A third of pen tests find vulnerabilities warranting a serious rating.
Organisations are fixing fewer than half of all exploitable vulnerabilities, with just 21 percent of genAI app flaws being resolved.
According to research by Cobalt, firms are remediating just 48 percent of all pen test results, however, this number significantly improves - to 69 percent - for vulnerabilities rated for high and critical severity.
In particular, organizations are struggling with vulnerabilities within their GenAI Large Language Model (LLM) web apps. Most firms have performed pen testing on these apps in the last year, with a third of tests finding vulnerabilities warranting a serious rating.
Gunter Ollman, CTO of Cobalt. “It’s a concern that 31 percent of serious vulnerabilities are not being fixed, however at least these firms are aware of the problem and can develop strategies to mitigate the risk.
“Organisations that do take an offensive security approach are taking a huge step to strengthening defences against cybercriminals who typically attack opportunistically. In doing so they’re getting ahead of any compliance requirements and reassuring their customers that they’re safe to do business with.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
