Philosophy
Fluid Attacks is named a Strong Performer in the 2026 Gartner® Voice of the Customer for AST
Content writer and editor
5 min
In the fiercely competitive cybersecurity market, organizations are often promised "complete coverage," "effortless security," and many other goals that border on the grandiose. However, they frequently end up overwhelmed by redundant tools, false positives and negatives, as well as a lack of clear evidence that their defenses actually work, among other problems. This is one of the reasons why independent, peer-driven validation is so critical, so helpful.
Today, we are proud to announce that Fluid Attacks has been recognized as a Strong Performer in the 2026 Gartner® Voice of the Customer for Application Security Testing (AST).
What makes this recognition meaningful is its source: feedback from verified IT professionals and security practitioners who use these solutions in their day-to-day work. In a market where 98% of our customers expressed a "Willingness to Recommend" our solutions—the highest among eligible vendors—we believe this report validates our commitment to delivering high-quality, continuous security.
Understanding Gartner's "Voice of the Customer"
The "Voice of the Customer" (VoC) is a report that applies a specialized methodology to aggregated reviews from Gartner Peer Insights. Its purpose is to provide an overall perspective for IT decision-makers by focusing on peers' direct experiences with the solutions under review.
To be included in this prestigious report, IT solution vendors must meet rigorous criteria. During the 18-month submission period ending January 31, 2026, eligible vendors were required to have 20 or more published reviews and at least 15 ratings for both "Capabilities" and "Support/Delivery." In total, the AST market saw 769 reviews and ratings during this period.
Defining the Application Security Testing (AST) market
According to Gartner, the AST market comprises providers of products or solutions that enable organizations to assess applications to identify and manage security risks. These vendors detect vulnerabilities by:
Evaluating source code (static analysis)
Performing runtime tests (dynamic analysis)
Inspecting supply chain components (software composition analysis)
Modern AST products and solutions are no longer just for ad hoc evaluations; they are designed to be integrated throughout the development workflow for continuous assessment. They provide a comprehensive set of capabilities for risk identification, prioritization, and remediation assistance, whether delivered on-premises, in SaaS, or in a hybrid model.
Organizations leverage these tools to manage risks within individual applications or entire portfolios, ensuring compliance with internal policies and international regulatory requirements.
Fluid Attacks: A Strong Performer in the AST market
In the VoC report, vendors are placed into four quadrants based on "User Interest and Adoption" and "Overall Experience." Fluid Attacks is positioned in the "Strong Performer" quadrant, exceeding the market average for Overall Experience. This reflects the value our approach to vulnerability detection and customer support brings to our clients.
For us, this recognition means that while we are a focused, growing player in the global market, the organizations that choose us receive an experience that is demonstrably superior to the market average.
Key performance metrics
Beyond the quadrant placement, the numerical data from our customers highlights why Fluid Attacks stands out:
Willingness to recommend: 98% (the highest among the six eligible vendors)
Overall rating: 4.7 out of 5
Support experience: 4.8 out of 5 (based on 120 responses)
Product capabilities: 4.7 out of 5 (based on 119 responses)
Our strongest footprint was in the Finance (59% of reviews) and Services (13% of reviews) industries, highlighting our ability to meet the stringent compliance and security requirements of high-stakes environments.
A note from our CEO
"Being recognized as a Strong Performer is an important milestone for our team," says Vladimir Villa, CEO of Fluid Attacks. "From the beginning, we've seen AppSec as more than just providing tools: we believe it's essential to conduct comprehensive testing that combines the best of both technology and human expertise to identify and remediate all vulnerabilities. Seeing that 98% of our customers would recommend us reinforces that we're on the right track. We'll continue evolving our Continuous Hacking solution to help organizations stay ahead of ever-changing threats."
The Fluid Attacks difference: beyond automated testing
While many vendors in the AST category rely solely on automated scanners that produce a high volume of false positives, Fluid Attacks has spent over two decades perfecting a more comprehensive approach: Continuous Hacking.
The power of "human-in-the-loop" AI
Continuous Hacking is an all-in-one solution that combines our deterministic scanners and AI tools with the expertise of certified pentesters. This hybrid model allows us to test software throughout the entire development lifecycle (SDLC) with surgical accuracy, keeping false positives and false negatives to a minimum.
Seamless DevSecOps integration
We understand that security cannot be a bottleneck. Our platform is designed to adapt to the languages, tools, and environments your developers use. Our solutions integrate with your CLIs, CI/CD pipelines, IDEs, and bug-tracking systems to ensure security is "shifted left" from the first line of code. Moreover, we provide a CI Gate for pipelines that can automatically break the build to prevent insecure deployments.
Bridging the gap between detection and remediation
Reporting a risk is only half the battle. Fluid Attacks supports clients through the entire remediation journey. Our platform allows teams to prioritize vulnerabilities based on various impact factors, assign remediation tasks, and request "reattacks" to verify that a fix was successful.
Furthermore, we leverage GenAI to provide automatic remediation tips and compliant code examples. For complex issues, our clients can schedule video calls with our pentesters to ensure the vulnerability is fully understood and resolved.
What are customers saying about us?
Here are some comments from customers that contributed to this recognition:
"Reports Are Clear With Minimal False Positives and Require No Specialized Tuning"
"Fluid Attacks is a tool that integrates very easly [sic] and transparently into the application development cycle. No tuning or any other action is requered [sic]. You just connect it and you have results, and the results keep coming, without the need for management by the CISO. This helps us a lot in our agile cycle." —Director, IT services industry
"Confidence Built Through Professionalism and Effective Vulnerability Detection Features"
"Their team showed a high level of professionalism and, most importantly, they provided great support throughout the entire process. They are always attentive to answering questions and guiding you every step of the way which builds a lot of confidence in their work. Highly recommended." —Engineer, banking industry
"Strong security partner with excellent support; UI have room to improve"
"Our experience with Fluid Attacks has been largely positive. The platform has effectively helped us identify real programmatic security issues and open vulnerabilities that have improved our overall security posture. The support team has been a strong partner during infrastructure changes and product evolution The API can be slower at times (typically 5-7 seconds per response) and the MCP server output can sometimes be too extensive, requiring iteration and more precise questions to extract value, but once it is done, it becomes a fundamentally useful tool in our workflow. Overall, the benefits of the platform have clearly outweighed these limitations" —CIO, software industry
We invite you to read the full, unfiltered reviews from your peers on the Gartner Peer Insights page to see how Fluid Attacks is performing in the highly competitive AST market.
To our customers who shared their feedback: thank you. Your voice is what drives us to continuously improve and innovate the future of application security.
About Fluid Attacks
Since 2001, Fluid Attacks has been committed to developing its own technology to contribute to worldwide cybersecurity. Our Continuous Hacking solution provides a unified platform for development and security teams to identify, prioritize, verify, and fix security vulnerabilities, enabling organizations to deliver safe products to end users without compromising time-to-market.
Legal disclaimer
Gartner, Voice of the Customer for Application Security Testing, January 31 2026. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
Get started with Fluid Attacks' application security solution right now
Other posts
