Skip to main content

Automated Vulnerability Discovery

5 min read
Pentest

Pentest

Automation handles the commodity vulns. Your value is the stuff that requires thinking.

Automated Vulnerability Discovery

TL;DR

  • AI and automation find known vulns fast: CVEs, common misconfigs, basic injection. That's table stakes now.
  • Your differentiation: business logic flaws, chained exploits, novel attack paths. Automation doesn't go there.
  • Use automation to clear the noise. Reserve your time for the high-value, human-only work.

If a scanner can find it, it's not your differentiator. Your job is what happens after the scanners run.

What Automation Finds

  • Known CVEs. SAST, SCA, vuln scanners. Fast, broad. Clients expect this.
  • Common misconfigs. Open buckets, default creds, weak TLS. Automated checks cover these.
  • Overt injection points. SQLi, XSS in obvious inputs. Fuzzers and AI payload gens find many.
  • Outdated software. Version matching, CVE lookup. Commodity.

This isn't worthless. It's baseline. Clients get it from vendors and internal tools. You add the layer they don't have.

What Automation Misses

  • Business logic. "Can I apply a coupon twice?" "Can I access another user's order?" App-specific. No generic scanner finds this.
  • Chained attacks. Vuln A gives info. Vuln B gives access. A + B = compromise. Requires reasoning.
  • Context-dependent issues. "This endpoint is admin-only—but what if we hit it from this other path?" Topology and flow matter.
  • Novel techniques. Zero-days, creative misuse. Automation trains on known patterns.
  • Partial fixes. "They patched the CVE but left the underlying pattern." You spot the remnant.

The New Pentest Model

Phase 1: Let automation run. Scanners, AI-assisted checks. Clear the known issues. Triage and report.

Phase 2: Human deep-dive. Business logic, auth flaws, chaining. Things that need reasoning and context.

Phase 3: Validate and report. Separate "automation found" from "we found." Clients pay for the latter. Make that clear.

Manual process. Repetitive tasks. Limited scale.

Click "With AI" to see the difference →

Quick Check

What remains human when AI automates more of this role?

Do This Next

  1. Audit your last engagement. How much time on scanner triage vs. manual exploitation? Target: shift more time to manual, use AI/automation to speed triage.
  2. Create a "beyond automation" checklist for each engagement type: business logic areas, auth boundaries, chaining opportunities. Use it to focus your manual effort.