Nearly half of security professionals call for a “strategic pause”, but threat actors aren’t waiting
Cobalt, the pioneer of penetration testing as a service (PTaaS) and leader in offensive security services, announced the release of its State of LLM Security Report 2025. This new research reveals a widening readiness gap in enterprise security as the rapid adoption of generative AI (genAI) outpaces defenders’ ability to secure it. A staggering 36% of security leaders and practitioners admit that genAI is moving faster than their teams can manage, a sobering reality as organizations continue to embed AI deep into core business operations.
Cyber Technology Insights : Panasonic Information Systems Secures Access to Thousands of Servers with CyberArk
Despite growing concern, many are calling for a timeout: 48% of respondents believe a “strategic pause” is needed to recalibrate defenses against genAI-driven threats. But that pause isn’t coming.
“Threat actors aren’t waiting around, and neither can security teams,” said Gunter Ollmann, CTO, Cobalt. “Our research shows that while genAI is reshaping how we work, it’s also rewriting the rules of risk. The foundations of security must evolve in parallel, or we risk building tomorrow’s innovation on today’s outdated safeguards.”
Key findings from the report include:
- 72% of respondents cite genAI-related attacks as their top IT risk, but 33% are still not conducting regular security assessments, including penetration testing, for their LLM deployments.
- 50% of respondents want more transparency from software suppliers about how they detect and prevent vulnerabilities, signaling a growing trust gap in the AI supply chain.
Cyber Technology Insights : ActiveState Expands Secure Open Source Offering for Enterprises
- Security leaders (C-suite and VP level) are more concerned about long-term genAI threats like adversarial attacks (76%) versus the 68% of practitioners which expressed the same concern. However when it came to near-term operational risks such as inaccurate outputs, 45% of practitioners expressed concern versus 36% of security leaders.
- Top concerns among all survey respondents include sensitive information disclosure (46%), model poisoning or theft (42%), and training data leakage (37%), all pointing to an urgent need to protect the integrity of data pipelines.
- Overall, 69% of serious findings across all pentest categories are resolved but this falls to just 21% of the high-severity vulnerabilities found in LLM pentests. This is a concern given that 32% of LLM pentest findings are serious and is the lowest resolution rate across all test types conducted by Cobalt.
“Much like the rush to cloud adoption, genAI has exposed a fundamental gap between innovation and security readiness,” Ollmann added. “Mature controls were not built for a world of LLMs. Security teams must shift from reactive audits to programmatic, proactive AI testing—and fast.”
Cyber Technology Insights : Stronghold Data Leverages SonicWall CSE to Power Simpler
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
Source: businesswire
