A recent report by Cobalt highlights a significant gap in organizations’ response to vulnerabilities discovered through pentesting. Despite 94% of firms considering pentesting essential, only 48% of identified issues are being addressed. Among these, serious findings have been resolved at a rate of 69%, but the majority of the discovered flaws remain unpatched. The data shows that large organizations take longer to address serious findings compared to smaller companies, with the median time to resolve issues standing at 67 days—far exceeding the typical two-week service level agreement (SLA).
The rise of GenAI LLM web apps has introduced new challenges for security teams, as 32% of pentests on these apps uncovered serious vulnerabilities.
However, only 21% of these vulnerabilities were remediated. Many security leaders are concerned about the risks associated with AI, including prompt injection, model manipulation, and data leakage. Despite these concerns, only 64% of firms believe they are well-equipped to handle GenAI security implications, with AI attacks now ranked as the number one threat by 72% of organizations.
Security leaders face increasing pressure to prioritize speed over security, with over half of them stating that they are being asked to sacrifice security for the sake of expediency. This pressure contributes to slow response times in fixing vulnerabilities, with around 85% of findings still unresolved after a month. Even after one year, 60% of issues remain unfixed, with 45% still open after five years. This prolonged exposure to risk highlights the need for more efficient security processes and faster remediation timelines.
Despite these challenges, experts like Gunter Ollman, CTO of Cobalt, stress the importance of regular pentesting to identify and address vulnerabilities before they can be exploited. Organizations that take an offensive security approach, including proactive pentesting, are better positioned to strengthen their defenses against cybercriminals and ensure their customers’ trust. With the rapid adoption of AI technologies, securing the digital landscape has never been more critical.
Reference:
