A recent study from Cobalt reveals a significant decline in trust for automated AI vulnerability scanning tools, dropping from 29% to 9% among cybersecurity professionals. The Cobalt State of Pentesting Report 2026 found that over three-quarters of respondents indicated fully automated tools miss critical vulnerabilities. This has led to an increased preference for hybrid testing methods, with nearly half of the professionals now opting for a combination of human oversight and automation.
The report also highlights the complexities in testing the AI attack surface, with a high percentage of AI-related vulnerabilities remaining unresolved. Moreover, most security professionals express a need for stronger testing capabilities but plan to increase human-led operations only moderately.