Cobalt has today released new research that shows how organizations are struggling to keep pace with a rapidly evolving threat landscape shaped by nation-state activity, AI-driven attacks, and expanding supply chain risk. The 2026 State of Pentesting Report reveals that 75% of organizations rank third-party software as a top risk, yet 86% deploy vendor tools without proof of security testing, while AI vulnerabilities are emerging as significantly higher risk and harder to remediate. A new blog from Director of Offensive Security Research, Joe Brinkley, connects these findings to real-world attack scenarios, including the weaponization of trusted third-party tools.
A few highlights:
- Nation-state threats are rising fast, with 20% of all respondents and 40% of financial services organizations ranking them as a top risk
- 93% have observed attackers using AI to enhance sophistication, while 32% of AI/LLM vulnerabilities are rated high risk, nearly 2.5x higher than average
- One in five organizations has already experienced an LLM-related security incident
- Organizations using continuous, programmatic pentesting are 4.5x more likely to remediate critical issues within three days
The research also digs into a real-world case study involving the weaponization of third-party tools in a destructive supply chain attack, underscoring why “paper trust” models like SOC 2 and annual pentests are no longer sufficient in a threat environment moving at machine speed.
While the report requires a sign up to get it, it’s worth reading and can be found here: State of Pentesting Report 2026 | Cobalt
Like this:
Like Loading...
Related
This entry was posted on April 21, 2026 at 8:43 am and is filed under Commentary with tags Cobalt. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Cobalt Says That 1 in 5 have experienced an LLM security incident in last year
Cobalt has today released new research that shows how organizations are struggling to keep pace with a rapidly evolving threat landscape shaped by nation-state activity, AI-driven attacks, and expanding supply chain risk. The 2026 State of Pentesting Report reveals that 75% of organizations rank third-party software as a top risk, yet 86% deploy vendor tools without proof of security testing, while AI vulnerabilities are emerging as significantly higher risk and harder to remediate. A new blog from Director of Offensive Security Research, Joe Brinkley, connects these findings to real-world attack scenarios, including the weaponization of trusted third-party tools.
A few highlights:
The research also digs into a real-world case study involving the weaponization of third-party tools in a destructive supply chain attack, underscoring why “paper trust” models like SOC 2 and annual pentests are no longer sufficient in a threat environment moving at machine speed.
While the report requires a sign up to get it, it’s worth reading and can be found here: State of Pentesting Report 2026 | Cobalt
Share this:
Like this:
Related
This entry was posted on April 21, 2026 at 8:43 am and is filed under Commentary with tags Cobalt. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.