AI won't kill pentesting, but it looks like it will hollow out the middle of it. The commodity end, the part that looks like a Nessus scan turned into a Word document, is already being automated by tooling that doesn't need a human in the loop. The senior end, the part that involves chaining three half-broken assumptions across a real environment, is getting more valuable, not less. The awkward question is what happens to the people stuck between those two ends, which is where a large share of practitioners sit.
A quick disclaimer before somebody points it out.
I'm not a pentester and I won't pretend to be one.
I've dabbled with offensive security over the years. A few lower-level certs, even signed up for OSCP once. I liked the training. What became obvious was that the famous "try harder" mentality wasn't going to bridge the gap between where I was and where the good testers operated.
Part of it was aptitude. My scripting was always functional, never exceptional. More importantly, I realised I was more interested in the systems than the exploit. I wanted to understand why organisations created the conditions that allowed vulnerabilities to exist in the first place.
My career ended up elsewhere.
I've spent far more time designing systems, reviewing assessments, scoping engagements and consuming pentest outputs than performing the work myself. I've also worked alongside testers with wildly different strengths and approaches.
So this isn't a practitioner's view of how to execute a pentest.
It's a view from somebody who's spent a long time watching how offensive security is bought, delivered, consumed and valued inside organisations.
What AI is actually good at right now
The hype says AI is doing autonomous offensive security. It isn't. What it is doing, reliably, is the boring 60 per cent of a pentest. Parsing scan output. Drafting a finding writeup with a CVSS vector that's mostly right. Generating a plausible exploit POC for a CVE that's been public for six months. Suggesting payload variants for a known injection class. Summarising a long burp history into a candidate vulnerability list. None of that is the interesting part of the job. All of it is the part the junior consultant was billing for.
The honest tell is that the tools getting traction in the offensive space aren't autonomous agents. They're copilots that compress the report-writing tax and the recon grind. That's a real productivity gain, and it changes the economics of who gets hired, but it's not the singularity.
What it's still bad at, and why that matters
AI struggles the moment a test stops looking like the training data. A misconfigured federation trust between two tenants. A race condition in a custom workflow engine. A privilege escalation that depends on knowing which on-call engineer approves which Jira ticket. The pattern is the same: real environments are weird in ways the public corpus has never seen, and the value of a senior tester is recognising that weirdness and exploiting it.
That recognition is judgement, not knowledge. It's the difference between "this endpoint returns a 500" and "this endpoint returns a 500 because the dev wrapped a third-party SDK they don't understand, which means the auth check probably runs after the side effect." No current model does that reliably. The ones that look like they do are usually being prompted by a tester who already saw the answer.
The squeeze on the middle
The career problem isn't at the top or the bottom. It's in the middle band, the two-to-five-year tester who used to make their money doing competent, repetitive work across a lot of engagements. That work was the apprenticeship. It was how people built the pattern library that eventually turned them into the senior who spots the weird federation trust.
That apprenticeship is now under pressure, and nobody in the industry has a clean answer for what replaces it. Firms still want the £900-a-day principal. They no longer want to pay three mid-level testers to grind through external infrastructure tests, because one mid-level plus a copilot now does the work of all three. The pipeline that produced the next generation of seniors is narrower than it was, and the environmental intuition that the current generation picked up through volume has to come from somewhere else.
What buyers will actually do
The procurement side of this moves faster than the practitioner side. CISOs already see pentest invoices as a compliance tax. Once a vendor can credibly say "we run an AI-augmented scan and a human reviews the high-impact findings" at half the day rate, that becomes the default for the bottom 70 per cent of engagements, the ones that exist to tick a SOC 2 or ISO box.
The remaining 30 per cent, the engagements that exist because somebody actually wants to know whether they can be breached, will keep paying senior rates and in some cases pay more. But that market is smaller than the current industry headcount assumes. A lot of mid-tier consultancies that built their business on volume compliance pentests are about to find out their margin was the part the AI just ate.
What this means if you're trying to enter the field
The "learn to pentest" advice from 2022 was already shaky. In 2026 it needs a different shape. The jobs that survive are the ones where the value is judgement applied to a specific environment, not knowledge of a technique. That argues for specialising into something with environmental complexity from the start: cloud identity attack paths, CI/CD supply chain, OT, mobile, niche enterprise stacks. Generalist external infra testing is becoming a harder place to differentiate.
The cert pipeline reflects little of this yet. The hiring market still uses OSCP and similar as a filter. That mismatch is survivable if you understand it: get the cert because the HR system demands it, then immediately spend your evenings on the work the cert doesn't teach. Use the AI tools openly during that learning. The future senior tester is probably the one who used the copilot to compress the grind and spent the saved time on the weird stuff. The one who refused to touch it will be slower and won't have learned more.
What this means if you're already in the field
The uncomfortable read: if your last three engagements could have been done by a competent operator with a good copilot, your billing rate is going to come under pressure within eighteen months. The defence isn't to work harder on the same engagements. It's to move up the complexity stack, which usually means moving towards red team, purple team, or adversary emulation work where the deliverable is a story about how a real attacker would chain things in this specific environment, not a list of CVEs.
The other defence is moving sideways into the defensive side of the same skill. Detection engineering, threat hunting, and cloud security engineering all reward the same pattern recognition that made you a good tester, and the AI squeeze on those roles is much weaker because the value is in understanding a specific environment over time, not in generating findings against it once a year.
What we don't know yet
AI adoption in offensive security is uneven. Some firms are running fully AI-augmented workflows already; others still bill by the day and haven't changed their tooling in three years. Consultancy models vary: the boutique that lives on repeat adversarial assessments is playing a different game from the mid-tier shop doing fifty compliance tests a month. Some firms may double down on training, building the next generation of seniors deliberately rather than accidentally through volume. The market is still adjusting, and the practitioners who admit that uncertainty will make better decisions than the ones who pretend the outcome is already settled.
The honest summary
AI isn't ending offensive security. It's collapsing the part of the industry that was already commoditised, sharpening the divide between testers who do judgement work and testers who do template work, and quietly narrowing the apprenticeship that turned one into the other. The people who already do judgement work will be fine. Juniors who specialise early into something with environmental complexity will be fine. The mid-career generalists who assumed the next ten years would look like the last ten are the ones who should be reading this most carefully.
Where this connects on POST
For the broader argument on why AI shrinks specific IT roles rather than all of them, see AI will not delete IT. For how certifications still function as signal even when the market underneath them is shifting, see certifications prove direction. The perspectives index has more on how technology careers actually move when the underlying work changes shape.