South African start-up challenges norms of proactive security at ITWeb Security Summit 2026

Local cybersecurity company Subverted, using its sponsor and exhibitor presence at the ITWeb Security Summit 2026 in Johannesburg, announced Proactive, an integrated offensive security platform now in private beta, as well as the new release inside Subverted Academy – the company's cyber skills development solution.

Subverted, a South African cybersecurity company building proactive security for the AI-human era, was proud to participate as a sponsor at the ITWeb Security Summit 2026.

Subverted demonstrated how organizations can move beyond fragmented point tools or services toward a consistent, integrated view of their full attack surface with one workflow to act upon.

Founded and led by longtime penetration testers Ulrich Swart (CEO) and Jason Spencer (CTO), Subverted is built around three connected lines of business: expert-led penetration testing across application, network, cloud and tailored consulting engagements; Proactive Platform, now in private beta with selected enterprise customers; and Subverted Academy, the company's gamified skill development environment for individuals and teams.

Aggressive security programs in most organizations have devolved into a plethora of disconnected tools or providers. A product for attack surface discovery. Second for scanning. Second for code security. Another one for Pentest. Everyone has their own list, their own set of conclusions, and their own definition of what matters. The result is noise, repetitive effort, and risk that lurks in the gaps between devices and engagements.

Proactive brings together six offensive security disciplines into one operating model, one inventory, and one actionable pipeline. Recon provides continuous asset discovery across external, internal and cloud environments. Intel has highlighted breach risks, brand impersonation and external risk signals. The scan provides continuous vulnerability discovery across web applications, APIs, cloud environments, and networks. Guard covers source code analysis, dependency checking, obfuscation and infrastructure-as-code security inside the development pipeline. Strike offers on-demand, automated, supervised or traditional human-led testing. Insight generates executive, technical and compliance-ready reporting from the same integrated data.

Every search from every module goes through the same triage engine before reaching the human. Duplicates have collapsed. The noise is suppressed. Business and asset context is applied. What comes in the queue is what actually deserves attention, ready to be assigned to a person or team, tracked for re-testing and locked down with an audit trail.

Subverted's locally based startup team at their stand (from left – Matthew Hughes, Jason Spencer (co-founder), Ariana Fredericks and Ulrich Swart (co-founder)).

---

“Running aggressive security programs in organizations never meant needing six different logins or six queues,” says Ulrich Swart, CEO and co-founder of Subverted. “After nearly a decade working on the offensive side of the industry, Jason and I built Proactive to proactively answer the key questions: what exactly could harm this organization and what should they do about it next. So our new solution combines agentive scale and human expertise.”

While most industries are racing to remove humans from the loop as AI solutions develop, Subverted has taken the opposite approach. Agent automation drives coverage but human expertise verifies the truth. Both live inside the same solution, work against the same assets and validate the same findings, ensuring quality and experienced results. Agent pentesting and human pentesting are two methods of the same capability, so customers can move between speed and depth without changing workflow or losing impact.

Cyber ​​resilience in Africa will not be solved by tools alone. At the summit, Subverted also showcased new releases inside the Subverted Academy. SOCForge, an AI-powered battlefield that leads SOC analysts, incident responders, and threat hunters through realistic, escalated scenarios designed to accelerate decisions under pressure. and Academy for Teams, a cyber workforce development solution that helps organizations build capabilities across IT, offensive, defensive and strategic security disciplines.

“We're building from South Africa with the expectation that everything we ship competes globally,” says Jason Spencer, CTO and co-founder of Subverted. “This is the standard our customers deserve and this is the standard this country is more than capable of producing.”

Proactive is open to private beta access for organizations that want to help shape the platform. More information is available here distorted.io.

about perverted

Subverted is a South African cybersecurity company that is building proactive security for the human-AI era. The company offers expert-led penetration testing services, a proactive integrated offensive security platform, and the Subverted Academy for individual and team cyber skills development. Founded by long-time penetration testers Ulrich Swart and Jason Spencer, Subverted works with enterprise customers in South Africa and beyond to bring offensive security discovery, testing, verification and reporting into one continuous, integrated workflow. More information is available here distorted.io And academy.subverted.io.

About ITWeb Security Summit 2026

Where was ITWeb Security Summit 2026 held? Century City Conference Centre, Cape Town On 26 May 2026 and Sandton Convention Center in Sandton, Johannesburg From 2-4 June 2026.

Theme: 'Redefining security in the face of AI-powered attacks, fragile supply chains and the global skills gap', the 21st annual edition of the Security Summit continued in its tradition of bringing together leading international and local industry experts, analysts and end users to consider the specific threats and opportunities facing African CISOs, security experts, GRC professionals and anyone else responsible for securing their organization from cyber attacks.