Serious vulnerabilities in generative AI (GenAI) systems discovered during penetration testing are only resolved about 21% of the time, according to Cobalt’s State of Pentesting Report 2025 published Monday.
GenAI flaws are fixed much less often than other types of flaws, such as API flaws, which are resolved more than 75% of the time, and cloud vulnerabilities, which are fixed in 68% of cases.
Overall, organizations resolve about 48% of issues found in penetration tests on average, and 69% of issues classified as serious, according to the Cobalt report.
“Business velocity is outpacing security readiness,” Cobalt Chief Technology Officer Gunter Ollmann told SC Media. “Organizations are racing to launch GenAI-powered features to gain a competitive edge, and security teams are often brought in late — if at all.”
The State of Pentesting 2025 report includes data from Cobalt’s pentesting over a 10-year period and a recent survey of 450 security leaders and practitioners.
While 98% of survey respondents said they were currently integrating GenAI into products and services, only 66% said they were actively conducting regular security assessments, such as pentesting, of these GenAI solutions, the report stated.
Additionally, GenAI systems had a much higher proportion of high-risk security issues than other pentested systems, Cobalt reported. Nearly a third of pentest findings (32%) for large language model (LLM) systems were classified as high risk, compared with a 13% overall average proportion of high risk issues.
Ollmann told SC Media this prevalence of high-risk and unresolved flaws in GenAI system is due to a combination of factors, including a security knowledge gap among AI development teams and reliance on third-party or open-source models.
“The user needs to replace the entire model or package with the updated version. Therefore the user is 100% dependent upon the source provider’s maintaining the GenAI model and their patching/fix processes,” Ollman noted.
Although GenAI flaws are less likely than other types of flaws to be resolved, when they are addressed, they tend to be faster to fix than other types. Cobalt found that AI and LLM flaws usually took between a week and month to fix, compared with a median of 67 days overall across all flaws.
While the median time to resolve was five times longer than the two-week service-level agreement (SLA) objective reported by about 75% of organizations, the median time to resolve for serious vulnerabilities has decreased significantly, from 112 days in 2017 to just 37 days in 2024.
Ollmann said greater buy-in and accountability from business leadership, programmatic offensive security strategies, and “shifting left” of security in the development lifecycle have contributed to this positive development in the resolution of high-risk security issues.
“Regular, structured pentesting helps validate the effectiveness of defensive controls in real-world conditions. This shift improves visibility into what’s actually working, allowing teams to double down on effective controls and deprioritize less impactful efforts — ultimately driving more measurable improvements across the security program,” Ollmann said.
Ollmann recommends this structured approach to pentesting to better tackle GenAI and other vulnerabilities and also urges organizations to ensure their GenAI-driven systems are properly tested prior to being deployed to users.
“Many of the findings identified relate to legacy vulnerabilities in the application, lack of input and output validation, and sensitive information disclosure. With proper planning, training, and testing, organizations can get ahead of these organizational risks,” Ollmann concluded.
