Aikido

2026 State of AI in Pentesting

This report captures the perspectives of 400 CISOs, CTOs, and senior engineering leaders across Europe and the US. It explores how AI is changing penetration testing, why traditional approaches are struggling to keep pace with modern software delivery, and what security leaders want from the next generation of penetration testing.

  • Only 21% validate security on every release, despite 76% deploying significant changes weekly or faster

  • 48% say pentest findings are already outdated when they arrive

  • 79% are concerned about missing vulnerabilities introduced between scheduled tests

  • 69% would validate security on every release or at least quarterly if cost and resources weren't a constraint

Summary

Software is changing faster than security testing can keep up. This report explores how AI is reshaping pentesting, why traditional models are becoming harder to sustain, and what organizations expect from modern pentesting. 

Contributors include leaders from Lovable, IDC, OWASP, Frost & Sullivan, the UK Cabinet Office, Latio Tech, PSG, and Glasswall. 

What you’ll learn

How AI is changing pentesting, why pentesting is struggling to keep pace with software delivery, and what leading teams want from the next generation of penetration testing.

Written by:
Sooraj Shah

Sooraj Shah is Content Marketing Lead at Aikido Security. He has a background as a journalist for publications such as the BBC, the FT, Infosecurity Magazine and SC Magazine, interviewing CEOs, CISOs, CTOs and CIOs, and as a content marketer for B2B tech companies and start-ups.

Key Findings

  • Only 21% validate security on every release, despite 76% deploying significant changes weekly or faster

  • 48% say pentest findings are already outdated when they arrive

  • 79% are concerned about missing vulnerabilities introduced between scheduled tests

  • 69% would validate security on every release or at least quarterly if cost and resources weren't a constraint

Summary

Software is changing faster than security testing can keep up. This report explores how AI is reshaping pentesting, why traditional models are becoming harder to sustain, and what organizations expect from modern pentesting. 

Contributors include leaders from Lovable, IDC, OWASP, Frost & Sullivan, the UK Cabinet Office, Latio Tech, PSG, and Glasswall. 

What you’ll learn

How AI is changing pentesting, why pentesting is struggling to keep pace with software delivery, and what leading teams want from the next generation of penetration testing.

Written by:
Sooraj Shah

Sooraj Shah is Content Marketing Lead at Aikido Security. He has a background as a journalist for publications such as the BBC, the FT, Infosecurity Magazine and SC Magazine, interviewing CEOs, CISOs, CTOs and CIOs, and as a content marketer for B2B tech companies and start-ups.