
Industry: Healthtech and Life Sciences Technology
Organization: Evinova (An Astrazeneca Group Affiliate)
Security Leadership: Adeeb Mahmood, Head of Cybersecurity
Product: Terra Platform™ Continuous Pentesting
AWS Services Used: Amazon Bedrock, AWS-Managed Compute and Storage Services
Background
Evinova is an enterprise life sciences technology company that builds and operates digital platforms supporting clinical development, regulatory science, and real-world evidence generation for global pharmaceutical organizations. Its applications process highly sensitive patient data, clinical trial data, and proprietary research, and are deployed on AWS to meet stringent security, reliability, and regulatory requirements.
As Evinova expanded its digital portfolio, it needed to secure rapidly changing, customer-facing web applications and APIs without slowing delivery or increasing operational risk in a highly regulated environment.
The Challenge
Evinova’s development velocity had outpaced the effectiveness of traditional security testing. Point-in-time penetration tests and compliance-driven assessments quickly became outdated as frequent releases introduced new endpoints, APIs, and integrations. Automated scanning tools generated large volumes of false positives, unvalidated findings, and blind spots, forcing internal teams to spend significant time triaging issues that were often infeasible to exploit.
This created material business risk. Undetected vulnerabilities introduced between assessments could persist in production, while delayed or noisy findings slowed remediation. In the life sciences context, a single production incident could disrupt time-sensitive clinical workflows, trigger regulatory scrutiny, and erode trust with enterprise pharmaceutical partners.
Evinova needed a continuous, scalable security model that aligned with AWS-native development and CI/CD pipelines, while producing defensible, high-confidence results.
The Solution
Evinova selected Terra Security’s agentic AI–powered continuous penetration testing platform to transform the way it validated security risks across AWS-hosted applications. Terra operates an AWS-native control plane that combines autonomous AI agents with on-demand copilot AI agents and human-in-the-loop governance to continuously map the attack surface, validate real-world exploitability, and safely execute penetration testing against production environments.
The platform integrates directly with Amazon Bedrock, enabling secure, auditable generative AI reasoning without exposing customer data or requiring management of model infrastructure. During deployment, Terra worked closely with Evinova to overcome complex authentication challenges, including building support for MFA-based autonomous authentication. This capability removed a key blocker to continuous testing and has since been incorporated into Terra’s broader platform for all customers.
Results and Impact
With Terra deployed in production, Evinova moved from episodic security assessments to continuous assurance. Key outcomes include:
- Substantial reduction in false positives, with Terra reporting only validated, exploitable vulnerabilities rather than theoretical issues, eliminating days to weeks of manual triage.
- Material improvement in remediation response, as engineering teams act faster on Terra-generated findings due to high confidence, clear prioritization, and built-in exploit evidence.
- Continuous visibility into the evolving attack surface, ensuring exposed endpoints and APIs are accurately tracked as applications change.
- Scalable security operations, allowing Evinova to expand application coverage without increasing security headcount or operational overhead.
The Takeaway
By adopting Terra, Evinova transformed its offensive security program to match the realities of modern, AWS-based life sciences platforms. Continuous, validated assurance replaced static testing, enabling Evinova to scale securely, meet regulatory expectations, and protect critical clinical and research systems without slowing innovation. This engagement exemplifies how agentic AI, when paired with human oversight, can redefine offensive security for regulated enterprises.





