For years, the concern has persisted: Is AI poised to replace human jobs? In 2017, McKinsey released a report titled Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, around 375 million workers could be displaced due to AI and automation. This fueled widespread anxiety about job security.
Recently, pentesting has come under scrutiny regarding AI’s impact. With AI-driven automation advancing in areas such as vulnerability assessments and network scanning, and platforms like PlexTrac integrating AI to reduce manual tasks, the question arises—will AI replace pentesters?
AI: A Complement, Not a Replacement for Pentesters
The good news is that predictions are evolving. McKinsey has since revised its projection, reducing the estimated job displacement to about 92 million workers. Moreover, while AI may render some roles obsolete, it is also expected to create approximately 170 million new jobs.
In pentesting, some tasks are likely to be automated in the coming years, requiring professionals to adapt. However, AI lacks the critical element that distinguishes penetration testing from automated tools—the human factor. The Cloud Security Alliance has noted that instead of replacing pentesters, AI functions as a force multiplier, enhancing their capabilities rather than eliminating their roles.
How AI Enhances, Not Eliminates, Pentesting
A common misconception is that AI will make pentesters obsolete. However, AI serves more as an assistant by automating repetitive tasks while leaving complex problem-solving and creativity to human experts.
AI’s Role in Lowering Entry Barriers to Pentesting
AI-powered tools are reshaping pentesting by making sophisticated testing accessible to those with less technical experience, often referred to as script kiddies. By automating complex tasks like vulnerability scanning, adversary simulation, and exploitation, AI allows users to identify system weaknesses with greater ease.
While some professionals may view this as a negative, AI-driven automation ultimately benefits the industry. By handling basic tasks, AI allows testers to focus on more intricate, high-value engagements that refine their skills and deepen their expertise. This leads to a more competent and effective cybersecurity workforce.
Shifting Focus to Higher-Value Work
Pentesters can leverage AI to concentrate on tasks requiring higher expertise. For example, AI can automate vulnerability discovery, allowing security professionals to develop unique exploits and conduct advanced red team exercises that require human intuition and business logic comprehension.
AI can assist in:
Conducting deep research and Open Source Intelligence (OSINT) gathering.
Scanning for vulnerabilities and exposures (CVEs) in systems.
Identifying network vulnerabilities and attack vectors.
Categorizing and prioritizing vulnerabilities based on severity.
Suggesting test cases based on previous vulnerabilities.
By eliminating routine tasks, AI empowers pentesters to focus on uncovering sophisticated exploits and identifying hidden flaws that require human creativity.
AI’s Influence on Phishing and Social Engineering
AI is also revolutionizing social engineering by enabling more realistic phishing simulations. By analyzing vast datasets, AI can craft more convincing social engineering scenarios, allowing businesses to prepare for real-world cyber threats. Furthermore, AI tools can offer feedback, helping pentesters refine their techniques over time.
AI’s Acceleration of the Pentesting Lifecycle
AI can significantly speed up several stages of penetration testing, including:
OSINT & Information Gathering: AI can quickly analyze an organization’s tech stack, detect known vulnerabilities, and suggest potential attack vectors.
Threat Modeling: AI can recommend threats to simulate based on historical data.
Anomaly Detection: AI can detect patterns and flag critical vulnerabilities hidden in vast datasets.
Exploit Development: AI-powered tools can assist in generating exploit code tailored to specific systems.
Post-Exploitation & Evasion: AI can help cover tracks post-exploitation and create misleading evidence to divert defensive investigations.
Pentest Reporting: AI-driven platforms like PlexTrac facilitate report generation, summarizing exploit findings and drafting professional summaries.
AI as a Partner for Pentesters
AI is not a replacement but a collaborator. The future of pentesting will involve AI working alongside human testers, assisting with analysis, reporting, and engagement recommendations. AI will help pentesters:
Collaborate efficiently: AI acts as an assistant, aiding in data analysis and workflow management.
Understand business impact: AI will provide insights into how vulnerabilities affect business operations and reputations.
Leverage reasoning models: AI will offer explanations for its findings, enhancing human understanding and decision-making.
Embracing AI as a Tool, Not a Threat
Rather than replacing pentesters, AI is here to enhance their work, making security processes more efficient and effective. While AI can handle vulnerability scanning, reporting, and basic exploitation, the complex tasks requiring strategic thinking and innovation will always demand a human touch.
Security professionals who embrace AI will remain ahead in the evolving cybersecurity landscape, using AI to augment their capabilities rather than fear its impact.
References
Manyika, James, et al. Workforce Shifts and Employment Changes: Navigating Automation’s Impact.” McKinsey, December 2017, Link.
Mayer, Hannah, et al. Enhancing Workforce Capabilities: Unlocking AI’s Full Potential Through Empowerment.” McKinsey, January 28 2025, www.mckinsey.com/capabilities/mckinsey-digital/our-insights/superagency-in-the-workplace-empowering-people-to-unlock-ais-full-potential-at-work.
Mehta, Umang. “AI-Enhanced Penetration Testing: Redefining Red Team Operations.” Cloud Security Alliance, 06 December 2024, https://cloudsecurityalliance.org/blog/2024/12/06/ai-enhanced-penetration-testing-redefining-red-team-operations.
