Daniel Knight, CEO at Vulnetic
Today’s penetration testing is based on security experts who manually run commands and use limited static tools. The scarcity of skill and brute human labor required for these tests can drive the cost to test into the thousands of dollars per endpoint. State-of-the-art large language models emulate expert cognition and will drive the cost of a penetration test from thousands of dollars to a few dollars in short order. A thousandfold decrease in the cost of an offensive test will transform the industry, not just by replacing the human experts with AI, but by enabling entirely new applications of offensive security. We will see a new market emerge where security agents orchestrate continuous ethical hacking of every device on a network. Every new product version, or even every code commit, can be tested by an expert security agent before an attacker can gain access to critical customer data.
Unfortunately for the current offensive security professional, the role of a foot soldier will be pushed up the managerial ladder all the way to C suite as LLMs improve, and manual-oriented testing teams will become obsolete.
Price collapse
The collapse in inference cost makes offensive testing a utility. When a targeted check costs pennies, you stop scheduling audits and start streaming them. Security moves from scheduled projects to continuous pipelines that track each merge, environment, and runtime change. Engineers get results as quickly as unit tests, and failures block promotion the same way failing builds do today. There are already CI/CD security tools, but this time the agent will be far more capable than any human.
Press enter or click to view image in full size
Agents inside the app
Agents operate inside applications and networks rather than on consultants’ laptops. They sit next to the code, next to the database, and at the edges where customers connect. They watch artifacts as they are built, exercise endpoints as they are exposed, and retest known weaknesses as configurations drift. They maintain state across runs, learn from past findings, and page fixer agents when regressions appear.
Get Daniel Knight’s stories in your inbox
Join Medium for free to get updates from this writer.
Human experts shift from running tools to directing systems. They set objectives, define rules of engagement, and allocate compute. They approve risk, stage campaigns, and choose where agents focus. They interpret ambiguous signals and make tradeoffs between speed, safety, and coverage. Unfortunately, this will be short lived as agents are cheaper and will become smarter than humans in a matter of years.
Press enter or click to view image in full size
Attacker economy
The attacker economy also shifts. Offense scales for both sides, and cheap automated probes increase background pressure. The advantage goes to organizations that close the loop fastest, not those that spend the most on a single annual test. Guardrails, sandboxes, and strong identity become mandatory so agents can operate safely inside production while containing blast radius. There will be a massive arms race between the black hats and the private sector on who will develop the most creative hacking agent.
There will also be a decrease in the gap between private sector and foreign state actors. While the USA is winning the AI race, American companies will have the best hacking capabilities. Without the best foundational LLMs, countries outside the US sphere will be forced to use the less effective, open weight Chinese models. Closed weights will become as valuable as nuclear secrets, and espionage will be at an all-time high.
The new default
The new paradigm is not about swapping a consultant for a chatbot, it is about saturating the attack surface with agents at near-zero marginal cost. With inference cheap and agents embedded, offensive security becomes part of how production software and networks run. With a hacking agent inside of every device on the network, all potential vectors can be tested, not just from a single device or with an external perspective. Your coffee pot will be a launch point for a forward deployed hacking agent, stress testing the durability of your smart fridge.
Checkout our hacking agent here
Email me directly at: danielk@vulnetic.ai