Post by SANS Institute

What does AI-enabled pen testing actually find on a codebase your team already cleared last year? Ed Skoudis and his team have been running that experiment for 15 months. On one retest, they found five critical vulnerabilities on day one in a system that had been thoroughly tested by skilled humans the year before. Authentication bypasses, broken access controls, race conditions, all hiding in obscure workflows that no standard testing path would reach. The AI grinds through edge cases across 1.7 million lines of code, including UI written entirely in Chinese, without losing focus. The human testers bring the judgment and verification that keeps the findings real. Ed Skoudis's estimate for what comes next: 20 to 40 times the current volume of new vulnerabilities within the year. Open-source flaws cascading into every commercial product built on top of them. AI-assisted analysis of closed-source binaries within 6 to 12 months. Vulnerability management programs built for a handful of CVEs per week were not designed for that world. What does your patching pipeline look like at 30x volume? Ed's team documented the full 5-step workflow, including the one step most teams skip that makes or breaks the results. Full methodology here 👇 https://go.sans.org/Gforml #Cybersecurity #PenTesting #VulnerabilityManagement