Pentester’s perspective: Is AI the future and coming for your role?
AI is the buzz around the world and is revolutionizing the way almost all industries operate today. With automation in cybersecurity, AI is claimed to make radical changes in security and safety.
What is pentesting?
Penetration testing, often labeled as pentesting, is a type of cybersecurity testing that identifies and exploits vulnerabilities in a system, network, or application. But with AI and job displacement as topics everywhere, will AI in penetration testing change how we perceive cybersecurity and replace humans with AI? According to the McKinsey workforce automation report, 92 million workers may get displaced by AI, and 170 million new roles will be revealed.
Pentesting automation:
AI in cybersecurity training is a more nuanced approach and has streamlined monotonous and repetitive tasks. With AI, cybersecurity will become efficient by automating tasks such as vulnerability scans, adversary simulations, and network scans.
Script Kiddies:
People with less technical experience or expertise (often called script kiddies) can use AI-powered tools to perform sophisticated tests without understanding the underlying mechanics. AI has reduced the barrier to entry by automating complex tasks and thus, enabling users to identify and exploit weaknesses in the system easily.
Though script kiddies get a negative attribute for their work, AI benefits everyone, allowing testers of all levels to take on a more intricate workload. With AI taking over the tedious workload, pentesters can focus on becoming proficient in their roles.
Manual vs. automated testing:
Everyone gains from AI, and pentesters can leverage automation to free up time to focus on tasks with a higher level of expertise or human intervention. Manual testing takes effort and time to complete, especially when it is repetitive and monotonous. Some of the tasks that AI can automate are:
- OSINT (Open Source Intelligence): AI can analyze technology stacks, identify known vulnerabilities, and suggest potential attack vectors faster than a human by facilitating deeper research and OSINT gathering.
- AI in network scanning: AI can supervise basic network scans and identify prospective attack vectors.
- AI-enhanced vulnerability scanning: AI can categorize and prioritize discovered vulnerabilities based on severity and exploitability. It can also suggest additional test cases to supervise based on discovered vulnerabilities.
- AI-driven vulnerability discovery: Vulnerability scans can use AI technology to go through a huge list of in-scope information assets, taking considerably less time.
Conclusion:
As more news is published about AI and job displacement, the future of pentesting is quite similar: unpredictable and unknown. In the end, the human element in pentesting is important, as AI will augment, not substitute, pentesting capabilities. AI’s impact on cybersecurity jobs will allow pentesters to overperform at a reduced time and improve efficiency.
Adopting AI as a tool to build up their work, pentesters have more time for exciting and challenging aspects of their jobs, like hacking, problem-solving, and outsmarting adversaries. Platforms like PlexTrac’s AI capabilities will cut down the manual effort, and some features of the pentester role will give themselves to automation in the future. Cloud Security Alliance was quoted as saying that AI as a force multiplier won’t replace penetration testers.
