Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws

Staff Editor 2026-06-26
Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws

Less than one in ten of cybersecurity pros trust AI testing tools to find vulnerabilities, with over three-quarters say their AI vulnerability scanning tools missed critical flaws

https://www.techradar.com/pro/security/less-than-one-in-ten-of-cybersecurity-pros-trust-ai-testing-tools-to-find-vulnerabilities-with-over-three-quarters-say-their-ai-vulnerability-scanning-tools-missed-critical-flaws

Publish Date: 2026-06-26 10:30:00

Source Domain: www.techradar.com

  • Cobalt’s 2026 State of Pentesting Report shows confidence in fully automated AI testing collapsed from 29% in 2025 to 9% this year
  • 78% of respondents saw automated tools miss critical vulnerabilities; LLM flaws proved complex, with MTTR rising from 19 to 36 days and most issues left unresolved
  • Hybrid models surged to 47% adoption, as experts stress automation should complement, not replace, elite human expertise in uncovering business logic risks

As the world praises Mythos, and the Chinese rush to create their own variant, a report painting an entirely different picture comes from Cobalt.

The cybersecurity company just published the Cobalt State of Pentesting Report 2026, based on two comparative surveys, one in 2025 and one in 2026. Polling around 450 cybersecurity professionals, Cobalt wanted to see how confident the cybersecurity community is in automated AI testing for vulnerabilities and it turns out – not that much.

Last year, just below a third (29%) relied entirely on AI automation for testing. This year, the figure dropped to 9%. Cobalt suggests that the key reason for such a steep drop in confidence is the fact that 78% saw fully automated scanning tools missing critical vulnerabilities. Another key reason is the complexity of the AI attack surface the scanners are testing.

Latest Videos From

Context-dependent vulnerabilities

Roughly one in three findings from an AI pentest are rated “high-risk” – which is 2.7 times the average of conventional software, it was said. Also, at the time of analysis, less than two-fifths (38%) of LLM vulnerabilities were fixed, while 62% remained open. Mean time to resolve (MTTR) for AI/LLM security issues rose from 19 days to 36 days.

“LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an architectural understanding of the application,” said Andrew Obadiaru, CISO of Cobalt. “To close the validation gap, automation should be deployed exactly where it excels, but elite human expertise…

Source

More Stories

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Cybersecurity firms targeted by fraudulent OpenAI organization invites

Staff Editor 2026-06-26
The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

Staff Editor 2026-06-26
Malware authors subvert AI detection systems

Malware authors subvert AI detection systems

Staff Editor 2026-06-26

Terms and Conditions - Privacy Policy