In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI).While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems.Key Takeaways:genAI creates unique security challenges: SaaS-based models limit patching control, while self-hosted LLMs require full replacement rather than traditional patching. The pace of genAI innovation is outstripping security readiness, with data science teams often lacking secure development practices. Familiar vulnerabilities like SQL injection and data leakage are resurfacing in genAI implementations due to rushed deployment. Industry-wide, median time to resolve vulnerabilities has improved thanks to earlier security testing, executive buy-in, and a shift to programmatic pentesting. Cobalt advises organizations to plan, validate, and test genAI systems thoroughly, adopt consultative pentesting, and partner with experts who understand AI-specific risks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds