AI makes pentesting 40% more efficient • The Register

https://www.theregister.com/2026/04/01/amazon_security_boss_ai_efficiency/

Publish Date: 2026-04-01 16:00:00

interview Amazon has seen a 40 percent efficiency gain by using AI tools to pentest its products before and after launch, according to security chief CJ Moses.

“And I don’t think we’ve hit the hockey stick of efficiency,” Moses, the chief information security officer of Amazon Integrated Security, told The Register during an interview at the RSA Conference. “Every year we launch more things, every year the teams needed to be bigger to do the pentesting, and we were in a battle where we couldn’t get enough pentesters to do all the work.”

Historically, this has been a very human- and resource-intensive endeavor, costing the cloud and online retail giant “millions and millions of dollars in humans” – both AWS employees and contractors – to proactively find and exploit bugs in products, services, and applications during the development process and before customers used them.

“With the advent of putting AI into play, we’ve actually become over 40 percent more efficient,” Moses said, noting that this efficiency gain comes from human and operating expenses related to pentesting.

Amazon isn’t firing security staff and replacing them with robots, we’re told. Instead, it’s holding hiring flat while adding more cloud services, features, and lines of code, and also maintaining the same level of security, but at a much higher velocity, according to Moses.

Another benefit of AI pentesters, he noted, is that they can continually test for vulnerabilities, even after the products have been released.

No longer is pentesting at a point in time. It continues to test, looking for next-level access, which is immeasurable

“The idea being that no longer is pentesting at a point in time,” Moses said. “It’s not even 365 days a year that you’re getting one test. It continues to test, looking for next-level access, which is immeasurable from the standpoint of…

Source