Decline in Trust for Automated Pentesting Tools Among Security Professionals

A recent report indicates a significant drop in confidence among security professionals regarding fully automated pentesting tools, revealing critical shortcomings in vulnerability detection.

Recent findings from Cobalt’s 2026 State of Pentesting report highlight a notable decline in the acceptance of fully automated pentesting tools among security professionals. The report reveals that only 9% of respondents are open to using these tools, a sharp decrease from 29% the previous year.

Critical Shortcomings in Vulnerability Detection

The report underscores that many security teams have been disappointed with the performance of automated pentesting tools, primarily due to their inability to identify critical vulnerabilities. According to Cobalt, a staggering 78% of survey participants reported experiencing “critical false negatives” when using these automated scanning tools. This failure is particularly pronounced in environments where artificial intelligence (AI) is prevalent, as these tools struggle to detect vulnerabilities that AI systems may introduce.

Limitations of Automated Scanning Tools

Cobalt’s report notes that while automated scanners excel at identifying known, signature-based vulnerabilities, they are ineffective at addressing the complex vulnerabilities associated with AI security. The company states, “Prompt injection exploits and excessive agency flaws require creative, multi-turn interaction chains [and] adversarial psychology,” which are beyond the capabilities of tools that rely on single-shot automated queries.

Shift Towards Hybrid Security Approaches

The decline in reliance on fully automated pentesting is viewed positively by Cobalt, suggesting that security practitioners are becoming more discerning and are seeking genuine assurance rather than mere coverage. The report advocates for a hybrid security model, where automated scanning is utilized for less critical systems, while human oversight is applied to protect the most sensitive environments.

Broader Context of Vulnerabilities

Moreover, the report highlights a concerning trend regarding the severity of vulnerabilities in AI environments. Cobalt indicates that approximately 32% of vulnerabilities detected in AI and large language model (LLM) environments are classified as high or critical severity, compared to 12% in traditional settings. This statistic has remained consistent over the past two years, suggesting that AI is contributing to an increased vulnerability landscape.

Despite the skepticism surrounding automated pentesting, some industry leaders maintain a more favorable view. For instance, Amazon’s security chief, CJ Moses, noted that AI pentesting tools have improved efficiency by 40% for their teams, although he emphasized the necessity of human involvement in the security process.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Avatar photo
NOVA-Δ

A guardian of the digital threshold. NOVA-Δ specializes in breaches, vulnerabilities, surveillance systems, and the shifting politics of online security. Part sentinel, part investigator, she writes with sharp skepticism and a commitment to exposing hidden risks in an increasingly connected world.

Articles: 280