95% of Enterprises Prioritize Pentesting, Yet Only 32% of Attack Surfaces Are Tested, New Synack and Omdia Research Finds

– (Immediapress) – Growing attack surfaces and increasing AI use by adversaries outweigh concerns over AI guardrails

REDWOOD CITY, Calif., March 19, 2026 /PRNewswire/ — Synack, the leader in human-led and AI-powered penetration testing, and Omdia, a technology research firm, released a new report, “The 2026 State of Agentic AI in Pentesting,” revealing a major gap between security priorities and real-world testing coverage. While 95% of organizations rank pentesting as a top priority, they are currently testing only 32% of their global attack surface on average.

This massive security gap leaves 68% of the enterprise environment untested, creating significant blind spots as AI-enabled adversaries become more prevalent. The primary research study, commissioned by Synack, surveyed 200 U.S. security leaders to understand how organizations are adopting agentic AI to overcome the scalability limits of traditional, manual pentesting. This disconnect highlights a structural limitation in traditional pentesting models, which cannot scale with the speed and complexity of modern cloud and AI-driven environments.

The report signals a fundamental shift from traditional pentesting to agentic, AI-driven offensive security while maintaining a human in the loop.

“This research proves the industry is ready to move beyond the twice-a-year pentest model,” said Jay Kaplan, Synack CEO and Co-founder. “We founded Synack on the idea that security requires machine speed for breadth and human judgment for creativity. This report confirms the market is catching up to that reality. Continuous, agent-led testing with human oversight is how the modern enterprise will stay ahead of today’s sophisticated threats.”

Dr. Mark Kuhr, Synack CTO and Co-founder, added, “AI delivers scale and coverage, but real-world risk still requires human creativity. By combining agentic AI with our elite Synack Red Team, we enable continuous testing that reflects how attackers actually operate.”

“The data shows a clear disconnect—security leaders know pentesting is critical, yet most of their environment remains untested,” said Angela Heindl-Schober, CMO at Synack. “That gap is redefining how organizations approach offensive security. Agentic AI is not a future concept—it’s becoming the only scalable way to continuously test modern, dynamic environments.”

Key Findings from the 2026 Research

The report serves as a call to action for security teams aiming to improve remediation times and prove business value to leadership. By delivering a complete offensive security platform, Synack is helping CISOs transition to a dynamic, resilient security posture to match the scale and speed of the modern threat landscape. As enterprises face AI-driven threats, closing the pentesting coverage gap will be a defining priority for modern cybersecurity.

Where to Get the Report

The full report, “The 2026 State of Agentic AI in Pentesting,” is available for download at [https://go.synack.com/ai-pentesting-report-omdia].

About Synack

Synack is the leader in human-led and AI-powered penetration testing, transforming offensive security to help organizations proactively reduce risk, stay compliant and defend against evolving cyber threats. Synack harnesses agentic AI innovations and a talented, vetted community of security researchers to deliver continuous penetration testing and autonomous vulnerability management. Founded by former NSA operatives, Synack has enabled nearly 10 million hours of expert testing to protect critical assets, from global financial systems to U.S. Defense Department networks. Learn more at www.synack.com.

About Omdia

Omdia, part of TechTarget, Inc. d/b/a Informa TechTarget (Nasdaq: TTGT), is a technology research and advisory group. Our deep knowledge of tech markets grounded in real conversations with industry leaders and hundreds of thousands of data points, make our market intelligence our clients’ strategic advantage. From R&D to ROI, we identify the greatest opportunities and move the industry forward.

Photo – https://mma.prnewswire.com/media/2938103/Jay_Kaplan_CEO_Synack.jpg

Photo – https://mma.prnewswire.com/media/2938104/Mark_Kuhr_CTO_Synack.jpg

Photo – https://mma.prnewswire.com/media/2938105/Angela_Heindl_Schober_CMO_Synack.jpg

Logo – https://mma.prnewswire.com/media/838158/Synack_Logo_v2.jpg

View original content:https://www.prnewswire.co.uk/news-releases/95-of-enterprises-prioritize-pentesting-yet-only-32-of-attack-surfaces-are-tested-new-synack-and-omdia-research-finds-302719005.html

Copyright 2026 PR Newswire. All Rights Reserved.

COMUNICATO STAMPA SPONSORIZZATO: Immediapress è un servizio di diffusione di comunicati stampa in testo originale redatto direttamente dall’ente che lo emette. L’Adnkronos e Immediapress non sono responsabili per i contenuti dei comunicati trasmessi