South African start-up Subverted challenges norms of proactive security at ITWeb Security Summit 2026

Subverted’s captivating stand at the IT Web Security Summit 2026 event held at Sandton Convention Center.

---

Local cyber security company Subverted used its sponsor and exhibitor presence at ITWeb Security Summit 2026 in Johannesburg to announce Proactive, a unified offensive security platform now in private beta, alongside new releases inside Subverted Academy – the company's cyber skills development solution.

Subverted, a South African cyber security company building proactive security for the AI-human era, was proud to participate as a sponsor at the ITWeb Security Summit 2026.

Subverted demonstrated how organisations can move beyond fragmented point tools or services towards one continuous, unified view of their full attack surface, with one workflow to act on it.

Founded and led by long-time penetration testers Ulrich Swart (CEO) and Jason Spencer (CTO), Subverted is built around three connected lines of business: expert-led penetration testing across application, network, cloud and tailored consulting engagements; the Proactive platform, now in private beta with selected enterprise customers; and Subverted Academy, the company's gamified skills development environment for individuals and teams.

Offensive security programmes in most organisations have grown into a stack of disconnected tools or providers. One product for attack surface discovery. Another for scanning. Another for code security. Another for pentests. Each carries its own inventory, its own queue of findings and its own definition of what matters. The result is noise, duplicated effort and risk that hides in the gaps between tools and engagements.

Proactive brings six offensive security disciplines into one operating model, one inventory and one actionable pipeline. Recon delivers continuous asset discovery across external, internal and cloud environments. Intel surfaces breach exposure, brand impersonation and external risk signals. Scan provides continuous vulnerability discovery across web application, APIs, cloud environments and networks. Guard covers source code analysis, dependency checks, secret and infrastructure-as-code security inside the development pipeline. Strike delivers pentesting on-demand, automated, supervised or traditional human-led. Insight produces executive, technical and compliance-ready reporting from the same unified data.

Every finding from every module flows through the same triage engine before it reaches a human. Duplicates are collapsed. Noise is suppressed. Business and asset context is applied. What lands in the queue is what actually deserves attention, ready to be assigned to a person or a team, tracked through to retest and closed with an audit trail.

Local based startup team from Subverted at their stand (from left - Matthew Hughes, Jason Spencer (Co-Founder), Ariana Fredericks and Ulrich Swart (Co-Founder)).

---

"Running offensive security programmes in organisations was never meant to require six different logins or six queues," says Ulrich Swart, CEO and co-founder of Subverted. "After close to a decade each on the offensive side of the industry, Jason and I built Proactive to answer the core questions continuously: what can actually hurt this organisation and what should they do about it next. Thus our new solution combining agentic scale and human expertise."

Where much of the industry is racing to remove humans from the loop as AI solutions evolve, Subverted has taken the opposite stance. Agentic automation runs the coverage but human expertise validates the truth. Both live inside the same solution, working and validating the same findings, against the same assets ensuring quality and experienced outcomes. Agentic pentesting and human pentesting are two modes of one capability, so customers can move between speed and depth without changing workflows or losing impact.

Cyber resilience in Africa will not be solved by tools alone. At the summit, Subverted also showcased new releases inside Subverted Academy. SOCForge, an AI-driven battleground that pushes SOC analysts, incident responders and threat hunters through realistic, escalating scenarios designed to sharpen judgment under pressure. And Academy For Teams, a cyber workforce development solution that helps organisations grow capability across IT, offensive, defensive and strategic security disciplines.

"We are building from South Africa with the expectation that what we ship competes globally," says Jason Spencer, CTO and co-founder of Subverted. "That is the standard our customers deserve and it is the standard this country is more than capable of producing."

Proactive is open for private beta access to organisations that want to help shape the platform. More information is available at subverted.io.

About Subverted

Subverted is a South African cyber security company building proactive security for the human-AI era. The company delivers expert-led penetration testing services, the Proactive unified offensive security platform, and Subverted Academy for individual and team cyber skills development. Founded by long-time penetration testers Ulrich Swart and Jason Spencer, Subverted works with enterprise customers in South Africa and beyond to bring offensive security discovery, testing, validation and reporting into one continuous, unified workflow. More information is available at subverted.io and academy.subverted.io.

About ITWeb Security Summit 2026

ITWeb Security Summit 2026 was held at Century City Conference Centre, Cape Town on 26 May 2026 and at Sandton Convention Centre in Sandton, Johannesburg from 2-4 June 2026.

Themed: ‘Redefining security in the face of AI-driven attacks, fragile supply chains and a global skills gap’, the 21st annual edition of Security Summit continued in its tradition of bringing leading international and local industry experts, analysts and end-users together to delve into the specific threats and opportunities facing African CISOs, security specialists, GRC professionals and anyone else who is responsible for securing their organisation from cyber attacks.