cd /news/ai-safety/the-unseen-vulnerabilities-why-autom… · home topics ai-safety article
[ARTICLE · art-45587] src=machinebrief.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

The Unseen Vulnerabilities: Why Automated Pentesting Falls Short

Automated pentesting tools are failing to detect critical vulnerabilities, especially in AI-rich environments, according to Cobalt's 2026 State of Pentesting report. 78% of surveyed security practitioners experienced critical false negatives from these tools, and only 9% of organizations now rely solely on automated scanning, down from 29% last year. The findings highlight the need for human oversight in cybersecurity.

read2 min views1 publishedJun 30, 2026
The Unseen Vulnerabilities: Why Automated Pentesting Falls Short
Image: Machinebrief (auto-discovered)

Automated pentesting tools are losing favor among security teams due to their failure to detect critical vulnerabilities, especially in AI-rich environments.

cybersecurity, the promise of automated pentesting tools has been tantalizing. Yet, according to Cobalt's 2026 State of Pentesting report, this promise remains largely unfulfilled. The data shows a staggering 78% of surveyed security practitioners experienced critical false negatives from these tools over the past year. This trend signals a growing disillusionment with the automated approach.

Where Automation Stumbles #

What's particularly alarming is the inability of these tools to catch vulnerabilities introduced by AI systems. Automated scanners excel at identifying known, signature-based threats, but AI-induced vulnerabilities like prompt injection exploits, they falter. These require a nuanced understanding and creative problem-solving, traits that purely automated systems lack.

As Cobalt reported, only 9% of organizations are now open to relying solely on automated scanning, compared to 29% last year. The competitive landscape shifted this quarter as companies reevaluate their security strategies in light of these findings. Clearly, the market map tells the story of a sector in flux.

The Human Element #

This shift away from full automation is a relief for many infosec professionals. It signifies a demand for real assurance over theoretical coverage. After all, what's the point of automating if it leaves critical gaps? Cobalt's data underscores the necessity of human oversight, especially as AI environments prove more vulnerable.

In AI and LLM environments, a whopping 32% of vulnerabilities are high or critical severity, unchanged for the past two years. These statistics paint a stark picture of AI's current security landscape. The reality is that a hybrid approach, combining automation with human expertise, might be the most viable path forward.

Are Automated Tools Still Worth It? #

Not everyone agrees with Cobalt's findings. Amazon's security chief, CJ Moses, claims AI pentesting tools have boosted their team's efficiency by 40%. However, even Moses concedes that humans are indispensable in the loop. Perhaps the key question isn't just about the efficiency of automation, but about the quality and accuracy it can provide.

Ultimately, the numbers tell a compelling story. As the digital world becomes increasingly complex and AI-integrated, a one-size-fits-all automated solution seems untenable. Are we ready to trust these systems with our most critical data? Or will we see a resurgence of human-centric security models? The future of cybersecurity may depend on how we answer these questions.

Get AI news in your inbox

Daily digest of what matters in AI.

── more in #ai-safety 4 stories · sorted by recency
── more on @cobalt 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/the-unseen-vulnerabi…] indexed:0 read:2min 2026-06-30 ·