Distrust in AI for Cybersecurity: Only 1 in 10 Trust It

What happened?

Cobalt's State of Pentesting Report 2026, based on surveys of about 450 cybersecurity professionals, reveals a historic collapse in trust toward fully automated AI tools for penetration testing. In 2025, 29% of respondents fully trusted AI automation; in 2026, that figure plummeted to 9%, a 69% year-over-year decline. Additionally, 78% of participants said automated scanners missed critical vulnerabilities, explaining the drastic drop. These data come from two survey waves conducted by Cobalt, one in 2025 and another in 2026, comparing the evolution of perception in the cybersecurity community.

Historical context is key: over the past decade, automation in cybersecurity has been seen as a panacea for talent shortages and the growing attack surface. Tools like Anthropic's Mythos, launched with great fanfare, promised to drastically reduce detection times. However, the Cobalt report suggests reality is more complex. The decline in trust is not an isolated event: it echoes the skepticism that arose after the wave of false positives from early signature-based intrusion detection systems in the early 2000s, which led to the adoption of hybrid approaches.

The problem of LLM vulnerabilities

Vulnerabilities in large language models (LLMs) proved particularly complex. The mean time to remediation (MTTR) doubled, from 19 to 36 days, according to the report. At the time of analysis, only 38% of LLM vulnerabilities were fixed, while 62% remained open, indicating limited remediation capability. Nearly a third of AI testing findings were rated as high risk, 2.7 times more than in conventional software. This reflects the unique nature of LLMs, where errors can have unpredictable consequences, such as generating biased content or leaking sensitive data.

Andrew Obadiaru, CISO at Cobalt, noted: “LLM vulnerabilities are deeply context-dependent and invisible to tools that lack architectural understanding of the application.” This statement underscores the need for a more nuanced approach, where AI is not used as a black box but as an integrated component in a broader testing process.

Why is it important?

This shift in trust has profound implications for the cybersecurity industry. The promise of full automation, driven by tools like Anthropic's Mythos, faces the reality that unguided algorithms generate false positives and, worse, costly false negatives. In a market where security breaches can cost millions of dollars, trust in tools is fundamental. The drop from 29% to 9% indicates that professionals are reassessing their strategies, which could slow AI adoption in critical environments.

Moreover, the Cobalt report contrasts with media hype around Mythos and its Chinese variants, such as the one developed by 360. While headlines celebrate advances, field data show a more cautious reality. This is not a rejection of AI but a market maturation: companies are learning to distinguish between hype and real value. The impact on end users is twofold: on one hand, organizations relying solely on automation may be exposed to undetected risks; on the other, those adopting hybrid models could achieve more robust security.

Consequences and trends

In response to this distrust, hybrid models have gained significant ground. According to the report, 47% of professionals now prefer combining automation with human oversight, a 22% year-over-year increase from 25% in 2025. Automation is relegated to low-risk environments, while human expertise remains indispensable for complex business logic vulnerabilities. This trend mirrors patterns observed in other industries, such as autonomous driving, where after years of promises, a more realistic driver-assistance approach has been adopted.

The report also reveals that LLM vulnerabilities are particularly difficult to detect and fix, with MTTR doubling and a fix rate below 40%. This suggests organizations need to invest in specialized training and tools that integrate contextual understanding. CISA (Cybersecurity and Infrastructure Security Agency) has issued similar warnings about LLM risks in enterprise environments, reinforcing the need for a cautious approach.

In the market, this could translate into increased demand for hybrid pentesting services and specialized AI consulting. Startups offering purely automated solutions may face difficulties, while those integrating human oversight could capture greater market share. Major players like CrowdStrike and Palo Alto Networks are already incorporating hybrid capabilities into their platforms, indicating the trend is global.

What readers should know

• Do not blindly trust AI tools for cybersecurity; always validate with human experts, especially for LLM vulnerabilities.
• Hybrid models (automation + humans) are the current trend and likely the most effective, with 47% adoption in 2026.
• LLM vulnerabilities are particularly difficult to detect and fix; they require specialized attention and an MTTR that has doubled to 36 days.
• The Cobalt report is based on surveys of 450 professionals, giving it a solid statistical foundation, though the sample size is limited compared to the global cybersecurity population.
• Speculation about the future suggests AI will remain a complementary tool, not a replacement, and trust will recover only when tools demonstrate accuracy comparable to humans in complex contexts.

“Automation should be deployed exactly where it excels, but elite human expertise remains critical for discovering and remediating the most complex business logic risks.” — Andrew Obadiaru, CISO of Cobalt.

In conclusion, the Cobalt report marks a turning point in the cybersecurity industry. Blind trust in AI has given way to a more balanced approach, where technology and human judgment work together. For companies, the lesson is clear: automation is a powerful tool, but not a magic solution. Investment in human talent and hybrid processes will be key to facing future threats.