Pentesting Pulse Report Reveals Widening Satisfaction Gap as Security Leaders Race to Secure AI at the Speed of Business

SAN FRANCISCO--(BUSINESS WIRE)--Cobalt, the pioneer of Penetration Testing as a Service (PTaaS) and a leading provider of human-led, AI-powered offensive security solutions, today released a new Pentesting Pulse Report, which exposes a growing disconnect in the security testing market. While penetration testing remains essential for both compliance and defense validation, satisfaction with traditional pentesting vendors is alarmingly low. According to the survey of 150 senior security leaders, a mere 36% report being fully satisfied with their current pentesting provider.

Speed-of-Business Testing: Security teams are moving toward pentesting models that launch in days, not weeks, to eliminate release bottlenecks, get realtime insights, and quickly retest fixes.

Share

The findings arrive at a critical moment. Security teams are under mounting pressure to manage an explosion of vulnerabilities while simultaneously enabling the safe adoption of AI-driven features and AI-generated code. Seventy-six percent of respondents say staying ahead of threats and vulnerabilities is a top priority, while half are actively focused on securing AI within their environments. Yet many teams report that slow scheduling, shallow findings, and lack of expertise are creating bottlenecks that hinder secure development.

Key Findings:

• Only 36% of respondents are fully satisfied with their current pentesting vendor.
• 76% cite staying ahead of threats and vulnerabilities as a high-priority security goal.
• 50% identify securing AI adoption as a key strategic focus.
• 40% are motivated to switch vendors for higher quality testing, while 37% cite the need for AI-specific pentesting expertise.
• Operational friction remains high, with vendor rotation (28%) and lack of pentester expertise (23%) cited as top challenges.
• 35% say the ability to schedule testing in days, not weeks, would motivate them to change providers.

The Evolving Mandate for Security Leaders

Security leaders are fighting a dual-front battle: maintaining baseline security and compliance while enabling rapid innovation driven by AI. Regulatory requirements such as SOC 2 and HIPAA remain critical for 63% of respondents, but AI has introduced a new layer of urgency. Fifty-three percent report concerns about vulnerabilities introduced by insecure code written by AI, particularly as AI coding agents become more prevalent. For 40% of leaders, releasing safe products at the speed of business now requires a fundamental shift in how security testing is delivered.

The State of Pentesting: Essential, but Struggling

Pentesting remains foundational, with 85% of respondents viewing it as either a core compliance requirement or an invaluable method for validating defenses. Despite this, confidence in execution is eroding. Frequent vendor rotation creates onboarding and integration overhead, while generalist testers often lack the specialized expertise needed to assess modern cloud-native and AI-driven systems. One in five respondents say pentest reports lack the depth required to understand true risk or prioritize remediation effectively.

The LLM Risk Paradox: High Anxiety, Low Readiness

The report highlights a stark readiness gap around AI security. While concerns are widespread, only one-third of organizations conduct regular security assessments of their AI or LLM deployments. Sensitive information disclosure tops the list of AI-related fears, cited by more than 85% of respondents, followed by vulnerabilities from insecure AI-generated code, prompt injection, and insecure plugins.

Redefining the Testing Cadence

Security leaders are calling for a faster, more integrated approach to offensive security. Forty-one percent say incorporation of testing AI into their regular cadence is the most important strategic shift, while 32% are focused on increasing testing speed overall. There is growing demand for continuous testing models, deeper integration with development workflows, and real-time collaboration with pentesters instead of static, after-the-fact reports.

“Our survey confirms what many security leaders are experiencing firsthand. The era of the slow, shallow, check-the-box pentest is over,” said Andrew Obadiaru, CISO, Cobalt. “Teams are building AI-driven products at the speed of business, but traditional testing models cannot keep up. Low satisfaction with vendors isn’t a complaint, it’s a market signal. Security leaders need high-quality expertise, faster turnaround, and a model that integrates directly into the development lifecycle. That is exactly why the PTaaS model exists.”

To read the Pentesting Pulse Report, click here

About Cobalt

Cobalt is the pioneer in penetration testing as a service (PTaaS) and a leader in human-led, AI-powered offensive security solutions. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.

Cobalt maintains an outstanding NPS of 9, reflecting its dedication to customer satisfaction. Read our reviews on G2 to see why customers love us. More at https://www.cobalt.io. Follow Cobalt on LinkedIn and X.