Skip to content

Penetration Testing

Verizon DBIR 2026: The Year Vulnerability Exploitation Beat Credentials. What It Means for Your Pen Testing Program

The Verizon 2026 Data Breach Investigations Report dropped this week, and for the first time in the report’s 19-year history, vulnerability exploitation has overtaken credential abuse as the top initial access vector. Exploited vulnerabilities now account for 31% of breaches, up from 20% the year before. Credentials dropped from 22% to 13%. Read past the… Read More »Verizon DBIR 2026: The Year Vulnerability Exploitation Beat Credentials. What It Means for Your Pen Testing Program

Gartner Named FireCompass in the New COST Market. Here’s Why That Category Exists, and What Most Vendors Are Going to Miss

Gartner published a research note in March 2026 that quietly reshaped the offensive security market. It’s called The Future of Pen Testing Is Continuous Offensive Security Testing (Dhivya Poole, Carlos De Sola Caraballo, Mitchell Schneider, 6 March 2026, ID G00845606), and it introduces a new category: Continuous Offensive Security Testing, or COST. FireCompass was named… Read More »Gartner Named FireCompass in the New COST Market. Here’s Why That Category Exists, and What Most Vendors Are Going to Miss

10 Questions to Ask Your AI Pen Testing Vendor Before You Sign

10 Questions to Ask Your AI Pen Testing Vendor Before You Sign

The shortlist looks identical. The architecture is not. Every AI pen test vendor on your shortlist will tell you their false positive rate is under five percent. Their demos will look impressive. Their decks will name the same frontier models. This is the problem. Frontier model access is commoditizing. Any team can wire an Anthropic,… Read More »10 Questions to Ask Your AI Pen Testing Vendor Before You Sign

Offensive Security Guide: BAS, CTEM, CART, Pen Test, & COST Explained

BAS, CTEM, CART, Pen Test, VA, AEV, COST: What Each Actually Does, and When to Use What

Every quarter a new three-letter acronym shows up in a vendor deck. Last year it was AEV. This year Gartner introduced COST. CTEM is everywhere. BAS has been around forever and still gets confused with red teaming. Pen test means six different things depending on who you ask. If you run a security program, the… Read More »BAS, CTEM, CART, Pen Test, VA, AEV, COST: What Each Actually Does, and When to Use What

Combinatorial Belief States Are the Cost of Explicit Uncertainty

Combinatorial Belief States Are the Cost of Explicit Uncertainty

Many objections to belief-state planning are framed as concerns about scalability. In practice, they are concerned about visibility. Systems that avoid explicit belief do not eliminate uncertainty; they merely conceal it. This concealment can appear efficient, but it comes at a cost that is paid later often at the point where decisions matter most. This… Read More »Combinatorial Belief States Are the Cost of Explicit Uncertainty

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.