While 95 percent of organizations say they rank pentesting as a top priority, they are currently testing only 32 percent of their global attack surface on average according to a new study.
The report from Synack with research by Omida surveyed 200 US security leaders to understand how organizations are adopting agentic AI to overcome the scalability limits of traditional, manual pentesting.
“This research proves the industry is ready to move beyond the twice-a-year pentest model,” says Jay Kaplan, Synack CEO and co-founder. “We founded Synack on the idea that security requires machine speed for breadth and human judgment for creativity. This report confirms the market is catching up to that reality. Continuous, agent-led testing with human oversight is how the modern enterprise will stay ahead of today’s sophisticated threats.”
Among the findings are that 87 percent of organizations have moved beyond evaluation and are actively planning, piloting, or using agentic AI for penetration testing. 95 percent of organizations anticipate that agentic AI will displace traditional pentesting services, though the degree varies, only 49 percent expect complete or significant displacement.
In addition 64 percent of organizations prefer an agent-led, human-oversight model, combining machine scalability with a human safety net. 87 percent of leaders say they trust agentic AI, yet 93 percent state that comprehensive guardrails and transparent decision-making are critical for safe operation.
“The data shows a clear disconnect — security leaders know pentesting is critical, yet most of their environment remains untested,” says Angela Heindl-Schober, CMO at Synack. “That gap is redefining how organizations approach offensive security. Agentic AI is not a future concept — it’s becoming the only scalable way to continuously test modern, dynamic environments.”
The full report is available to download from the Synack site.
