Cobalt Introduces New AI Capabilities for Continuous Pentesting

Combines AI with human expertise, trained on over 10 years of pentesting data, to deliver next-generation offensive security

SAN FRANCISCO–(BUSINESS WIRE)–RSA Conference — Cobalt, the pioneer of penetration testing as a service (PTaaS) and a leading provider of human-led, AI-powered offensive security solutions, today announced new AI capabilities for continuous pentesting. Delivered through the Cobalt Offensive Security Platform, these next-generation components integrate AI with elite human pentesters and more than a decade of proprietary pentesting intelligence to accelerate the speed, scale, and depth of modern offensive security programs. Attendees of the RSA Conference can learn more by visiting the Cobalt team at Booth #N4519 at the Moscone Conference Center.

Offensive security is entering a new era. Attackers are increasingly using AI to automate reconnaissance, vulnerability discovery, and exploitation. At the same time, modern development practices are accelerating release velocity and dramatically expanding the attack surface across APIs, microservices, cloud infrastructure, and AI-powered applications. Security teams can no longer rely on periodic testing to understand their exposure—they must validate real-world risk continuously.

The Cobalt Platform enables organizations to move beyond point-in-time testing and adopt a programmatic approach to offensive security that continuously adapts to evolving environments. Using the largest dataset of real-world pentesting intelligence in the industry, it applies historical exploit intelligence to refine testing logic and ensure every engagement is smarter than the last. Cobalt integrates and exposes the industry’s most capable hacker tools—constantly updated to reflect current threat actor tactics.

New features and functionality include:

• Automated Reconnaissance: The AI-powered platform autonomously maps the entire attack surface—from complex JavaScript routes to hidden shadow APIs and forgotten subdomains. This identifies every potential entry point and provides human testers with a high-fidelity roadmap from the start of every engagement.
• AI-Powered Vulnerability Discovery: By combining automated scanning with AI-driven credential validation, the Cobalt Platform ensures exhaustive coverage of all form fields and CVEs, including critical vulnerabilities like those in Log4j and WordPress. This autonomously validates access and surface-level flaws to provide an immediate baseline of enterprise risk.
• Proprietary Data Enrichment: Every finding is enriched with context from public exploit feeds and over a decade of proprietary historical intelligence. By merging global threat data with a unique offensive security dataset, the Cobalt Platform provides the critical context needed to frame findings based on actual adversarial behavior.
• AI-Driven Deduplication and Triage: An AI-driven triage engine automatically normalizes and deduplicates findings across all scanner outputs into a single, cohesive view. By distilling high-volume data into verified findings, the platform ensures pentesters are focused on creative attack scenarios that present the real risk to the business.

These enhancements build on additional AI capabilities released in Q4 2025, including AI-Powered Reporting and Insights. AI reporting automates vulnerability documentation, benchmarks results against aggregated security data, and provides natural-language access to product guidance. By combining an AI report writer, insights and benchmarking capabilities, and an AI documentation assistant, the Cobalt Platform accelerates report delivery, contextualizes findings with industry data, and helps security teams quickly understand and remediate risk.

With only a few clicks to scope and set up a pentest, the Cobalt Platform initiates testing automatically to ensure depth and quality before human experts engage. Because reconnaissance and scanning are now fully automated, pentesters spend 0% of their time on basic discovery and 100% of their time on high-value exploitation.

“AI is a powerful productivity tool, but a poor substitute for expertise,” said Sonali Shah, CEO of Cobalt. “After running thousands of pentests annually, analyzing millions of vulnerability signals, and refining our platform alongside a global community of elite pentesters, we’ve built one of the deepest datasets of real-world offensive security intelligence in the industry. By integrating AI across the entire testing lifecycle—from reconnaissance to remediation—we give our experts the bandwidth to think like real attackers. That’s how we deliver the frequency of automation with the depth of human-led adversarial testing.”

“While many continuous solutions rely solely on AI and scripts, the human validation provided at Cobalt is the key differentiator,” said Jon Cheuvront, Sr. Security Engineer, Gallagher. “By leveraging the company’s pentesting expertise, we move beyond the noise of raw data, allowing our team to focus on high-impact remediation rather than manual de-duplication.”

The Cobalt Platform also introduces compatibility with the Model Context Protocol (MCP), enabling AI assistants to securely interface with pentest data so security teams can query testing results, triage findings, and correlate risk through natural-language workflows.

Additional Resources:

• Landing page
• Blog: How Cobalt Is Harnessing a Decade of Pentest Data for Hyper-Automation

About Cobalt

Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.

Cobalt maintains an outstanding NPS of 9, reflecting its dedication to customer satisfaction. Read our reviews on G2 to see why customers love us. More at https://www.cobalt.io. Follow Cobalt on LinkedIn and X.

Contacts

Media Contact

Leslie Kesselring

Kesselring Communications for Cobalt

[email protected]