Dubai-based Secure.com has just issued “21 Holes in 3 Production Stacks: What AI Pentesting Actually Finds in 2026,” new research proving just how far AI-driven pentesting has moved from theory to operational risk. In a single weekend, an automated pipeline with no human in the loop uncovered 21 vulnerabilities across three live production stacks, including 7 critical issues tied largely to basic security hygiene failures.
Secure.com researchers pointed an AI-driven pentesting pipeline at three well-known production systems and found
- Multi-tenant e-commerce marketplace: Frontend Runtime Config Leaked on Every Page Load; Unauthenticated Scheduler & Admin Endpoints; Unauthenticated Notification Injection
- Generative AI imaging platform: Cross-Origin Session Theft Across All Four Backend APIs; Admin Dashboard Publicly Reachable
- Popular consumer password manager: Full Production Environment Exposed in Public JavaScript Bundle
This materially changes the economics of both attack and defense. What until now took skilled human testers and significant budget can be executed continuously for roughly $18 per hour, raising questions about whether periodic pentesting models are still viable.
21 Holes in 3 Production Stacks – What AI Pentesting Actually Finds in 2026: Three clients. Three very different architectures. One weekend of machine time: https://www.secure.com/resources/holes-production-stacks
Like this:
Like Loading...
Related
This entry was posted on April 30, 2026 at 3:56 pm and is filed under Commentary with tags secure.com. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
AI finds 21 vulnerabilities in e-Commerce, and others in hours: Secure.com
Dubai-based Secure.com has just issued “21 Holes in 3 Production Stacks: What AI Pentesting Actually Finds in 2026,” new research proving just how far AI-driven pentesting has moved from theory to operational risk. In a single weekend, an automated pipeline with no human in the loop uncovered 21 vulnerabilities across three live production stacks, including 7 critical issues tied largely to basic security hygiene failures.
Secure.com researchers pointed an AI-driven pentesting pipeline at three well-known production systems and found
This materially changes the economics of both attack and defense. What until now took skilled human testers and significant budget can be executed continuously for roughly $18 per hour, raising questions about whether periodic pentesting models are still viable.
21 Holes in 3 Production Stacks – What AI Pentesting Actually Finds in 2026: Three clients. Three very different architectures. One weekend of machine time: https://www.secure.com/resources/holes-production-stacks
Share this:
Like this:
Related
This entry was posted on April 30, 2026 at 3:56 pm and is filed under Commentary with tags secure.com. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.