2026 Is the Year of Continuous Offensive Security Testing: Novee CEO Ido Geffen on Confero’s Cyber Conversations

On a recent episode of Confero’s Cyber Confersations, Novee CEO Ido Geffen walked through the forces reshaping offensive security: why AI is changing the economics of the field on both the builder side and the attacker side, why periodic testing no longer holds up, and what it actually takes to build an AI penetration testing platform that thinks like an elite human operator. The throughline: the shift to continuous, AI-driven offensive testing isn’t a prediction about the future. It’s already underway.

Key Takeaways:

• Why AI is fundamentally changing the economics of cybersecurity
• How attackers are already leveraging frontier AI models
• How the attack surface is expanding faster than humans alone can realistically secure
• Why traditional periodic security testing is no longer enough
• Why the future of cyber defense has to move at the same speed as AI-powered attacks
• The rise of Continuous Offensive Security Testing (COST)
• How Novee built a specialized AI model trained to think like elite penetration testers

Here are the highlights.

1 – AI is rewriting the economics of cybersecurity.

The cost and complexity of securing software is being reset by the way software now gets built. Vibe coding and AI-assisted development mean more code shipping faster, more applications to defend, and, increasingly, applications with LLMs embedded directly inside them. Every one of those is a new, untested attack surface.

The math has changed. The volume and complication of what a security team is responsible for is climbing on a curve that headcount can’t follow. The attack surface is expanding faster than humans alone can realistically secure it, and no amount of hiring closes that gap.

2 – Attackers are already using frontier AI. The storm isn’t coming – it’s here.

On the other side of the equation, adversary automation is advancing fast. Attackers are using frontier models to run faster, wider campaigns and to chain small business logic flaws into real breaches – at a pace and scale that point-in-time defenses were never designed to match.

The “storm” of AI-driven vulnerability discovery that the industry keeps framing as a future risk is already underway. Treating it as something on the horizon is how teams fall behind right now. The advantage goes to whoever operationalizes this technology first.

3 – Periodic testing can’t keep up. 2026 is the year of COST.

Point-in-time testing made sense when applications changed slowly. They don’t anymore. And as organizations wire AI agents into their own workflows, they have to adopt security testing that runs at the same pace those systems change.

2026 and 2027 will be the years of Continuous Offensive Security Testing (COST) – a category that becomes standard the way EDR and cloud security did before it. A new class of risk emerges, the tooling matures to meet it, and continuous coverage goes from differentiator to baseline expectation. Offensive security is now on that curve.

4 – Defenders finally have a real edge: a reasoning brain wired to offensive tooling.

The same tech attackers arm themselves with is now giving defenders a genuine edge. You can now use an LLM as a reasoning brain, connect it to the right offensive tools, and actually act on security – not just generate another report full of findings to triage.

For the first time, it’s possible to find novel vulnerabilities at the level of the best penetration testers in the world, and to do it at scale, across an entire portfolio, rather than one application at a time. This is the core of what Novee does: combine the best AI hacker and the best AI defender so a team can operate like one many times its size.

5 – How Novee trains its AI Hacker.

Novee’s approach is to clone the knowledge of a team of elite operators into a coordinated hive of agents that knows both how to break into systems and how to personalize the defense.

The agents are trained to generate code and browse applications the way a real human tester does. They’re trained on the tools real operators reach for, and the techniques that live in an expert hacker’s head get distilled into prompts the agents can execute reliably. 

Critically, each agent in the hive has a specific job – mapping the attack surface, planning test cases, running exploits, validating findings, guiding remediation – which makes the system far more efficient than a single general-purpose model trying to do everything at once. 

For a deeper look at how that training works, read our blog.

6 – The cost advantage of building a proprietary model using open-source.

Novee trains its own proprietary offensive model. Part of the reason is staying ahead of adversaries: relying entirely on the same frontier models an attacker can rent is not a durable edge. Training a purpose-built offensive model is.

There’s an economic reason too. Tokens are the new gold standard, and continuous testing at the pace of the SDLC burns a lot of them. Building on an open-source foundation, wrapped in a custom offensive harness, makes that testing cost-efficient enough to actually run continuously – and those savings get passed on to customers. 

It’s what makes Novee’s predictable, per-asset pricing possible: you can test as deep and as often as you need without cost climbing with depth or frequency.

7 – What happens when market and tech mature simultaneously.

Novee launched at the intersection of two curves finally meeting: a market that now understands it needs continuous offensive testing, and a technology that has matured to the point where it genuinely works. Neither was true a couple of years ago.

That timing shows up in demand. Large financial institutions are already starting to work with this kind of technology, and appetite for an AI penetration testing platform like Novee is high.

The organizations adding AI agents into their workflows are the same ones realizing they need to test continuously, at the same pace – and they’re moving now.
Watch the full conversation with Ido Geffen on Confero’s Cyber Conversations here. And to see Novee in action for yourself, schedule a demo.