Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems.
Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found in enterprise security tests more generally.
LLM vulnerabilities also have the lowest resolution rate of all app types pen-tested, with just 38% of high-risk issues fixed, according to data collected during pen tests conducted by Cobalt.
Furthermore, one in five organizations surveyed by Cobalt reported experiencing an LLM security incident in the past ye...