The Future of AI-Powered Penetration Testing: A Conversation With Prescient Security’s Founders
Gabriela Silk
·
3 minute read
As AI continues to expand in the background of workflows, processes, and now critical infrastructure and systems, AI driven compliance audits, security, and security testing have become the next natural vector of exploration. Though advancing at an unprecedented pace, the core pillars of auditing and cybersecurity remain to be true; human validation is a requirement to evaluate context, confirm findings, and support reliable outcomes, regardless of the wealth of knowledge the AI was given, or the amount of prompt engineering was done to eliminate falsities.
We sat down with our CEO and Co-Founder Fabrice Mouret, and CCO and Co-Founder Sammy Chowdhury to explore their take on the use and credibility of AI in the advent of uncharted security and compliance waters. In this interview Fabrice and Sammy explore AI, its detriments and opportunities, and where security and compliance auditing fit in – as well as have the opportunity to thrive in a way they haven’t been able to before. Follow along as we explore security and compliance in a newly AI driven world.
Is the "Human in the Loop" actually the weakest link in an AI-driven SOC?
Fabrice Mouret: “Humans are both the safeguard and the bottleneck. The goal is to keep human auditors for oversight and ethics, while minimizing manual toil and error.”
If you had to choose: A world-class human pentester for a week, or a "good enough" AI pentester running 24/7/365?
Sammy Chowdhury: “People for creativity and complex scenarios; AI for constant coverage, regression, and wide attack surface scanning.”
Fabrice Mouret: “Correct. We need human validation for proper exploitation. We also need human interaction to validate the method before any exploitation to avoid DNS and / or risk of client data exfiltration.”
Sammy Chowdhury: “AI can learn faster than a human but it also has the blind spots of not having full business logic context.”
If an AI can find a zero-day vulnerability in seconds, why are we still waiting 12 months for a manual pentest report?
Sammy Chowdhury: AI cannot find zero-days easily. It expedites the pace of critical thinking but it cannot replace years of domain experience.
Fabrice Mouret: Similar to my earlier comment, zero day vulnerabilities are hard to find and usually require that you create a mindset for a back door trojan. AI is not ready for this yet.
Is cybersecurity becoming a "battle of the algorithms" where the human is just the referee?
Fabrice Mouret: Yes, algorithms fight algorithms, but humans remain essential for strategy, governance, tuning, and responding to edge cases and failures.
Sammy Chowdhury: Humans also remain an important social element in governance, communication, rationalization, influence and prioritization.
Can AI-powered pentesting meaningfully simulate nation-state capabilities for mid-market organizations that could never afford these tests before?
Fabrice Mouret: Absolutely. Just like we have seen on the audit side. Automation has unlocked security audits for smaller organizations at an affordable cost. We want to move to continuous testing, and for AI to solve for this. Quality will be impacted and we will have missed findings but it's better than no findings at all.
Sammy Chowdhury: AI can help simulate some advanced techniques, giving smaller orgs broader testing coverage at a reduced cost.
How do we prevent AI pentesters from becoming accidental insider threats by learning too much about our environment and controls?
Fabrice Mouret: This is why AI testing should never be in a production environment with client data. It’s too risky and there’s not enough control of the situation.
If an AI can detect a compliance drift the moment it happens, should we move toward Auto-Remediation, or do we still need a "Human-in-the-Loop" for every fix?
Sammy Chowdhury: We don't need a human for every fix, but we need a human to oversee the logic of the automation.
Fabrice Mouret: Low risk findings can be auto-fixed.
Traditional audits are "point-in-time" snapshots. Should we pivot toward AI-driven Continuous Compliance, where posture is audited in real-time rather than once a quarter?
Sammy Chowdhury: Continuous AI plus a human audit can stop compliance programs from spiraling out of control.
Fabrice Mouret: Yes, that is exactly what is happening in the audit and compliance sphere and hence why we should see the same in pentesting and continuous monitoring.
If our competitors are using AI for defense and we aren't, are we bringing a knife to a gunfight?
Sammy Chowdhury: AI-enabled security will become table stakes. Not adopting it is a strategic disadvantage in resilience, recovery speed, and trust.
As the rate and speed of organizations adopting AI steadily increases, so do the adversaries who are actively integrating AI to enhance the speed, scale, and sophistication of cyberattacks, transitioning from theoretical risks to active, AI-orchestrated operations. As Fabrice and Sammy highlight above, not coming prepared to these kinds of instances is a dangerous strategy. AI-enabled attacks increase the need for faster detection, broader observability and more adaptive response workflows. The human element of compliance and security testing must also remain intact, for governance purposes and for critical context that only a human can have. Though the use of AI in compliance and penetration testing is still novel in concept, the rise of AI-orchestrated attacks supports ia stronger case for AI-assisted security monitoring and testing as part of a broader security program.
AI-assisted security testing and compliance monitoring should be deployed with appropriate safeguards, including written authorization, defined scope, rules of engagement, data-handling controls, human oversight, and documented validation of material findings. AI can expand coverage and speed, but it should complement, not replace, expert judgment, formal audit procedures, or organization-specific risk decisions.
Is your organization prepared for AI-enabled attacks? Learn more from one of our experts today.
