What happens when artificial intelligence accelerates cyber attacks faster than most organizations can test, repair and respond?
In this quick episode of Tech Talks Daily, I sat down Sonali ShahCEO of Cobalt, to unravel what real-world penetration testing data reveals about the current state of enterprise security. With more than two decades of cybersecurity experience and a background that spans finance, engineering, product and strategy, Sonali provides an informed, operator-level understanding of where security teams are keeping pace and where they are quietly falling behind.
Our conversation is about what happens when AI moves from an experiment to an attack surface. Sonali explains how threat actors are already using the same AI tools as defenders to automate reconnaissance, identify vulnerabilities, and accelerate exploitation. We discuss why this is no longer theoretical, citing findings from companies like Anthropicincluding examples where models such as Claude have shown both strength and unpredictability. The takeaway is sobering but balanced. AI can automate much of the work, but human expertise still plays a determining role, for both attackers and defenders.
We also delve into Cobalt’s latest State of Pentesting data, including why average remediation times for severe vulnerabilities have improved while the overall closure rate remains stubbornly low. Sonali explains why large enterprises are struggling more than smaller organizations, how legacy systems are slowing progress, and why generative AI applications currently exhibit the greatest risks with some of the lowest repair rates. As more companies rush to deploy AI agents in production, this gap becomes harder to ignore.
One of the strongest themes in this episode is the shift from point-in-time testing to continuous, programmatic risk reduction. Sonali explains what effective continuous pen testing looks like in practice, why automation alone creates noise and friction, and how human-led testing helps teams move from assumptions to proof. We’re also addressing a persistent trust gap, where leaders believe their security posture is strong, even when testing shows otherwise.
We conclude by addressing one of the biggest myths in cybersecurity. Security is never finished. It is a continuous process of preparation, testing, learning and improvement. The best performing organizations accept this reality and build security into everyday operations rather than treating it as a one-time task.
So as AI continues to accelerate both innovation and attacks, how confident are you that your security program is keeping pace, and what would continuous testing change within your organization? I would like to hear your opinion.
Useful links
Subscribe to the Tech Talks daily podcast
#Cobalt #shares #hard #lessons #State #Pen #Testing #Report