Cloning Attacker Tradecraft: Why AI Pentesting is Becoming Essential
Novee CEO Ido Geffen explains how AI penetration testing differs from traditional scanning and why continuous, attacker-like validation is becoming essential as enterprises ship code faster and attackers adopt AI.
Enterprises are shipping code continuously, while most security validation still happens in snapshots—creating a growing gap that attackers are increasingly exploiting.
In a recent interview on CyberRisk TV with Joshua Marpet, Novee CEO and co-founder Ido Geffen explains what “AI penetration testing” actually means, how it differs from traditional automated scanning, and why it’s becoming essential as attackers use AI to move faster and operate continuously.
Ido outlines what defines best-in-class AI pentesting: operator-like reasoning across real environments, validated exploitability, and the ability to uncover complex business logic flaws and multi-step attack chains.
He also shares insights into the technology behind Novee’s AI penetration tester, including a proprietary LLM model built independently from frontier models.
“AI pentesting isn’t just automation—it’s about replicating how real attackers think and operate, continuously,” Ido explains.
See the full episode at SC Media →
Originally published in SC Media on March 23, 2026.
