and whether the CVE is actively being used in the wild.

Cloud Security (CSPM)

Native connectors for AWS, Azure, and GCP. Runs daily misconfiguration checks and automatically imports cloud assets.

Up to 3 accounts on Cloud plan, 10 on Pro, unlimited on Enterprise.

Emerging Threat Scans

When a new high-profile vulnerability drops, Intruder proactively checks your infrastructure. No waiting for scheduled scans when a critical CVE is published.

Compliance Reporting

Generates reports for SOC 2, ISO 27001, PCI DSS, HIPAA, and DORA. NIST SP 800-53 requires organizations to maintain a continuous monitoring program, and Intruder’s compliance reporting helps satisfy those audit requirements.

Risk Prioritization

Scoring factors in exploitability, asset criticality, and active exploitation data. Helps you ignore the noise and fix what actually matters.

Pricing

Intruder offers four tiers, all with 5 infrastructure licenses included:

Essential — 1 scheduled scan, unlimited ad hoc scans, enhanced risk data, unlimited users
Cloud — Unlimited scheduled scans, emerging threat scans, GregAI analyst, up to 3 cloud accounts, advanced analytics, role-based access, 15+ integrations
Pro — Internal target scanning, up to 10 cloud accounts, mass deployment options
Enterprise — Unlimited cloud accounts, 1000+ checks, attack surface visibility, advanced access control

Pricing is based on a base fee plus a per-target fee, calculated dynamically on Intruder’s pricing page.

All plans include a 14-day free trial with Cloud plan features.

Best Value

The Cloud plan is Intruder’s most popular tier. It includes unlimited scheduled scans, the GregAI analyst, and cloud security — none of which are in the Essential plan.

Integrations

Cloud Providers

AWS

Azure

Google Cloud

DevOps & Communication

GitHub

GitLab

Azure DevOps

CircleCI

Slack

Microsoft Teams

Jira

PagerDuty

Identity & Security

Okta

Auth0

Cloudflare

Getting Started

Create an account — Sign up at portal.intruder.io for a 14-day free trial. No installation needed; everything runs in the cloud.

Add targets — Specify domains, IP addresses, or connect AWS/Azure/GCP accounts. Cloud connectors auto-import your assets.

Run your first scan — Trigger manually or let Intruder scan automatically when it detects infrastructure changes.

Review and prioritize — GregAI filters noise and ranks findings by risk. Export reports for compliance or push issues to Jira/Slack.

API Access

The Intruder API lets you manage targets, trigger scans, and retrieve results programmatically. Available on Pro, Premium, and Vanguard plans.

# Trigger a scan via the Intruder API
curl -X POST "https://api.intruder.io/v1/scans" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"target_id": "target_123"}'

When to Use Intruder

Intruder works well for small to mid-sized organizations that need continuous attack surface monitoring without a dedicated security team. The cloud connectors and automated scanning mean less manual work for teams with cloud-native infrastructure.

It covers the gap between traditional vulnerability management (Qualys, Nessus) and application-specific DAST tools. If your primary concern is “what’s exposed on the internet and is it vulnerable,” Intruder answers that question.

For deep web application security testing of complex SPAs, authenticated workflows, or API business logic, you will need a complementary tool like Acunetix or Invicti.

Intruder itself acknowledges this positioning: it scans your perimeter, not the inner workings of your applications. For help choosing the right approach, see our what is DAST guide.

Frequently Asked Questions

What is Intruder and what does it scan?

Intruder is a cloud-based continuous vulnerability scanner that tests web applications, APIs, cloud infrastructure, and network services. It runs 140,000+ security checks against your external attack surface and alerts you when new vulnerabilities appear or infrastructure changes.

How much does Intruder cost?

Intruder has four tiers: Essential (1 scheduled scan, unlimited ad hoc), Cloud (unlimited scheduled scans, cloud security, GregAI), Pro (internal scanning, up to 10 cloud accounts), and Enterprise with custom pricing. Pricing is calculated based on the number of infrastructure and application licenses. All plans include a 14-day free trial.

What is GregAI in Intruder?

GregAI is Intruder’s AI security analyst that automates vulnerability assessment and response. It helps prioritize findings based on context, reduces alert noise, and provides actionable remediation guidance so teams can focus on the issues that matter most.

How does Intruder compare to traditional DAST tools?

Intruder focuses on continuous external attack surface monitoring rather than deep application-level testing. It excels at finding exposed services, misconfigurations, and known vulnerabilities across infrastructure. For thorough web application testing of complex SPAs, pair Intruder with a dedicated DAST tool.

What cloud platforms does Intruder integrate with?

Intruder has native connectors for AWS, Azure, and Google Cloud Platform. These automatically import your cloud assets and run daily misconfiguration checks. The platform also integrates with Jira, Slack, Microsoft Teams, GitHub, GitLab, Azure DevOps, CircleCI, PagerDuty, and Okta.

Intruder