Cobalt, the pioneer in pentesting as a service (PTaaS) and leader in offensive security, today announced findings from new research conducted by Omdia that reveal a significant shift in how organizations approach offensive security. As AI accelerates both attack and defense capabilities, security leaders are moving away from static, point-in-time assessments in favor of continuous, intelligence-driven security validation that combines human expertise with automation.
The survey of 400 cybersecurity professionals found that 94% of organizations see the importance of keeping humans in the loop for offensive security programs, while 60% expect analysts to shift from executing offensive security tasks to supervising autonomous workflows. At the same time, 53% of respondents said traditional offensive security approaches, such as manual penetration testing, provide a static view that is obsolete by the time reports are delivered.
The findings highlight a broader transformation in offensive security. Organizations increasingly recognize that point-in-time testing cannot keep pace with rapidly changing attack surfaces, AI-powered threats, and accelerated software development cycles.
“Organizations are facing a new reality where attackers can move faster, automate more activity, and exploit vulnerabilities at unprecedented speed,” said Gunter Ollmann, CTO at Cobalt. “The answer isn’t removing humans from security programs. It’s combining human expertise with AI-powered automation to create continuous offensive security programs that can identify, validate, prioritize, and remediate risk in real time. The future belongs to organizations that can scale expertise, not replace it.”
The research also found that 58% of organizations now utilize PTaaS, making it the most widely adopted offensive security model surveyed. Additionally, 88% of respondents expect to increase spending on offensive security technologies over the next 12 months, including 23% planning significant increases.
Among the key findings:
- 94% of organizations explicitly see the importance of keeping humans in the loop for offensive security programs.
- 60% expect analysts to shift from executing offensive security tasks to supervising autonomous workflows.
- 53% say traditional offensive security strategies provide a static view that is obsolete by the time reports are delivered.
- 58% already utilize PTaaS, making it the most widely adopted offensive security model surveyed.
- 88% plan to increase offensive security spending over the next 12 months, consisting of 65% planning moderate increases and 23% planning significant increases.
The findings underscore growing demand for offensive security programs that provide continuous visibility, integrate with existing security and engineering workflows, and help organizations reduce measurable risk rather than simply identify vulnerabilities. Furthermore, respondents emphasized that shifting toward continuous validation turns security into a business accelerator, whereby development teams can bring secure products to market faster.
“The market is moving toward a model where offensive security becomes an ongoing business process instead of an annual event,” added Ollmann. “Organizations want real-time collaboration, continuous validation, and actionable results that help them improve resilience. That’s exactly the direction the industry is heading.”
The research, Next-generation Offensive Security Strategies Give Defenders the AI Advantage, was conducted by Omdia and surveyed 400 IT and cybersecurity professionals across North America responsible for developing and managing offensive security strategies.
The full report is available here.
Source: Omdia Research Survey, Next-generation Offensive Security Strategies Give Defenders the AI Advantage, May 2026.
About Cobalt
Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in human-led, AI-powered offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 500+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.
Cobalt maintains an outstanding NPS of 9, reflecting its dedication to customer satisfaction. Read our reviews on G2 to see why customers love us. More at https://www.cobalt.io. Follow Cobalt on LinkedIn and X.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260610819228/en/
Media gallery
