CyCognito advances AI pentesting beyond mere vulnerability scans as enterprise attack surfaces develop.

      The cybersecurity sector is facing a new challenge: traditional vulnerability management is insufficient. As businesses quickly implement AI-driven applications, autonomous agents, and large language model (LLM) frameworks, security teams are realizing that many high-risk vulnerabilities cannot be detected through standard CVE-based scanning alone. Organizations are increasingly confronting issues such as misconfigured AI services, exposed machine learning infrastructures, and interconnected systems that yield entirely new attack vectors.

      In light of this situation, CyCognito is enhancing its exposure management platform with ongoing AI pentesting capabilities aimed at uncovering complex, contextual risks that typical scanners may overlook. This move reflects a wider transformation within the industry, as security leaders shift from merely identifying known vulnerabilities to continuously assessing how attackers might exploit an organization's unique setup.

      AI Introduces New Vulnerabilities

      The swift integration of generative AI has significantly broadened the attack surfaces for enterprises. Businesses are rolling out AI copilots, retrieval-augmented generation (RAG) systems, Model Context Protocol (MCP) servers, orchestration platforms, and machine learning infrastructures faster than many security programs can catalog them.

      Unlike conventional software vulnerabilities, these technologies frequently create security flaws due to configuration errors, excessive permissions, or unintended exposure between interconnected services. These vulnerabilities may not have an assigned CVE, yet they can still give attackers direct access to sensitive business information.

      According to CyCognito, its platform now recognizes over 60 categories of AI-related technologies, including MCP servers, Ollama, MLflow, PyTorch, Triton, n8n, and various components typically found in enterprise AI implementations.

      Moving from Detection to Simulated Attacks

      Instead of only focusing on asset discovery, CyCognito's latest capability employs AI agents to emulate how an attacker would navigate through an organization's vulnerable infrastructure. Rather than simply inquiring if a vulnerability exists, the system assesses whether a series of actions could realistically compromise sensitive systems or unveil valuable data. These attack chains integrate contextual reasoning, environmental awareness, and multi-step testing that go well beyond traditional vulnerability scanning.

      The company has released a comprehensive technical analysis on continuous AI pentesting that details how these AI agents prioritize testing based on contextual intelligence gathered from an organization's external attack surface, enabling security teams to concentrate on verified business risks instead of isolated technical findings.

      Real-World Evidence Reveals New Risks

      CyCognito provided several examples showcasing the types of vulnerabilities continuous AI pentesting can uncover.

      In one instance, an externally accessible MCP server provided an unauthenticated natural-language interface linked to a production CRM environment. By executing a series of prompt injections and API interactions, AI agents could list backend services and ultimately access millions of customer and financial records without needing credentials.

      Another case revealed a publicly available knowledge base supporting a RAG deployment. Although authentication secured the AI agent itself, the underlying document repository remained exposed, disclosing internal documents, contracts, communications, and customer details.

      Perhaps the most striking finding was an internet-facing physical security platform responsible for managing building access controls, surveillance cameras, and badge readers. This system had been deployed next to customer-facing AI services without adequate segmentation, highlighting how digital transformation can inadvertently increase risk to operational technology.

      None of these situations relied on exploiting known software vulnerabilities; they arose from architectural choices, deployment practices, and business context that conventional scanners would likely bypass.

      The Importance of Continuous Testing

      While traditional penetration testing remains a vital security practice, its moment-in-time nature limits effectiveness in environments that change frequently. Although AI has expedited offensive testing, many organizations still conduct AI-powered assessments as periodic exercises due to computational costs. CyCognito observes that this often restricts in-depth testing to only the most critical assets, leaving much of the external attack surface largely unchecked.

      To surmount this issue, the company created what it refers to as the Target Graph™, an orchestration layer that integrates exposure assessment, threat intelligence, deterministic validation, and business context to determine where AI agents should focus their computational resources. This approach enables AI pentesting to adapt its depth and techniques based on newly discovered assets, changes in the environment, and emerging threat activities.

      An additional benefit stems from the feedback loop of the system. Attack techniques that AI agents successfully validate can later be transformed into deterministic tests, minimizing future computational needs while broadening automated coverage.

      A Wider Industry Shift

      The rise of AI-native infrastructure is transforming how organizations approach external exposure management. As enterprise environments grow increasingly dynamic, security programs are evolving from identifying isolated vulnerabilities to continuously assessing how systems interact and whether those interactions create exploitable pathways.

      CyCognito’s latest announcement embodies this change. Rather than treating penetration testing as an infrequent validation exercise, the company envisions continuous AI-driven testing as a permanent feature of exposure management. Internally dubbed "Project Kineto," this initiative draws parallels to the transition from still images to motion pictures, symbolizing a shift from periodic security snapshots to ongoing visibility into evolving attack surfaces.

      As AI continues to gain traction in enterprises, the industry's challenge may shift from merely identifying known vulnerabilities to understanding how