Beyond the Scan: Unmasking Hidden Risks and Unfixed Flaws in the Age of AI

In this episode, we dive deep into the findings of the State of Pentesting Report 2025 to explore the real state of cybersecurity. Organizations may feel confident, but pentesting consistently reveals hidden, exploitable vulnerabilities that automated scanners miss. We'll uncover the most significant risks identified through human-led pentests, from common web and mobile application flaws like Server Security Misconfiguration and Missing Access Control to the rapidly emerging and uniquely challenging security issues in AI and Large Language Models (LLMs). Learn why AI/LLM tests have a significantly higher proportion of serious findings and the specific threats like Insecure Output Handling, Prompt Injection, and Unbounded Consumption. More critically, we'll address the disconnect between perceived security and reality by examining why less than half of all findings ever get resolved and how even serious vulnerabilities often remain open for months or years, far exceeding targeted SLAs. We'll explore the factors influencing this remediation struggle, including criticality, pentest type, organizational size, industry, and internal processes. Tune in to understand the critical need for a programmatic approach to offensive security and the challenges teams face in fixing what pentesters find.