Cobalt unveils platform updates to streamline pentesting workflows
Cobalt has announced a series of product enhancements within its Offensive Security Platform intended to assist customers in scaling security testing with greater clarity, automation, and control.
The platform centralises access to security services provided by a team of pentesters, enabling organisations to identify and address vulnerabilities more efficiently across their environments. Features offered include faster pentest launches, real-time collaboration with testers, continuous scanning, and integration with remediation workflows. According to the company, these processes aim to support security teams in identifying critical issues and accelerating the mitigation of risks.
The latest updates seek to provide customers with clearer risk prioritisation. Each finding within the platform now comes with standardised CVSS v3.1 scores alongside OWASP ratings, offering a measurable and objective understanding of vulnerability severity. Users are expected to be able to concentrate their remediation efforts on the most critical security issues first, potentially saving time and resources while maintaining their security posture. CVSS data are accessible via reports, CSV exports, the public API, and integrations.
Deeper insight and increased trust in pentest results is also a focus of these enhancements. Final pentest reports now include a detailed Coverage Checklist with associated findings. This addition is designed to provide a comprehensive overview of testing scope and methodology, linking individual findings directly to test activities. This approach is intended to make it easier for users to analyse results and take appropriate action.
For organisations dealing with recurring or retested vulnerabilities, workflow simplification is addressed through a new configuration option. Users can automatically associate findings carried over from previous reports with existing tracking tickets or generate new tickets for separate tracking. This is intended to save time and reduce confusion in vulnerability management processes.
The process of launching a pentest has also been redesigned. The platform now provides an intuitive flow in which users can select from a range of pentest options, customise requirements - such as requesting a debrief call - and place their order in a matter of minutes. Cobalt describes this as making launching a pentest as simple as ordering a pizza, with the goal of improving the user experience and accelerating the initiation of testing.
Boris Diebold, Chief Technology Officer at HeyJobs, commented, "These updates are all about delivering more impactful and efficient testing. The clearer reporting and streamlined workflows help us understand and address our security risk with more confidence and speed."
Discussing the direction of the platform, Jason Lamar, SVP of Product at Cobalt, said, "These innovations mark the next chapter in the evolution of offensive security services. We're building toward a future where pentesting is continuous, deeply integrated into development workflows, and backed by data that drives real security outcomes - not just compliance. The Cobalt Platform is redefining what it means to test smarter, not harder."
The enhancements are intended to make pentesting more actionable and transparent, whether an organisation is launching a test in a short timeframe, integrating insights directly into development pipelines, or supporting compliance reporting. The platform continues to prioritise usability, integration capabilities, and the timely remediation of vulnerabilities, as it serves security and development operations teams dealing with changing and emerging security threats.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
4 days ago
- Techday NZ
Growing gap revealed between AI innovation & enterprise security
Cobalt has published the State of LLM Security Report 2025, highlighting a growing gap between generative AI adoption and the security measures needed to protect enterprises. The report finds that 36% of security leaders and practitioners acknowledge that the evolution of generative AI (genAI) is outpacing their teams' capacity to secure it, as organisations increasingly embed AI into fundamental business processes. Heightened concern amongst security professionals has prompted many to call for a temporary slowdown. The research indicates that 48% of respondents support a "strategic pause" to allow time for defensive measures against genAI-driven threats to be recalibrated. Despite this, there are no indications that such a pause will take place. "Threat actors aren't waiting around, and neither can security teams," said Gunter Ollmann, Chief Technology Officer at Cobalt. "Our research shows that while genAI is reshaping how we work, it's also rewriting the rules of risk. The foundations of security must evolve in parallel, or we risk building tomorrow's innovation on today's outdated safeguards." The State of LLM Security Report 2025 presents several statistics that illustrate both the state of readiness and the challenges facing organisations. According to the findings, genAI-related attacks are now the primary IT risk for 72% of professionals surveyed, yet 33% of those respondents are not conducting regular security assessments, including penetration testing, for their large language model (LLM) deployments. The report also identifies a growing lack of confidence in the AI supply chain, with 50% of respondents seeking greater transparency from software suppliers regarding how they identify and manage vulnerabilities. This reflects a broader trend in which trust and security assurances become increasingly important as AI becomes more integrated into enterprise systems. A distinction emerges between security leaders and practitioners regarding their respective concerns about genAI. The report finds that 76% of security leaders—those at C-suite and Vice-President level—are more concerned about long-term genAI threats, such as adversarial attacks. This is compared to 68% of practitioners expressing similar concerns. Conversely, when assessing near-term operational risks such as inaccurate model outputs, 45% of practitioners indicate concern compared to 36% of security leaders. The most cited concerns about genAI deployment among all survey participants include the risk of sensitive information disclosure (46%), model poisoning or theft (42%), and training data leakage (37%). These risks highlight a broader need to ensure the integrity and security of AI-driven data pipelines. The report also examines the outcomes of penetration testing across multiple organisations. It reveals that while 69% of serious vulnerabilities discovered through testing are ultimately resolved, this rate drops substantially to just 21% for high-severity vulnerabilities in LLM-specific tests. The report notes that 32% of findings in these tests are classified as serious, reflecting the lowest resolution rate for any test category reviewed by Cobalt. The disparities identified in remediating vulnerabilities, particularly in environments where AI plays a central role, highlight a significant gap in security practices. This is especially notable as organisations continue to accelerate the deployment of generative AI tools in daily operations. "Much like the rush to cloud adoption, genAI has exposed a fundamental gap between innovation and security readiness," Ollmann added. "Mature controls were not built for a world of LLMs. Security teams must shift from reactive audits to programmatic, proactive AI testing—and fast." The report is based on an analysis of data collected from Cobalt penetration tests across more than 2,700 organisations, supplemented by a third-party survey conducted by Emerald Research. The data provided for independent review was anonymised before being given to Cyentia Institute for analysis. These findings suggest that despite significant awareness of genAI risks, there remains a disconnect between the speed of AI adoption and the implementation of comprehensive security measures, as organisations weigh the imperative for both innovation and protection.
Techday NZ
06-06-2025
- Techday NZ
Cobalt unveils platform updates to streamline pentesting workflows
Cobalt has announced a series of product enhancements within its Offensive Security Platform intended to assist customers in scaling security testing with greater clarity, automation, and control. The platform centralises access to security services provided by a team of pentesters, enabling organisations to identify and address vulnerabilities more efficiently across their environments. Features offered include faster pentest launches, real-time collaboration with testers, continuous scanning, and integration with remediation workflows. According to the company, these processes aim to support security teams in identifying critical issues and accelerating the mitigation of risks. The latest updates seek to provide customers with clearer risk prioritisation. Each finding within the platform now comes with standardised CVSS v3.1 scores alongside OWASP ratings, offering a measurable and objective understanding of vulnerability severity. Users are expected to be able to concentrate their remediation efforts on the most critical security issues first, potentially saving time and resources while maintaining their security posture. CVSS data are accessible via reports, CSV exports, the public API, and integrations. Deeper insight and increased trust in pentest results is also a focus of these enhancements. Final pentest reports now include a detailed Coverage Checklist with associated findings. This addition is designed to provide a comprehensive overview of testing scope and methodology, linking individual findings directly to test activities. This approach is intended to make it easier for users to analyse results and take appropriate action. For organisations dealing with recurring or retested vulnerabilities, workflow simplification is addressed through a new configuration option. Users can automatically associate findings carried over from previous reports with existing tracking tickets or generate new tickets for separate tracking. This is intended to save time and reduce confusion in vulnerability management processes. The process of launching a pentest has also been redesigned. The platform now provides an intuitive flow in which users can select from a range of pentest options, customise requirements - such as requesting a debrief call - and place their order in a matter of minutes. Cobalt describes this as making launching a pentest as simple as ordering a pizza, with the goal of improving the user experience and accelerating the initiation of testing. Boris Diebold, Chief Technology Officer at HeyJobs, commented, "These updates are all about delivering more impactful and efficient testing. The clearer reporting and streamlined workflows help us understand and address our security risk with more confidence and speed." Discussing the direction of the platform, Jason Lamar, SVP of Product at Cobalt, said, "These innovations mark the next chapter in the evolution of offensive security services. We're building toward a future where pentesting is continuous, deeply integrated into development workflows, and backed by data that drives real security outcomes - not just compliance. The Cobalt Platform is redefining what it means to test smarter, not harder." The enhancements are intended to make pentesting more actionable and transparent, whether an organisation is launching a test in a short timeframe, integrating insights directly into development pipelines, or supporting compliance reporting. The platform continues to prioritise usability, integration capabilities, and the timely remediation of vulnerabilities, as it serves security and development operations teams dealing with changing and emerging security threats.
Techday NZ
23-05-2025
- Techday NZ
Radware named leader for AI-driven API security by GigaOm
Radware has been recognised as a Leader and Fast Mover in the GigaOm Radar for Application and API Security. The GigaOm Radar evaluated 16 leading application and API security solutions, aiming to assist organisations in making informed decisions about their security investments. Radware received particular recognition for its approaches to vulnerability detection, account takeover protection, and bot management. The report highlighted Radware's coverage of key industry benchmarks. According to the GigaOm Radar, "Radware's comprehensive coverage of OWASP Top 10 web application security risks and Top 10 API security vulnerabilities, coupled with real-time adaption capabilities, demonstrates a cutting-edge approach to AI-enhanced vulnerability detection that goes beyond the basics to offer advanced protection and automated response." The company's machine-learning-driven approach to detecting and mitigating attacks was also noted. GigaOm wrote, "Radware's system also includes ML-based anomaly detection that can identify anomalies on targeted endpoints and automatically push real-time signatures to mitigate attacks, demonstrating a proactive and adaptive approach to account takeover protection that goes beyond standard measures." GigaOm further commented on Radware's multilayered security strategy, stating, "Radware earned a strong score due to a multilayered strategy that includes preemptive protection to block unwanted IPs and identities, AI-powered behavioral-based detection that catches threats others might miss, and advanced mitigation offering a wide range of granular and accurate options." Connie Stack, Chief Growth Officer at Radware, addressed the increasing demands being placed on application and API security in the current landscape. "Organizations are increasingly relying on web applications and APIs to operate their businesses, generate revenue, and engage customers, which is why keeping them secure has become so important—and more difficult," said Stack. "Our advanced AI and machine learning technologies offer customers real-time, state-of-the-art protection across an attack surface and threat landscape that is constantly evolving. We are honoured to be recognised among the market's leading providers of application and API security solutions by GigaOm." Radware's Cloud Application Protection Service comprises a suite of security features, including bot detection and management, API protection, a web application firewall (WAF), client-side protection, and application-layer DDoS protection. These capabilities are combined with end-to-end automation, behavioural-based detection, and 24/7 managed services. The offering is designed to deliver high standards of application protection while aiming to reduce false positives for its customers. The company has also received additional awards and recognitions for its application and network security solutions from other analysts in the field, including Aite-Novarica Group, Forrester, Gartner, KuppingerCole, and QKS Group. Radware provides cloud application, infrastructure, and API security solutions with the use of AI-driven algorithms intended to deliver real-time protection against a range of web, application, DDoS, API abuse, and bot-related threats. The organisation serves enterprises and carriers worldwide, supporting their efforts to address cybersecurity challenges and safeguard their business operations.
