Cobalt LogotypeWhite

Knowledge is Power.
Download the State of Pentesting Report 2025.


What you don’t know can put you at risk. Most security teams trust their defenses, until pentesting reveals the gaps. The 2025 State of Pentesting Report uncovers the vulnerabilities and shows you how to build a more effective security program.

Co-authored by Cobalt and Cyentia, the State of Pentesting Report 2025 breaks down key findings from research and, most importantly, explains how to turn knowledge into action.

Inside the report, you’ll learn:
  • Why even as 98% of organizations are integrating genAI into their products, security investments aren't keeping pace.
  • How pentesting data challenges assumptions and exposes critical, exploitable vulnerabilities that automated scans miss.
  • The biggest concerns of security leaders, how teams are prioritizing threats, and how your security measures up.
     

    Get the expert insights you need to protect your organization.

State-of-pentesting-report-sopr-thumbnail

Discover security insights from the latest State of Pentesting Report

Cobalt is pleased to present the essential findings from our State of Pentesting Report 2025, offering insights into the state of security—from web applications and APIs, to networks, cloud, and LLMs—based on thousands of tests conducted over the last decade. Get critical information you need to build a better security program.

In this report, find out why perception and reality don’t always agree:

  • Most organizations (81%) are confident that their security posture is strong. Yet pentesting consistently reveals hidden vulnerabilities.
  • Three-quarters of organizations have service-level agreements (SLAs) that serious pentest findings should be fixed in 14 days or less. Yet few meet this goal.
  • The median time to resolve (MTTR) stands at 37 days for serious pentest findings—five times longer than the two-week SLA set by most organizations.

Download the State of Pentesting Report today!

Get the report to discover the security challenges of AI adoption and stay ahead of evolving threats.
state-of-pentesting-report-statistics-sopr-2025