Infosec professionals sour on automated pentesting tools
29% of security pros were open to fully autonomous pentesting last year; now only 9% are
Explore the latest advancements and trends in information security automation. Stay ahead with cutting-edge cybersecurity automation news and insights.
Search across headline titles and summaries.
Background for this topic.
Automation in information security uses software to perform tasks like scanning for vulnerabilities, detecting threats, and enforcing policies without constant human intervention. It enables faster, consistent actions such as blocking malicious IPs or deploying patches based on predefined rules or machine learning models. This reduces manual effort and helps maintain security hygiene at scale.
However, automation can introduce risks if workflows are misconfigured or manipulated. Attackers may exploit automated responses to trigger false positives or disable protections, while errors in automation can propagate rapidly across systems. Security teams must carefully validate and monitor automated processes, balancing efficiency with oversight to prevent unintended consequences and maintain control over security operations.
Weekly headline count for the current query.
29% of security pros were open to fully autonomous pentesting last year; now only 9% are
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs
OpenAI's first security hire, Ari Herbert-Voss, thinks more automated bug finding will improve security without costing jobs Black Hat Asia Open source models can find bugs as effectively as Anthropic's Mythos, according to Ari Herbert-Voss, CEO of AI-powered security startup RunSybil and OpenAI's first security hire.…
Who needs MFA when you've got EvilTokens? Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data.…
Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts' Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses.…
No rest for project maintainers battered by slew of vulnerability disclosures The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n.…
PLUS: Firefox adds XSS protection; Leadership turnover at CISA; FTC exempts some data collection Infosec In Brief DNS vulnerabilities are being addressed 84 percent faster in the UK public sector thanks to an automated vulnerability scanning system established as part of a program kicked off early last year.…
MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.…
Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.…
LLMs automated most phases of the attack A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.…
Check Point observes 40K+ attack attempts in our hours, with government organizations under fire A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet.…
Forrester models slow, structural shift rather than sudden employment collapse AI-pocalypse AI and automation could wipe out 6.1 percent of jobs in the US by 2030 – equating to 10.4 million fewer positions that are held by humans today.…
Unauthenticated RCE means anyone on the network can seize full control A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn't even require logging in.…
They also hallucinate when writing ransomware code Interview With everyone from would-be developers to six-year-old kids jumping on the vibe coding bandwagon, it shouldn't be surprising that criminals like automated coding tools too.…
Customers will be able to see vulnerabilities, prioritize risks, and close them with automated workflows. After over a week of speculation, ServiceNow announced on Tuesday that it has agreed to buy cybersecurity heavyweight Armis in a $7.75 billion deal that will see the workflow giant incorporate a real-time security intelligence feed into its products.…
Plus: automated SBOMs, $250,000 bounties ahead interview No good idea - like rewarding open source software developers and maintainers for their contributions - goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.…
Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.…
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…
Department eyes new app to tap national ANPR data for live alerts, searches, and integrations The UK's Home Office is inviting tech suppliers to take part in a £60 million "market engagement" for an application that uses data from automated number plate recognition (ANPR) systems.…
How recycled passwords and poor security habits are fueling a cybercrime gold rush Partner Content If you're still using "password123" for more than one account, there's a good chance you've already exposed yourself to credential stuffing attacks — one of the most prevalent and damaging forms of automated cybercrime today. Just ask the 6.9 million users of 23andMe who discovered their personal details were compromised when cybercriminals used recycled credentials from other breaches to infiltrate their accounts.…