Dumisani Masimini
Dumisani Masimini is a penetration tester and security consultant at Pentest People.
He is particularly interested in the human side of security, how technical findings are communicated, understood, and acted upon within organisations. His work explores the gap between exploitation and impact, helping translate complex vulnerabilities into clear, actionable risk.
Dumisani has contributed to community discussions through webinars and is building a body of work focused on improving how penetration testers communicate security risk.
Session
AI is rapidly becoming part of the penetration tester’s workflow, generating payloads, summarising scan results, and accelerating technical discovery. But while these tools increase speed, they also introduce a critical risk: confidence without validation.
AI can suggest vulnerabilities that don’t exist, misinterpret context, and produce output that appears convincing but lacks accuracy. In the hands of an inexperienced tester — or under time pressure — this can lead to false positives, weak findings, and ultimately poor reporting.
This talk explores how AI is actually being used in real-world pentesting, where it provides genuine value, and where it can go wrong. Through practical examples, it highlights common pitfalls and demonstrates how easily unverified AI output can make its way into reports.
More importantly, it introduces a structured approach to using AI responsibly, combining speed with validation, and technical output with real-world context. Attendees will leave with a clear framework for integrating AI into their workflow without compromising credibility or impact.