High Rate of False Negatives in AI Security Testing Raises Concerns

A recent report by Cobalt reveals that 78% of security teams encounter critical false negatives from automated scanning tools, highlighting the inadequacy of AI in detecting vulnerabilities. The reliance on fully automated pentesting has dropped from 29% to 9%, with 47% of organizations now favoring a hybrid model combining human expertise and AI. The report indicates that AI and LLM applications generate high-risk findings at 2.7 times the rate of traditional software, with only 38% of LLM vulnerabilities resolved. Additionally, 76% of organizations have had to halt or restrict AI-driven behavior due to security issues. The top attack vectors include shadow AI (44%) and data/model poisoning (41%). Security professionals are calling for stronger LLM testing capabilities, but only 42% plan to enhance human-led red team operations.

Key Points: • 78% of security teams report critical false negatives from automated tools. • Trust in fully automated pentesting has dropped from 29% to 9% in one year. • Only 38% of LLM vulnerabilities have been fixed, with shadow AI being a major attack vector.