Trust in Automated AI Vulnerability Scanning Collapses to 9%

Staff Editor 2026-06-25
Trust in Automated AI Vulnerability Scanning Collapses to 9%

Trust in Automated AI Vulnerability Scanning Collapses to 9%

https://www.infosecurity-magazine.com/news/trust-ai-vulnerability-scanning/

Publish Date: 2026-06-25 08:00:00

Source Domain: www.infosecurity-magazine.com

A large number of false negatives has significantly eroded confidence in automated AI testing for vulnerabilities, a new study from Cobalt has found.

The Cobalt State of Pentesting Report 2026 is based on two comparative surveys in 2025 and 2026 of around 450 cybersecurity professionals.

It found that the percentage of organizations relying entirely on AI automation for testing sank from 29% to 9% over the period, with nearly half (47%) of respondents now preferring a hybrid testing model. 

Over three-quarters (78%) said fully automated scanning tools missed critical vulnerabilities.

Read more on pen testing: AWS Unveils ‘Continuum,’ an AI-Powered Vulnerability Management Platform

The share of organizations now preferring a hybrid model, where humans support AI testing, surged 22 percentage points in a year. The percentage of organizations using automation for low-risk environments also rose 22 points to 47%.

“While the industry is rightfully excited about the potential of Mythos-class tools, unguided algorithms are inherently prone to returning even more false positives and costly false negatives than the automated scanners we have today,” said Andrew Obadiaru, CISO of Cobalt.

The AI Attack Surface Expands

A big reason for the decline in trust for AI automation is the complexity of the AI attack surface that these scanners are testing, noted the report.

Nearly one-in-three findings from an AI pentest is rated high risk – 2.7 times the average of conventional software, it claimed.

At the time of analysis, less than two-fifths (38%) of LLM vulnerabilities had been fixed, while 62% remained open – the lowest resolution rate of any asset class.

Mean time to resolve (MTTR) for AI/LLM security issues rose from 19 days to 36 days over the period, which Cobalt claimed shows that teams are tracking “significantly harder vulnerabilities” than before. 

“LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an…

Source

More Stories

ReliaQuest invests .5M in AI and Cybersecurity at USF

ReliaQuest invests $1.5M in AI and Cybersecurity at USF

Staff Editor 2026-06-25
America 250: US military’s decades-long cybersecurity push started with wake-up calls

America 250: US military’s decades-long cybersecurity push started with wake-up calls

Staff Editor 2026-06-25
Sekoia Unveils New Strategy and Brand as AI Reshapes Cybersecurity

Sekoia Unveils New Strategy and Brand as AI Reshapes Cybersecurity

Staff Editor 2026-06-25

Terms and Conditions - Privacy Policy