Cobalt Launches AI‑Powered Continuous Pentesting Platform to Accelerate Offensive Security
What Happened — Cobalt released new AI capabilities within its Offensive Security Platform that automate reconnaissance, vulnerability discovery, and findings triage, enabling continuous, programmatic pentesting. The solution blends proprietary pentest intelligence with generative AI to scale offensive testing across APIs, micro‑services, cloud workloads, and AI‑driven applications.
Why It Matters for TPRM —
- Continuous testing reduces blind spots that arise from rapid development cycles and expanding attack surfaces.
- AI‑augmented assessments can surface real‑world exploitability faster, informing third‑party risk decisions.
- Vendors offering such capabilities may become critical components of an organization’s security supply chain.
Who Is Affected — Enterprises across all sectors that rely on external development teams, SaaS providers, or cloud‑native architectures; particularly those with extensive API and micro‑service footprints.
Recommended Actions —
- Evaluate Cobalt’s platform as a potential augmentation to existing third‑party security testing programs.
- Verify that AI‑generated findings are reviewed by qualified human pentesters before integration into risk assessments.
- Incorporate continuous pentesting results into vendor risk dashboards and remediation workflows.
Technical Notes — The platform uses AI for automated surface mapping, credential validation, and deduplication of scanner outputs. It enriches findings with a decade‑long proprietary exploit intelligence dataset and public exploit feeds. No new CVEs are disclosed; the service targets known vulnerabilities such as Log4j and WordPress flaws. Source: Help Net Security