Attackers Evolve Too Quickly to Maintain a Truly Resilient Security Posture, Cobalt ‘CISO Perspectives’ Report Finds

68% of CISOs see supply chain risk and generative AI security as top concerns—intertwined challenges that redefine the attack surface

Cobalt, the pioneer of penetration testing as a service (PTaaS) and leader in offensive security services, today announced the release of its CISO Perspectives Report 2025: AI and Digital Supply Chain Risks. This report examines the results of surveyed security leaders who were asked questions regarding topics such as third-party software risks, concerns on AI, insider threats and the current mindset on offensive security strategies.

Findings in this report include:

• 68% of security leaders are concerned about the risks of third-party software tools and components introduced across their tech stacks.
• 73% reported receiving at least one notification of a software supply chain vulnerability or incident in the past year.
• 60% believe attackers are evolving too quickly to maintain a truly resilient security posture
• 46% are uneasy about AI-driven features and large language models.
• 68% say their boards now view the secure deployment of genAI as a critical priority.
• 55% of security leaders say they’re constantly worried one employee mistake could put the whole organization at risk.

As organizations embrace digital transformation and AI, security teams face mounting pressure to defend an ever-expanding attack surface. The report reveals that traditional reactive security measures cannot keep pace with modern threats, particularly when adversaries leverage automation and AI to scale their attacks. Third-party software components, open-source dependencies, and emerging AI-driven capabilities introduce unseen vulnerabilities that can have cascading effects across the enterprise. These risks underscore the urgent need for proactive offensive testing and continuous visibility across the digital supply chain.

“Security leaders understand that attackers are evolving at an unprecedented pace, and defensive strategies alone won’t cut it,” said Andrew Obadiaru, CISO at Cobalt. “Our research shows a growing demand for offensive security to complement traditional controls. This isn’t just about finding gaps—it’s about building a culture of continuous resilience where security is tested as rigorously as the threats we face.”

The CISO Perspectives report also highlights the growing role of penetration testing in security strategies. Nearly nine in 10 security leaders (88%) view pentesting as an essential component of their overall program. Far beyond a compliance checkbox, it is a proactive measure to identify and remediate vulnerabilities before exploitation occurs. Pentesting is also being embedded into software development to provide assurance to regulators and customers concerned about third-party risk. More than half (58%) of respondents require third-party pentest reports to validate software security, while 55% conduct independent code reviews and 53% supplement these efforts with internal testing. These practices reflect a deep commitment to building resilience across the digital supply chain.

The findings serve as a wake-up call for enterprises to rethink their approach to resilience. A single employee misstep or overlooked vulnerability in a software library can trigger a breach with far-reaching business impact. Offensive security practices, such as penetration testing and red teaming, are becoming indispensable for validating defenses in real-world conditions. By adopting a continuous, threat-informed testing strategy, organizations can stay ahead of evolving attacker tactics, reduce uncertainty, and build board-level confidence in their security posture.

Methodology

The findings in the CISO Perspectives Report 2025: AI and Digital Supply Chain Risks are based on data from Emerald Research, an independent third-party research firm, sponsored by Cobalt. The survey included responses from 225 security leaders, defined as a mix of C-level and VP-level security professionals, representing organizations with 500 to 10,000 employees.

Additional Resources:

• Read the CISO Perspectives Report 2025
• Read Key Takeaways from the CISO Perspectives Report 2025
• Read the State of LLM Security Report
• Read Key Takeaways from the Cobalt State of LLM Pentesting Report
• Read the Cobalt State of Pentesting Report 2025
• Read Key takeaways from the Cobalt State of Pentesting Report

About Cobalt

Cobalt is the pioneer in pentesting as a service (PTaaS) and a leader in offensive security services. We are focused on combining talent and technology with speed, scalability, and expertise. Thousands of customers and hundreds of partners rely on the Cobalt Offensive Security Platform, along with 450+ trusted security experts, to find and fix vulnerabilities across their environments. By enabling faster pentest launches, real-time collaboration with pentesters, and seamless integration with remediation workflows, we help organizations identify critical issues and accelerate risk mitigation so they can operate fearlessly and innovate securely.

Cobalt maintains an outstanding NPS of 9.12, reflecting its dedication to customer satisfaction. Read our reviews on G2 to see why customers love us. More at https://www.cobalt.io. Follow Cobalt on LinkedIn and X.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250731929473/en/