Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Organizations Fix Less Than Half of All Exploitable Vulnerabilities, with Just 21% of GenAI App Flaws Resolved

Cobalt announced its seventh annual State of Pentesting Report 2025, revealing that organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of genAI app flaws being resolved. 

The Cobalt State of Pentesting Report aims to explore the landscape of vulnerabilities organizations battle today and identifies how security leaders' understanding of their security posture can be contradicted by the number of unremediated threats in their organization. Based on an analysis of pentests carried out by Cobalt, combined with the results of surveyed security leaders, Cobalt found crucial discrepancies exist between how "safe" security leaders believe their organizations are versus the reality. 

Key findings include:

  • Over-confidence: 81% of security leaders are "confident" in their firm's security posture, despite 31% of the serious findings discovered having not been resolved.
  • Too many findings left unresolved: Overall, firms are remediating just 48% of all pentest results, however, this number significantly improves (69%) for findings labeled serious (vulnerabilities rated high and critical severity). 
  • GenAI vulnerabilities are most vulnerable: Organizations are particularly struggling with vulnerabilities within their genAI Large Language Model (LLM) web apps. Most (95%) firms have performed pentesting on these apps in the last year with a third (32%) of tests finding vulnerabilities warranting a serious rating. 
    • Of those findings, a mere 21% of vulnerabilities were fixed, with risks including prompt injection, model manipulation, and data leakage.
    • 72% ranked AI attacks as their number one concern-ahead of risks associated with third-party software, exploited vulnerabilities, insider threats, and nation state actors. 
    • Only 64% say they are "well equipped to address all security implications of genAI."
  • Speed over security: More than half of security leaders (52%) say they are getting pressure to support speed at the cost of security.
  • Lack in software security assurance: Just half (50%) fully trust that they can identify and prevent a vulnerability from their software suppliers-a particular concern given that 82% are required by customers/regulators to provide software security assurance.

"Regular pentesting has never been so important, particularly given the breakneck speed of AI adoption and the vulnerabilities that are introduced into an organization's security posture," said Gunter Ollman, CTO, Cobalt. "It's a concern that 31% of serious vulnerabilities are not being fixed, however at least these firms are aware of the problem and can develop strategies to mitigate the risk. Organizations that do take an offensive security approach are taking a huge step to strengthening defenses against cybercriminals who typically attack opportunistically. In doing so they're getting ahead of any compliance requirements and reassuring their customers that they're safe to do business with."

Published Monday, April 14, 2025 9:56 AM by David Marshall
Filed under: ,
Get This Featured White Paper: 4 Main Benefits of a Thin Client
You may also be interested in this white paper: IGEL Accelerates Window 11 Migration in the Cloud for Now and Next
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<April 2025>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910