#USA #Redwood City #Omdia #Pentesting #Synack

The Widening Gap in Enterprise Pentesting Coverage

In an era where cybersecurity is paramount, a surprising disconnect exists between enterprises’ prioritization of penetration testing and the actual coverage of their attack surfaces. A new report by Synack, a leader in human-led and AI-powered penetration testing, in collaboration with technology research firm Omdia, reveals alarming statistics: 95% of enterprises view pentesting as a top security priority; however, they are only testing a mere 32% of their global attack surfaces on average.

This revelation points to a significant blind spot in enterprise security strategies as adversaries increasingly leverage AI to orchestrate sophisticated cyberattacks. The report, titled "The 2026 State of Agentic AI in Pentesting," signifies a crucial moment in cybersecurity, underscoring the urgency for organizations to reassess their approach to security testing.

Key Findings of the Study

The study surveyed 200 security leaders in the U.S., exposing a crucial flaw in traditional pentesting methodologies. While organizations recognize the importance of pentesting, this clear gap in coverage could leave vast sections of their cybersecurity environment unprotected. Notable findings from the report include:

• - Rising Urgency for Continuous Testing: 87% of surveyed organizations are not just evaluating agentic AI; they are actively using or piloting it for penetration testing.
• - Shifting Perception on Traditional Pentesting: A staggering 95% of organizations anticipate that agentic AI technologies will eventually replace traditional pentesting services, with nearly half expecting significant displacement.
• - Preference for Human-Led AI Approaches: 64% of enterprises prefer an agent-led model, ensuring that human oversight complements machine scalability in security protocols.
• - Trust in AI but with Caveats: Although 87% of leaders express trust in agentic AI, 93% emphasize the necessity for clear guardrails and transparent operations to mitigate risks.

A Call to Action for Security Teams

Synack's CEO, Jay Kaplan, states, "This research underscores the industry's transition away from traditional, rigid pentesting cycles to a more dynamic approach that aligns with organizational needs today." Kaplan's assertion reflects a broader recognition in the industry: As cyber threats evolve in complexity, so must the frameworks designed to counteract them.

The need for continuous pentesting has never been more evident. As Dr. Mark Kuhr, CTO of Synack, puts it, "Real-world risks cannot be diminished by automated processes alone; human creativity must remain a critical component of cybersecurity strategies."

The Future of Offensive Security

This shift to agentic, AI-driven offensive security models indicates a fundamental change in how enterprises need to strategize their security assessments. The hesitance to adopt these innovative technologies is primarily due to the concerns regarding transparency and the implications of AI in security realms.

Moving forward, enterprises must prioritize bridging this pentesting coverage gap to safeguard their environments against advanced threats. Doing so will not only enhance their overall security posture but will also help in demonstrating business value in stringent security measures to executive leadership.

Download the Full Report

Organizations are encouraged to grasp this opportunity to redefine their offensive security strategies. The full report, "The 2026 State of Agentic AI in Pentesting," is available for download at Synack's official website.

By adopting a comprehensive offensive security stance, enterprises can proactively mitigate risks and fortify their defenses against an ever-evolving threat landscape, ensuring that they remain a step ahead of potential adversaries.