#BHUSA: 1000 DoD Contractors Now Covered by NSA’s Free Cyber Services Program
The United States Department of Defense (DoD) has taken a significant step to protect its defense contractors from the ever-evolving threat of cyber attacks. The National Security Agency's (NSA) Continuous Autonomous Penetration Testing (CAPT) program, launched in 2024, now covers 1000 small DoD contractors with free pentesting services through Horizon3.ai's NodeZero solution.
The CAPT program was initiated to address the growing concern of under-resourced and privately-owned defense contractors being vulnerable to malicious cyber activity. According to Bailey Bickley, Chief of the US Defense Industrial Base (DIB) Defense at the NSA's Cybersecurity Collaboration Center (CCC), these companies are "the backbone of our nation" yet often lack the resources to defend against cyber threats.
Chinese nation-state cyber groups pose a significant threat to DoD contractors, with China's hacking resources outnumbering those of the US and allies combined. According to Bickley, Chinese hackers have been exploiting publicly known unpatched vulnerabilities, making it easy for them to gain access to sensitive information. Moreover, they are getting "really good at using AI to find and exploit unpatched instances of these vulnerabilities at scale."
Horizon3.ai's CEO and co-founder Snehal Antani revealed that the program is set to expand from 200 beneficiaries in 2024 to 1000 in 2025. Additionally, Antani said Horizon3.ai and the NSA were exploring how to use AI agents to develop the program's pretesting capabilities further in the future.
Antani also shared insights gathered after conducting 20,000 hours of pentesting with NodeZero. According to him, today's AI-driven attacks are faster, more scalable, and more thorough than traditional methods. "The future of cyber warfare is algorithms abiding, algorithms with humans by exception," he added.
Horizon3.ai has integrated Model Context Protocol (MCP) servers into NodeZero, a backbone infrastructure for AI agents introduced by Anthropic in 2024. This integration enables the use of agentic workflows to fix issues faster, according to Antani.
The CAPT Program: A Success Story
The CAPT program has shown promising results since its emergence in 2024. In one example shared by Bickley, a research and development company with multiple contracts with various parts of the DoD joined the CAPT program in January 2025 and was able to access a file share with over three million files, including sensitive information related to nuclear-powered submarines and aircraft carriers – all of that in five minutes or running the NodeZero pentest.
Another notable achievement of the CAPT program is the fastest full domain compromise, which took only 77 seconds. This highlights the effectiveness of the program in identifying vulnerabilities and providing proactive measures to mitigate them.
The Expanding Program
As the CAPT program continues to grow, it's essential to acknowledge the significance of its expansion from 200 beneficiaries in 2024 to 1000 in 2025. This move demonstrates the NSA's commitment to protecting DoD contractors and ensuring their security.
With Horizon3.ai's NodeZero solution at the forefront, the CAPT program is well-positioned to address the evolving threat landscape and provide proactive measures to safeguard DoD contractors from cyber attacks.