The cybersecurity industry is confronting a new reality: traditional vulnerability management is no longer enough. As enterprises rapidly deploy AI-powered applications, autonomous agents, and large language model (LLM) infrastructure, security teams are discovering that many of the most dangerous exposures cannot be identified through conventional CVE-based scanning alone. Instead, organizations are increasingly grappling with misconfigured AI services, exposed machine learning infrastructure, and interconnected systems that create entirely new attack paths.

Against this backdrop, CyCognito is expanding its exposure management platform with continuous AI pentesting capabilities designed to uncover complex, contextual risks that deterministic scanners often overlook. The initiative reflects a broader shift across the industry, in which security leaders are moving beyond identifying known vulnerabilities to continuously validating how attackers could exploit an organization’s unique environment.

AI Creates New Blind Spots

The rapid adoption of generative AI has dramatically expanded enterprise attack surfaces. Organizations are deploying AI copilots, retrieval-augmented generation (RAG) systems, Model Context Protocol (MCP) servers, orchestration platforms, and machine learning infrastructure faster than many security programs can inventory them.

Unlike traditional software vulnerabilities, these systems often introduce security gaps through configuration mistakes, excessive privileges, or unintended exposure between interconnected services. Such weaknesses may not have a CVE assigned to them, yet they can still provide attackers with direct access to sensitive business data.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

According to CyCognito, its platform now identifies more than 60 categories of AI-related technologies, including MCP servers, Ollama, MLflow, PyTorch, Triton, n8n, and other components commonly used in enterprise AI deployments.

From Detection to Simulated Attacks

Rather than stopping at asset discovery, CyCognito’s latest capability uses AI agents to simulate how an attacker would move through an organization’s exposed infrastructure.

Instead of asking whether a vulnerability exists, the system evaluates whether a sequence of actions could realistically compromise sensitive systems or expose valuable data. These attack chains combine contextual reasoning, environmental awareness, and multi-step testing that extend well beyond traditional vulnerability scanning.

The company’s recently published original technical deep dive on continuous AI pentesting explains how these AI agents prioritize testing using contextual intelligence gathered across an organization’s external attack surface, allowing security teams to focus on validated business risk rather than isolated technical findings.

Real-World Findings Highlight Emerging Risks

CyCognito shared several examples illustrating the types of exposures that continuous AI pentesting can identify.

In one case, an externally accessible MCP server provided an unauthenticated natural-language interface connected to a production CRM environment. By following a sequence of prompt injections and API interactions, AI agents were able to enumerate backend services and ultimately access millions of customer and financial records without credentials.

Another engagement uncovered a publicly accessible knowledge base supporting a RAG deployment. While authentication protected the AI agent itself, the underlying document repository remained openly reachable, exposing internal documents, contracts, communications, and customer information.

Perhaps most striking was the discovery of an internet-facing physical security platform responsible for managing building access controls, surveillance cameras, and badge readers. The system had been deployed alongside customer-facing AI services without proper segmentation, demonstrating how digital transformation initiatives can inadvertently expand risk into operational technology.

None of these scenarios relied on exploiting a known software vulnerability. Instead, they stemmed from architectural decisions, deployment practices, and business context that conventional scanners would likely miss.

Why Continuous Testing Matters

Traditional penetration testing remains an important security practice, but its point-in-time nature limits its effectiveness against environments that change daily.

While AI has accelerated offensive testing, many organizations still run AI-powered assessments as periodic engagements because of computational cost. According to CyCognito, this often limits deep testing to only the highest-priority assets, leaving much of the external attack surface largely unexamined.

To address this challenge, the company developed what it calls the Target Graph™, an orchestration layer that combines exposure assessment, threat intelligence, deterministic validation, and business context to determine where AI agents should spend their computational effort.

The approach allows AI pentesting to continuously adjust its depth and techniques based on newly discovered assets, environmental changes, and emerging threat activity.

An additional advantage comes from the system’s feedback loop. Attack techniques successfully validated by AI agents can later be converted into deterministic tests, reducing future computational requirements while expanding automated coverage.

A Broader Industry Transition

The emergence of AI-native infrastructure is changing how organizations think about external exposure management. As enterprise environments become increasingly dynamic, security programs are shifting from identifying isolated vulnerabilities toward continuously evaluating how systems interact and whether those interactions create exploitable pathways.

CyCognito’s latest announcement reflects that evolution. Rather than treating penetration testing as an occasional validation exercise, the company envisions continuous AI-driven testing becoming an always-on component of exposure management.

Internally known as “Project Kineto,” the initiative draws inspiration from the transition from still photography to motion pictures, a metaphor for replacing periodic security snapshots with continuous visibility into evolving attack surfaces.

As AI adoption accelerates across enterprises, the industry’s challenge may no longer be finding known vulnerabilities, but understanding how countless small exposures combine into meaningful business risk. Continuous AI pentesting represents one emerging approach to solving that problem.