In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI).
While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems.
Key Takeaways: - genAI creates unique security challenges: SaaS-based models limit patching control, while self-hosted LLMs require full replacement rather than traditional patching. - The pace of genAI innovation is outstripping security readiness, with data science teams often lacking secure development practices. - Familiar vulnerabilities like SQL injection and data leakage are resurfacing in genAI implementations due to rushed deployment. - Industry-wide, median time to resolve vulnerabilities has improved thanks to earlier security testing, executive buy-in, and a shift to programmatic pentesting. - Cobalt advises organizations to plan, validate, and test genAI systems thoroughly, adopt consultative pentesting, and partner with experts who understand AI-specific risks.
Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz
This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them!
As Cobalt’s Chief Technology Officer, Gunter brings decades of experience and innovation to the forefront of information security. A seasoned veteran in the field, he has defined, delivered, and trailblazed cutting-edge security innovations to protect organizations worldwide.
With decades of global experience in information security, Gunter has trailblazed innovations that safeguard organizations across industries. He has built and led high-performing SecOps, engineering, and research teams while guiding the invention of groundbreaking technologies, including multiple patents in cyber threat detection and mitigation.
Gunter’s international expertise spans over 80 countries and three continents, giving him unique insights into diverse business cultures. He has been instrumental in bringing advanced security solutions to market through startups, market leaders, and household-name brands.
A recognized thought leader, Gunter’s insights have been featured in SC Magazine, SecurityWeek, Dark Reading, and more, and he has been quoted by global media outlets such as USA Today, CNN, the BBC, and NPR.
