Jay Kaplan did not mince words. In a TechRadar article published June 3, 2026, the Synack CEO and co-founder declared that the phrase “we tested that system last quarter” no longer reassures anyone who understands current threats. Ninety-five percent of organizations still list penetration testing as a priority. Yet industry data shows only 32 percent of their actual attack surface receives any real scrutiny.
That gap matters more than ever. Traditional pentests deliver snapshots. They involve small teams of humans granted limited time inside a target, mapping reachable assets, noting flaws, and handing over a static report. The model worked when change moved slowly. It collapsed under pressure from rapid software updates. Then agentic AI finished the job.
These systems do far more than scan. They reason. They chain observations. They adapt in real time. Reconnaissance that once took days now finishes in hours. Low-impact issues turn into business-logic exploits. The window between a CVE disclosure and active exploitation by threat actors has shrunk to hours. Attackers do not wait for the next scheduled audit. Neither should defenders.
But. The answer is not simply to replace humans with machines. Kaplan argues the only viable path requires defenders to fight AI with AI. Agentic systems on the offensive side demand equally capable systems on defense. Continuous validation replaces calendar-driven exercises. Humans shift to tasks machines still cannot master: novel attack paths, deep business context, creative leaps that models have not yet learned to replicate.
Synack has built one such system. Its Sara platform, the Synack Autonomous Red Agent, deploys swarms of specialized agents across cloud infrastructure, SaaS applications, APIs and external hosts. The agents explore attack surfaces, identify weaknesses, prioritize findings and simulate real attacker behavior. They test for SQL injection, cross-site scripting, insecure direct object references, server-side request forgery and command injection on the web side. On hosts they probe SSH, FTP, SMTP, SMB and even legacy flaws such as EternalBlue.
Guardrails keep the process safe. Destructive commands are blocked. Scope is strictly enforced. Rules of engagement prevent denial-of-service attempts, brute forcing or interaction with third-party services. The architecture runs on Google Cloud Vertex AI with Gemini for scoping and Anthropic’s Claude for core services. No customer data trains the models. Human experts from the Synack Red Team review and confirm truly exploitable risks. “AI finds more vulnerabilities,” the company states. “Human experts prove what actually matters.”
Results speak. Organizations using this combined model reduced average remediation time for critical vulnerabilities from 63 days to 38 days. That 47 percent drop across severity levels came not from buying more tools but from redefining what “tested” means. It became a persistent posture rather than a point-in-time event.
Escape takes a different angle. Its platform targets web applications with a multi-agent setup designed for business-logic awareness. A coordinator agent orchestrates while specialized agents hunt for specific flaw types. One maps routes and hidden endpoints. Another crafts context-aware payloads for cross-site scripting. Others focus on broken object-level authorization or validate exploits in sandboxed environments. The full cycle covers discovery, scanning, exploitation, reporting and remediation guidance.
In one benchmark against the Gin Juice Shop test application, Escape’s system identified 75 percent of vulnerabilities. Traditional scanners managed just 31 percent while generating 7.3 times more requests. The agentic approach completed assessments in roughly two hours that once required days or weeks. Coverage reached 100 percent of assets with depth that caught complex attack chains scanners routinely miss. False positives dropped because agents confirmed exploitability rather than flagging theoretical issues.
Penligent positions itself at the forefront of what its 2026 guide calls the agentic era. The company evaluated seven tools across autonomy levels, orchestration quality, proof of exploitation and time-to-value. Its own platform earned top marks for multi-agent systems that use chain-of-thought reasoning and orchestrate standard tools such as sqlmap and hydra. In a simulated zero-day remote code execution flaw in a Spring Boot application, Penligent detected and proved the issue in about 13 minutes. Traditional methods lagged significantly.
The economic case is straightforward. Annual manual pentests can cost $60,000 for limited coverage. Penligent claims continuous 24/7 testing at half that price. Average breach costs hover near $4.45 million. The return comes from finding and fixing problems before adversaries do. Other platforms fill niches. Hadrian emphasizes event-driven triggers and full attack-surface visibility. Terra Security adds human-in-the-loop controls to prevent agents from running unchecked in production. XBOW integrates with CI/CD pipelines. Aikido focuses on developer workflows. Cobalt blends AI with human oversight for compliance-heavy environments.
Academic and industry research backs the momentum. An arXiv survey on agentic AI and cybersecurity, updated in early 2026, notes that systems like RedTeamLLM combine recursive planning, memory and automated execution to improve success rates on vulnerable targets compared with earlier tools such as PenTestGPT. Commercial offerings such as XBOW and RunSybil report high exploitation rates but raise questions about transparency and safety constraints. The tradeoff is clear: greater autonomy uncovers more attack paths yet increases dual-use risks if controls remain weak.
Stanford-affiliated researchers tested a multi-agent framework called ARTEMIS in production-like settings. Their late-2025 work compared AI agents directly against professional pentesters. Equixly ran its own benchmark on 30 realistic API microservice challenges involving more than 86,000 HTTP requests. Agentic systems showed advantages in speed and consistency, though humans retained edges in certain creative or highly contextual scenarios.
These findings align with broader surveys. Aikido’s 2026 State of AI in Security and Development report, based on responses from 450 CISOs, AppSec engineers and developers, found 97 percent of organizations open to AI-driven penetration testing. Sixty percent wanted side-by-side validation against manual efforts. Nine in ten believed AI would eventually handle most testing without constant human input. The data points to a future where periodic audits give way to always-on validation.
Yet limits remain. Current agents struggle with CAPTCHA-protected targets. Multi-factor authentication bypasses sit on roadmaps. Internal network testing is still maturing. Hallucinations can produce false paths. Guardrails, sandboxing and human oversight stay essential. No one suggests complete replacement. The shift instead moves routine reconnaissance, triage and retesting to machines so senior talent can focus on high-judgment work.
Kaplan poses a direct question to CISOs. Identify the system whose compromise would land the company on the front page. Then ask when that system was last subjected to controlled exploitation, not merely scanned or reviewed, but attacked and confirmed under realistic conditions. If the answer traces back to the last annual pentest, the security program rests on an outdated definition of readiness.
Attackers already operate with agentic tools. They generate custom malware, refine command-and-control infrastructure and adapt to specific defenses in days rather than weeks. Praetorian’s March 2026 analysis described how agentic workflows compress offensive tooling development from weeks into days, producing production-grade capabilities tailored to target environments. Microsoft and others have documented threat actors operationalizing AI for similar ends.
Defenders cannot afford to lag. Continuous agentic testing, paired with human expertise, offers a way to match pace. It scales coverage, validates real exploitability, reduces remediation windows and frees talent for complex challenges. The technology exists today in platforms from Synack, Escape, Penligent, Hadrian and others. Adoption separates those who treat testing as a checkbox from those who treat it as persistent, adaptive defense.
Change will not wait. Code deploys faster. Attack surfaces expand. AI adversaries improve daily. Organizations that cling to last century’s testing cadence invite exactly the breaches they claim to prevent. The next evolution is already here. It demands agentic capabilities on both sides of the red team equation. Those who integrate them now will spend less time explaining failures later.
WebProNews is an iEntry Publication