By Sohil Ramdas | Trace3 Innovation Principal
There are several reasons an enterprise may undergo a penetration test. It could be driven by compliance requirements, the need to validate application security architecture, or simply to ensure proper due diligence in preventing a breach. While the reasons may vary, one constant across each organization is the rapid expansion of the technical landscape and, in turn, the growing attack surface.
The objective of a pen test is to assess the design and controls of an environment, simulating the process of a real-world attacker. This allows the assessment to be a perfect strategy to help address the challenge of securing the attack surface. In most cases, organizations will have a third-party conduct this on a periodic basis and, after completion, provide a report of findings for remediation.
However, this tends to be a point-in-time assessment, and if the application or environment changes after completion, teams may be unaware of potential attack paths until the next test is scheduled. As breaches are becoming more sophisticated and the attack surface grows, can enterprises afford a snapshot assessment?
This is where recent advancements in AI have spawned an offensive security reset in Agentic Pen Testing.
Traditional vs Agentic Penetration Testing
By diving deeper into each methodology and the key distinctions between traditional and agentic pen testing, we can validate the value each one brings and understand how the natural evolution of AI is shaping offensive security solutions.
At a high level, traditional pen testing is conducted on at least a yearly basis by an individual or team of highly skilled human testers with a defined scope and timeframe. These assessments rely not only on the tools and techniques executed by the testers, but also on their ability to apply human intuition and understand the business logic of an environment. This could be in the form of understanding how specific systems should interact or the intended workflows of an application. While this approach provides significant value and supplies the attestation required from regulatory frameworks, often there are constraints due to cost and timing. This results in potential limited coverage of the environment, and the organization’s security posture is only as secure as the last test.
This is where agentic pen testing aims to fill gaps by harnessing the power of autonomous AI agents. These solutions can operate at scale with multiple focused agents working in parallel to achieve the objective. When the attack surface is modified, such as a pull request that triggers the CI/CD process, these solutions adapt and test new attack paths as they emerge. The assessment is no longer scoped to a single application or subset of assets but rather a continuous evaluation of the enterprise landscape. This allows teams to increase their ability to test without increasing headcount or significant cost typically associated with a new assessment. While there are still areas to mature, such as using the business logic during testing, agentic pen testing provides a force multiplier for teams to identify and remediate potential vulnerabilities.
Overall, agentic pen testing does not need to aim to replace the need for traditional pen testing but rather complement it by addressing the potential limitations. Each methodology offers the enterprise an element needed to ensure compliance and security of the organization.
Understanding the Agentic Pen Tester(s)
So how does agentic pen testing work? Understanding the architecture allows us to see the power in this next phase of AI offensive security. At its core, solutions within this space utilize large language models throughout their workflows. This concept is no longer new and has become the foundation of essentially all AI-built technologies of the last few years. Agentic pen testing solutions build upon this with their ability to utilize the multi-agentic approach and mimic the abilities of a full team of pen testers working in parallel at machine speed. This is accomplished by autonomous agents that can operate and perform in the following ways:
-
Orchestrator/Planner: The brains of any multi-agent platform. This is where the goal is broken down and dispatched to the specialist required to complete a specific task.
-
Recon: Like a traditional pen testing assessment, discovery of the environment and the attack surface is fundamental. This agent looks to identify the entry points by running tools and techniques such as Network Mapper (nmap), enumerating publicly exposed services, and spidering a web application. This information is passed back to the orchestrator.
-
Vulnerability and Exploit: Analysis and confirmation are key. The agents within this space aim to contextualize the environment beyond reconnaissance by understanding and determining how a vulnerability could be exploited within the environment. This could be the process of identifying exploits common in OWASP, then chaining the exploits together to achieve a goal. The agent would adapt the techniques as it progresses.
-
Reporting: Every assessment ends with the report, but within the agentic system, the agent aggregates and maps findings to control frameworks, deduplicates discoveries, and helps provide context for integrated ticketing systems.
This is not an exhaustive list but rather a showcase of how agentic pen testing solutions break down the elements of traditional pen testing. Solutions will incorporate a range of specialized agents into their own platform with a variety of capabilities based on their design. By utilizing a multi-agent architecture, assessments can operate at scale with the ability to adapt and reason throughout the test.
Why The World of LLMs Requires the Next Phase
We’ve established core differences between traditional and agentic penetration testing, how these agentic solutions are constructed to achieve their outcome, and spoke on the benefits of this new offensive security approach. However, there is one area not yet discussed: why enterprises must consider and embrace this shift in cybersecurity testing, which is the underlying concept behind models like Mythos.*
At a high level, Mythos, selectively released by Anthropic earlier this year, is an AI model designed to identify and exploit vulnerabilities in IT systems and applications. Unlike general purpose LLMs used in chatbots or agentic systems, Mythos was purpose-built for cybersecurity. The power of the model was revealed with its capabilities to discover zero-days and chain exploits to compromise a system at unprecedented speeds. The Mythos wave is real.
But it’s not the model itself that should change the stance for enterprise offensive security; it’s what it represents and a sign of where things are headed. We’ve seen earlier frontier models perform similar functions to a lesser degree and scale than Mythos. Once the capabilities of other models become comparable, attackers will be able to operate at speeds and execute attack paths we have never encountered. The time to discover vulnerabilities and schedule our routine penetration tests will disappear. Enterprises will be forced to assess their own applications in the mindset of an attacker, with a focus on continuous vulnerability identification, exploit validation, and remediation.
Agentic penetration testing represents one of the tools within our toolbox to combat the rise of LLMs as an adversary.
The Enterprise Playbook
So how should the enterprise approach technologies within this emerging space? Within the last few years alone, significant rounds of funding have spawned multiple start-ups looking to capitalize on the capabilities of agentic pen testing.
While the market can feel overwhelming, identifying your core business and technical requirements narrows the focus. Mapping these needs, such as external vs internal testing, human-in-the-loop support, or integration depth, provides the foundation for evaluation. As you continue to develop the scope and criteria for testing, aligning them to the coverage areas of these platforms (web applications, APIs, LLM applications, and infrastructure) will allow the enterprise to effectively approach agentic pen testing as a key component in an overall offensive security program.
Final Thoughts
In the end, traditional vulnerability management, where we focused on discovering Common Vulnerabilities and Exposures, or CVEs, then prioritizing remediation based on non-contextual CVSS scores, no longer reflects today’s technical strategy. Teams require consolidated visibility and risk-based prioritization that is focused on their environment. This is where UVM steps up by providing a single pane of context for the enterprise.
In today’s AI-focused landscape, organizations are expected to build, scale, and deploy faster than ever. With this comes a much larger attack surface we must account for with continuous assessments and calculated remediation. Combining the depth of traditional pen testing with the scale and efficiency of agentic pen testing allows the enterprise a more comprehensive view of risk and ability to speed response times. Agentic pen testing represents the next wave as we begin the offensive security reset.
*For more regarding Mythos and what this means for enterprise security, read the following Trace3 blog: https://blog.trace3.com/mythos-changes-less-than-you-think-and-more-than-youre-ready-for
If you’re curious to learn more or want to stay on top of the latest developments in Innovation, feel free to reach out to us at innovation@trace3.com.
Sohil Ramdas serves as an Innovation Principal on Trace3’s Innovation Team. With a background in cybersecurity, he leverages his extensive experience in both industry and consulting roles to now provide clients with guidance on emerging technologies. His objective is to supply organizations with the expertise required to securely innovate and scale in a rapidly evolving technology landscape.