{"slug": "the-unseen-vulnerabilities-why-automated-pentesting-falls-short", "title": "The Unseen Vulnerabilities: Why Automated Pentesting Falls Short", "summary": "Automated pentesting tools are failing to detect critical vulnerabilities, especially in AI-rich environments, according to Cobalt's 2026 State of Pentesting report. 78% of surveyed security practitioners experienced critical false negatives from these tools, and only 9% of organizations now rely solely on automated scanning, down from 29% last year. The findings highlight the need for human oversight in cybersecurity.", "body_md": "# The Unseen Vulnerabilities: Why Automated Pentesting Falls Short\n\nAutomated pentesting tools are losing favor among security teams due to their failure to detect critical vulnerabilities, especially in AI-rich environments.\n\ncybersecurity, the promise of automated pentesting tools has been tantalizing. Yet, according to Cobalt's 2026 State of Pentesting report, this promise remains largely unfulfilled. The data shows a staggering 78% of surveyed security practitioners experienced critical false negatives from these tools over the past year. This trend signals a growing disillusionment with the automated approach.\n\n## Where Automation Stumbles\n\nWhat's particularly alarming is the inability of these tools to catch vulnerabilities introduced by AI systems. Automated scanners excel at identifying known, signature-based threats, but AI-induced vulnerabilities like prompt injection exploits, they falter. These require a nuanced understanding and creative problem-solving, traits that purely automated systems lack.\n\nAs Cobalt reported, only 9% of organizations are now open to relying solely on automated scanning, compared to 29% last year. The competitive landscape shifted this quarter as companies reevaluate their security strategies in light of these findings. Clearly, the market map tells the story of a sector in flux.\n\n## The Human Element\n\nThis shift away from full automation is a relief for many infosec professionals. It signifies a demand for real assurance over theoretical coverage. After all, what's the point of automating if it leaves critical gaps? Cobalt's data underscores the necessity of human oversight, especially as AI environments prove more vulnerable.\n\nIn AI and [LLM](/glossary/llm) environments, a whopping 32% of vulnerabilities are high or critical severity, unchanged for the past two years. These statistics paint a stark picture of AI's current security landscape. The reality is that a hybrid approach, combining automation with human expertise, might be the most viable path forward.\n\n## Are Automated Tools Still Worth It?\n\nNot everyone agrees with Cobalt's findings. Amazon's security chief, CJ Moses, claims AI pentesting tools have boosted their team's efficiency by 40%. However, even Moses concedes that humans are indispensable in the loop. Perhaps the key question isn't just about the efficiency of automation, but about the quality and accuracy it can provide.\n\nUltimately, the numbers tell a compelling story. As the digital world becomes increasingly complex and AI-integrated, a one-size-fits-all automated solution seems untenable. Are we ready to trust these systems with our most critical data? Or will we see a resurgence of human-centric security models? The future of cybersecurity may depend on how we answer these questions.\n\nGet AI news in your inbox\n\nDaily digest of what matters in AI.", "url": "https://wpnews.pro/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-short", "canonical_source": "https://www.machinebrief.com/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-sh-krio", "published_at": "2026-06-30 21:22:46+00:00", "updated_at": "2026-06-30 21:29:03.881188+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-research", "artificial-intelligence"], "entities": ["Cobalt", "Amazon", "CJ Moses"], "alternates": {"html": "https://wpnews.pro/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-short", "markdown": "https://wpnews.pro/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-short.md", "text": "https://wpnews.pro/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-short.txt", "jsonld": "https://wpnews.pro/news/the-unseen-vulnerabilities-why-automated-pentesting-falls-short.jsonld"}}