Back to Blog

How AI is changing the defender’s toolkit

David Koke
David Koke
Head of Marketing
Updated
May 21, 2026
Published
May 21, 2026
min read
Penetration testing
David Koke
David Koke
Head of Marketing

Key Points

We're at a threshold in cybersecurity. The launch of Anthropic's Claude Mythos, a model so capable in vulnerability discovery that Anthropic restricted its release, has captured the attention of the entire industry. Whether the hype is fully justified remains to be seen, but the implication is hard to ignore: if AI can find what humans missed for over two decades, now so can attackers.

With models like Claude Opus evolving rapidly and evidence that attackers are using AI to accelerate their operations, the reality for defenders is that the pressure to move fast has never been greater.

The natural question is what defenders should do in response. It's not necessarily a case of needing AI defense to battle AI attackers. It's about where in the defender's toolkit AI makes the most sense.

Traditional security testing can’t keep up

Most security teams were already stretched thin before AI entered the picture. Vulnerability volumes have nearly doubled in two years, mean time-to-exploit has collapsed from a month to a single day, and yet remediation times average 17 days for critical issues.

The tools teams relied on most in the past, vulnerability scanning and penetration testing, play important roles, but neither are sufficient for what teams really need to keep up in today’s threat landscape. Vulnerability scans are frequent but lack context and depth. Pentests provide deep context, but have historically been infrequent and point-in-time. 

What teams actually need is a way to continuously find, validate, and fix what actually matters. This is true exposure management, a model that combines attack surface discovery, contextual prioritization, validation of real exploitability and impact, and mobilization of fixes to the right teams.

The gap between scanning and pentesting was always too wide to achieve true continuous exposure management. AI is rapidly closing it.

How AI is closing the gap

So what does this look like in practice? Teams can get continuous coverage with real depth without choosing between frequency and context. 

AI-assisted vulnerability scanning

AI is proving adept at adding context-awareness, correlation, and validation to vulnerability scanning to improve the reliability of findings, reduce noise created by false positives, and save security teams time. AI can validate whether findings are actually exploitable, correlate related issues to surface real attack paths, and contextualize everything within the specific environment to determine what actually poses risk.

This means that vulnerability scanning is no longer just flagging issues, it's understanding them.

Take the example of SQL injection issues, commonly flagged by vulnerability scanners before being dismissed as false positives. Intruder's AI agent was presented with a possible SQL injection after a test parameter caused an API error. The agent couldn't reproduce the error consistently, and noticed it appeared regardless of the payload. It dug deeper, figured out the error wasn't caused by SQL injection at all but by short-lived CSRF tokens, and confirmed it wasn't a real vulnerability. An investigation that would take a human analyst over 30 minutes only took several. 

AI pentesting

AI pentesting brings the depth of a manual pentest to an on-demand model. AI can understand application logic, reason about how systems connect, and identify how vulnerabilities chain together into exploitable attack paths.

For the first time, an automated approach is genuinely comparable to how a human pentester operates. Teams can now trigger a pentest whenever they need one, without the cost, lead time, or scheduling constraints of a traditional engagement.

The concept of a pentest is set to evolve

Pentesting has been central to the development of mature, robust security practices. It's inextricably linked to the compliance frameworks that facilitate trust between businesses and consumers.

But in a world where AI can deliver the depth of a pentest on demand, will the pentest survive in the form we know it, or will it evolve into something altogether different?

Short term: the output stays, the economics change

In the near term, we expect the output of a pentest to remain relatively unchanged. We're still at the early stage of the adoption curve. Auditors still want to see pentest reports, and we're a long way from the widespread adoption of any new standard.

The cost and lead time associated with a pentest will come down, but the deliverable will still need to conform to the expectations that the security and compliance industry has built over the past few decades.

Medium term: pentesting becomes continuous

This is where things get interesting. The barriers to pentesting have traditionally been time and expertise. AI has broken those barriers way down.

Imagine a world where a pentest isn't a single annual engagement, but a series of mini pentests triggered automatically in response to change signals in the environment, such as a new feature being shipped, a port opening, or a configuration changing. Instead of running one big pentest a year, you're running dozens of smaller tests and investigations every day, automatically.

This is our vision for continuous security. Not replacing the pentest, but making it something that happens all the time rather than once in a while.

Long term: the pentest as we know it becomes a thing of the past

Over time, we expect continuous approaches to become mainstream and for new methods of evidencing your security posture to be widely adopted for compliance and trust building. The annual pentest, in its current form, will likely become a relic of a time when depth and frequency couldn't coexist.

But there are still questions that need answering before we get there. How do you prove a continuous approach to an auditor? What are the right signals to trigger a test?  Will insurers accept AI pentesting as evidence of due diligence? What's the right balance between AI autonomy and human oversight? These are the kinds of questions the industry will need to work through over the coming years.

Ready to close the gap?

The age of periodic security testing is over. Intruder's AI pentesting validates your scanner findings in minutes: confirming what's real, ruling out what's not, and showing you the true impact. The depth of a pentest, whenever you need it. Start a free trial or book a demo to see it in action.

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Download now
Quick links
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Recommended articles

6 types of penetration testing & which is best for your business

6 types of penetration testing & which is best for your business

Pen tests help you find weaknesses in your systems before hackers do. Explore the types of pen testing & find the most effective one for your security needs.
Olya Osiagina
February 1, 2024
Penetration testing
7 Top Pentesting Tools for Automated & Manual Testing in 2026

7 Top Pentesting Tools for Automated & Manual Testing in 2026

Discover the latest in cybersecurity with 7 top pentesting tools for 2025. From automated to manual testing, empower your defenses with cutting-edge solutions.
Charlie Yianni
April 1, 2024
Penetration testing
AI pentesting: the depth of a pentest, on-demand

AI pentesting: the depth of a pentest, on-demand

AI pentesting validates scanner findings in minutes, confirming real risks, ruling out false positives, and uncovering true impact. Now available in Intruder.
Eamon Carroll
April 30, 2026

Sign up for your free 14-day trial

Try for free