78% of Security Teams Experience Critical False Negatives From Automated Scanning Tools as AI Struggles to Detect and Resolve Vulnerabilities

SAN FRANCISCO--(BUSINESS WIRE)--Cobalt, the pioneer in pentesting as a service (PTaaS) and a leader in continuous offensive security services, today announced the findings of its second annual Cobalt AI and Pentesting Pulse Report 2026. The research, which evaluated 455 cybersecurity professionals, revealed that the percentage of organizations that rely entirely on AI automation for testing needs plummeted from 29% to 9% from last year, with 47% now preferring a hybrid testing model.

The 22 point surge in support for the hybrid model, where human expertise supports AI testing, stems directly from the 78% of organizations that experienced fully automated scanning tools missing critical vulnerabilities and returning false negatives. Despite these gaps, security teams show an increasing willingness to automate testing for non-critical assets, with the share favoring automation for low-risk environments rising 22 points to 47%.

This steep decline in automation trust directly reflects the unique complexity of securing the AI attack surface itself. Traditional scanners struggle because AI and LLM applications produce high-risk findings at nearly triple the rate of conventional software. According to the Cobalt State of Pentesting Report 2026 released earlier this year, teams classified 32% of all AI-related pentest findings as high risk, compared to just 12% overall. At the time of analysis, only 38% of LLM vulnerabilities have been fixed, while 62% remain open. This is the lowest resolution rate overall.

Among organizations that experienced confirmed AI-related security incidents, data shows a diverse range of attack vectors. Shadow AI topped the list, contributing to 44% of incidents, followed closely by data or model poisoning (41%) and improper output handling (41%). Supply chain vulnerabilities (35%) and prompt injection (34%) completed the top five vectors. To combat these threats, 60% of security professionals state they require stronger LLM testing capabilities, yet only 42% plan to increase human-led red team operations—the practice best positioned to bridge this gap.

The research also found that:

• The meantime to resolve (MTTR) for AI/LLM security issues rose to 36 days, up from 19 days in 2025, demonstrating that security teams are now tackling significantly harder vulnerabilities rather than just surface-level flaws.
• 82% of security professionals report that their teams are dedicating significantly more effort into AI security initiatives.
• 77% of organizations now conduct regular security assessments and pentests for AI-powered products, marking an 11-points increase from last year.

“While the industry is rightfully excited about the potential of Mythos-class tools, unguided algorithms are inherently prone to returning even more false positives and costly false negatives than the automated scanners we have today,” said Andrew Obadiaru, CISO of Cobalt. “LLM vulnerabilities are deeply context-dependent and invisible to tools that lack an architectural understanding of the application. To close the validation gap, automation should be deployed exactly where it excels, but elite human expertise remains foundational to uncovering and remediating the most complex business logic risks.”

Methodology

The data cited in the research came from two independent surveys conducted in 2025 and 2026, by Emerald Research on behalf of Cobalt, as well as Cobalt pentests. The 2026 survey included 455 cybersecurity professionals. All respondents operate within organizations maintaining more than 500 employees. Represented sectors include Software Development, Healthcare, Financial/Insurance, Information Services, and Other industries. The participant base comprised an external recruit cohort and a minimal sample of Cobalt enterprise customers. The comparative 2025 study surveyed 450 security professionals, split evenly between leadership and technical practitioners.

Additional Resources:

• Cobalt Blog
• Cobalt State of Pentesting Report 2026

About Cobalt

Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services™. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely. Cobalt maintains an outstanding NPS of 9, reflecting its dedication to customer satisfaction. Read our reviews on G2 to see why customers love us. More at https://www.cobalt.io. Follow Cobalt on LinkedIn and X.