SEC536: Adversarial AI - Penetration Testing AI Systems


Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsKey findings:
The survey's core insight is that no single testing method covers every application type or vulnerability class. Manual penetration testing consistently outperforms automated tools because human testers understand intended application logic well enough to find business-logic and access-control flaws that scanners miss, while SAST, DAST, and SCA earn their place through ease of integration and lower cost rather than raw detection value. The recommended approach is to layer methods across the application lifecycle rather than rely on any one technique. Respondents were security administrators/analysts, security architects, product security professionals, and application developers, drawn from organizations of varying sizes, with roughly 80% confirming their organization develops and supports applications or APIs. Headquarters were concentrated in the United States and Europe, though more than 20% of respondent organizations had operations across nearly every global region.
Matt Bromiley is a Lead Solutions Engineer at LimaCharlie and SANS Certified Instructor. He serves as a GIAC Advisory Board member, a SME for the SANS Security Awareness, and a technical writer for the SANS Analyst Program.
Learn more

David has 20+ years of experience in vulnerability management, application security, and DevOps. He's developed technical security training initiatives, and believes vulnerability management is one of the most important foundations of cybersecurity.
Learn more


















