Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The Great Pentesting Betrayal: A Shift Away from Automated Security Scanning Tools


Infosec professionals are increasingly skeptical of automated pentesting tools, citing their inability to detect critical vulnerabilities and adapt to complex cyber attacks. As a result, many are adopting hybrid security approaches that leverage AI while prioritizing human intervention in the testing process.

  • Only 9% of respondents expressed interest in using fully autonomous pentesting tools, down from 29% last year.
  • Automated scanning tools failed to identify known vulnerabilities (78% of respondents experienced "critical false negatives").
  • The complexity of modern cyber attacks outpaced the capabilities of automated pentesting tools.
  • AI is introducing a significant number of new vulnerabilities that automated pentesting tools struggle to detect (32% in AI and LLM environments).
  • Cobalt recommends adopting a hybrid security approach, where most systems are automatically scanned by AI and critical systems are left to humans to protect.



  • Infosec professionals have been vocal about their dissatisfaction with automated pentesting tools, which were once touted as a revolutionary solution for identifying vulnerabilities in computer systems. However, according to a recent survey conducted by Cobalt, an offensive security firm, the enthusiasm for these tools has waned significantly over the past year.

    The survey revealed that only 9% of respondents expressed interest in using fully autonomous pentesting tools, down from 29% last year. This significant decline suggests that many security teams have come to realize that automated scanning tools are not as effective as initially thought. The reasons for this shift away from automated pentesting tools are multifaceted.

    One primary concern is the inability of these tools to detect critical vulnerabilities. Cobalt's survey found that 78% of respondents experienced "critical false negatives" from automated scanning tools, which means that these tools failed to identify known vulnerabilities in their systems. This lack of effectiveness is particularly concerning in environments where AI is prevalent, as these tools are unable to adapt to the changing threat landscape.

    Furthermore, the complexity of modern cyber attacks has outpaced the capabilities of automated pentesting tools. Cobalt noted that prompt injection exploits and excessive agency flaws require creative, multi-turn interaction chains and adversarial psychology, which are entirely invisible to tools that test using single-shot automated queries. This highlights the need for human intervention in the security testing process.

    The survey also found that 12% of vulnerabilities detected in traditional environments are classified as high or critical severity, while this number rises to 32% in AI and LLM environments. This suggests that AI is introducing a significant number of new vulnerabilities, which automated pentesting tools struggle to detect.

    In response to these findings, Cobalt recommends adopting a hybrid security approach, where most systems are allowed to be automatically scanned by AI, while the most critical systems are left up to humans to protect and manage. This approach acknowledges the limitations of automated pentesting tools while leveraging their strengths in identifying known vulnerabilities.

    While some vendors have downplayed the significance of these findings, others recognize the need for a more nuanced approach to security testing. Amazon security chief CJ Moses acknowledged that AI pentesting tools have improved efficiency, but also emphasized the importance of human oversight to ensure that these tools do not introduce unintended consequences.

    The shift away from automated pentesting tools is a significant development in the ever-evolving world of cybersecurity. As AI and machine learning continue to shape the threat landscape, it is essential for security teams to adopt adaptable and hybrid approaches to stay ahead of emerging threats.

    Infosec professionals are increasingly skeptical of automated pentesting tools, citing their inability to detect critical vulnerabilities and adapt to complex cyber attacks. As a result, many are adopting hybrid security approaches that leverage AI while prioritizing human intervention in the testing process.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-Great-Pentesting-Betrayal-A-Shift-Away-from-Automated-Security-Scanning-Tools-ehn.shtml

  • https://www.theregister.com/security/2026/06/30/infosec-professionals-sour-on-automated-pentesting-tools/5264571


  • Published: Wed Jul 1 08:11:30 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us