A Hacker and a CISO on Closing the AI Security Gap in 2026

Attackers aren't probing your LLMs in isolation—they're chaining prompt injections into your internal APIs, data sources, and connected actions. A pentester's job is to break what a CISO has built, and that adversarial lens matters more than ever as AI rewires the attack surface faster than defenses can keep up.

The Cobalt 2026 State of Pentesting Report quantifies the gap: AI applications produce high-risk findings at 2.7x the rate of traditional software, and resolution rates sit at a dataset-low 38%. Joe Brinkley, Head of Offensive Security Research, brings the hacker view; Andrew Obadiaru, CISO, brings the program view (including how the top 10% resolve high-risk issues in 10 days while the bottom 10% take 249).

Watch to learn:

  • How attackers exploit LLM apps through chained, multi-step techniques
  • What separates the top 10% of security programs from the bottom 10% (it isn't budget)
  • How to use offensive testing to validate your AI security investments
SPEAKERS
Andrew Obadiaru, leadership headshot
Andrew Obadiaru
Chief Information Security Officer, Cobalt
Andrew Obadiaru is the Chief Information Security Officer at Cobalt. In this role, Andrew is responsible for maintaining the confidentiality, integrity, and availability of the company's systems and data. Prior to joining Cobalt, Andrew was the Head of Information Security for BBVA USA Corporate Investment banking, where he oversaw the creation and execution of its cybersecurity strategy. Andrew has 20+ years in the security and technology space, with a history of managing and mitigating risk across changing technologies, software, and diverse platforms.
Joe-Brinkley
Joe Brinkley
Head of Offensive Security Research & Community, Cobalt
Joe Brinkley, also known in the community as BlindHacker, serves as the Director of Offensive Security Research & Community at Cobalt. Bringing over 20 years of "in the trenches" experience to the offensive security space, Joe’s career began in 2005 with a decade as a high-level government consultant before he transitioned into commercial penetration testing in 2016. He joined Cobalt in late 2025, drawn by a mission to evolve traditional Pentesting into a more dynamic, community-driven research model. When he isn't obsessing over cybersecurity, you’ll likely find him tinkering in his home lab or perfecting a smoked brisket.