Cybersecuritypentestoffensive securityartificial intelligence

AI pentesting, what the research says about offensive agents

July 15, 2026 · 4 min read · Intelliway Team

AI pentesting, what the research says about offensive agents

For a long time, "AI pentesting" was more of a marketing promise than a real capability. That has changed. A recent review by Fluid Attacks, cross-referencing several studies and offensive-agent frameworks, shows these systems already do meaningful security work, but it also makes clear where they still fail and why human oversight remains indispensable. For anyone who hires or runs pentests, the message is direct: the right question isn't "does AI replace the pentester?", but "how do we combine AI and specialists to find more flaws, with evidence that they are exploitable?".

Architecture matters more than the model

The most consistent finding is counterintuitive: what separates a useful offensive agent from a useless one is not the size of the language model, but the engineering around it, planning, validation, memory and course correction.

One example illustrates it well. In tests with a relatively small model, systems with a structured attack tree (based on MITRE ATT&CK) reached 71.8% task completion, versus 13.5% without that guidance. Architectures that separate roles (one agent plans, another executes, another perceives the environment) and correction modules raised the success rate significantly, in one case from 48.6% to 84.3% on the same target. The lesson applies to corporate security too: an AI tool without process architecture behind it doesn't deliver reliable results.

Where offensive AI already shines

The strengths are concrete and measurable:

In other words: for broad, repeatable and cheap coverage, AI is unbeatable on speed.

Where AI still fails (a lot)

And here is the part vendors rarely highlight:

One methodological detail is telling: systems "captured the flag" via unintended vulnerabilities, masking real capability gaps. Without rigorous measurement, the number looks better than it is.

What this means when hiring (or running) pentests

The research converges on a model of layered workflows: planners, specialized models, validators and human triage working together, not a magical autonomous agent replacing the security team. Before trusting any AI pentesting solution, demand:

How Intelliway applies this in practice

This is exactly the principle behind ISA Horizon, our continuous AI-powered pentesting platform: AI agents explore the attack surface recurrently, covering scale and the environment's changes between manual tests, while Intelliway's offensive security specialists run the scenarios that require human creativity and, above all, validate whether a finding is actually exploitable. Every result arrives with evidence and reproduction steps, not a loose alert.

That combination, AI for breadth and frequency, humans for depth and judgment, is what the research shows to be the most effective path today. AI didn't retire the pentester. It gave them a team of tireless agents, as long as someone knows how to orchestrate them and demand proof of what they find.

Want to assess your attack surface with continuous AI-assisted pentesting validated by specialists? Talk to our team and discover ISA Horizon.

Sources and further reading

Read also

Want to apply this in your business?

Talk to Intelliway's Cyber and AI specialists.

Book a conversation
AI pentesting, what the research says about offensive agents | Intelliway