2026-04-25 –, Seminar Room 7
AI is rapidly becoming part of the penetration tester’s workflow, generating payloads, summarising scan results, and accelerating technical discovery. But while these tools increase speed, they also introduce a critical risk: confidence without validation.
AI can suggest vulnerabilities that don’t exist, misinterpret context, and produce output that appears convincing but lacks accuracy. In the hands of an inexperienced tester — or under time pressure — this can lead to false positives, weak findings, and ultimately poor reporting.
This talk explores how AI is actually being used in real-world pentesting, where it provides genuine value, and where it can go wrong. Through practical examples, it highlights common pitfalls and demonstrates how easily unverified AI output can make its way into reports.
More importantly, it introduces a structured approach to using AI responsibly, combining speed with validation, and technical output with real-world context. Attendees will leave with a clear framework for integrating AI into their workflow without compromising credibility or impact.
AI can generate payloads, summarise scans, and even suggest vulnerabilities, but it doesn’t understand risk.
In the rush to adopt AI in penetration testing, many are producing faster results, but weaker outcomes. Findings are less validated, reports are less meaningful, and the gap between technical output and business impact is growing.
This talk challenges the hype and focuses on what actually matters: using AI as a tool, not a crutch.
By walking through real examples, we’ll explore how to turn raw AI-assisted output into clear, credible, and actionable security insights. Because in the end, the value of a pentest isn’t in the payload , it’s in the decision it drives.
Dumisani Masimini is a penetration tester and security consultant at Pentest People.
He is particularly interested in the human side of security, how technical findings are communicated, understood, and acted upon within organisations. His work explores the gap between exploitation and impact, helping translate complex vulnerabilities into clear, actionable risk.
Dumisani has contributed to community discussions through webinars and is building a body of work focused on improving how penetration testers communicate security risk.