AI in Offensive Security: Redefining Pen Testing and Red Teaming
In a landmark keynote at Hacker Halted 2025 in Atlanta, US, Bikash Barai, Founder & CEO of FireCompass, shared his insights on how AI and automation are fundamentally transforming offensive security, penetration testing, and red teaming. The session highlighted the rapidly evolving cyber landscape, demonstrating how enterprises must adapt to remain secure in an era of AI-driven attacks.
Watch the Full Hacker Halted Keynote by Bikash Barai
Gain first-hand insights on AI-driven offensive security, continuous automated red teaming, and the future of cybersecurity.
FireCompass delivers a unified platform for Continuous Automated Red Teaming (CART), Penetration Testing, and Next-Generation Attack Surface Management.
The Evolving Nature of Hacking
Bikash opened with a provocative perspective: traditional hacking was once the domain of lone hackers crafting exploits in isolation. Today, AI is redefining what it means to “hack.”
“The power of the lone hacker is still there, but now you need the mindset of breaking things and building things, along with math and compute power,” Bikash explained.
With AI, attackers and defenders alike are shifting from deterministic, rule-based approaches toward non-deterministic, probabilistic strategies. Much like anti-spam systems evolved from static rules to machine learning models, cybersecurity is moving toward adaptive AI-driven methods.
Visual suggestion: Diagram showing the shift from “Lone Hacker → AI-Enabled Red Teams → Continuous Red Teaming.”
AI in Offensive Security: Opportunities and Challenges
AI is reshaping the cyber landscape in two major ways:
Optimistic perspective: For the first time, defenders can leverage AI to gain the upper hand. Continuous, AI-driven testing allows enterprises to simulate multi-stage attacks, cover all assets dynamically, and proactively remediate vulnerabilities.
Pessimistic perspective: Enterprises that fail to adopt AI face a growing AI divide, where attackers operate faster, at scale, and with unprecedented sophistication.
Bikash highlighted a structural concern:
“90% of enterprises still conduct annual pentests covering only ~20% of the attack surface. That’s no longer enough in an AI-driven threat environment.”
Visual suggestion: Chart comparing traditional annual pen tests vs AI-driven continuous testing coverage.
AI-Driven Attack Planning: Forward and Backward Chaining
One of the keynote’s key highlights was AI’s ability to plan multi-stage attack paths dynamically.
Forward chaining: AI evaluates known states, such as open ports or credentials, and builds attack paths step-by-step.
Backward chaining: AI starts with a target (e.g., sensitive data) and works backward to determine the necessary actions to reach it.
Bikash showcased FireCompass’ AI agent performing an APT-style penetration test: enumerating SMB shares, identifying credentials, and performing lateral movement autonomously. Early benchmarks show AI approaching-and in some areas surpassing-human red teams in efficiency, coverage, and decision-making.
Visual suggestion: Flowchart of AI attack planning using forward/backward chaining, highlighting decision nodes and successful exploits.
Beyond LLMs: Agentic AI and Classification
AI in offensive security is more than just large language models (LLMs):
Classification algorithms: Prioritize high-value targets for testing, simulating a human red teamer’s intuition.
LLMs: Generate exploits, scripts, and code faster than humans could manually.
Agentic AI: Executes actions autonomously, creating custom payloads and performing end-to-end penetration testing without human intervention.
“LLMs are like operating systems; Agentic AI is the application layer,” Bikash explained.
This combination enables a scalable, autonomous, and intelligent approach to offensive security that was impossible even a decade ago.
Visual suggestion: Layered graphic showing LLMs as “OS” and Agentic AI as “applications” executing tasks autonomously.
Fine-Tuning AI for Real-World Security
AI models trained on generic datasets may not fully understand security-specific contexts. Challenges include:
Lexical gaps: Hacker terminology may differ from AI training data.
Semantic drift: Related security concepts (e.g., SQL injection vs. SQL hunting) may be misinterpreted by models.
Bikash emphasized that fine-tuning AI to specific environments and attack contexts is critical for actionable results.
Visual suggestion: Side-by-side comparison of raw AI predictions vs fine-tuned AI outputs in pen testing scenarios.
Continuous Automated Red Teaming (CART): The New Standard
Traditional, point-in-time penetration testing is no longer sufficient. AI enables Continuous Automated Red Teaming (CART):
Complete asset coverage, including production, pre-production, and shadow environments
Event-triggered, autonomous testing instead of annual checklists
Dynamic attack paths that adapt to defenses in real-time
“Point-in-time pen testing won’t work anymore. AI allows red teams to plan and execute dynamically across the full attack surface,” Bikash noted.
Stay Ahead of Attackers with AI-Powered Automated Penetration Testing.
FireCompass delivers a unified platform for Continuous Automated Red Teaming (CART), Penetration Testing, and Next-Generation Attack Surface Management.
Humans and AI: A Collaborative Future
Despite AI’s transformative capabilities, human expertise remains essential:
AI complements human reasoning: Automating repetitive tasks and accelerating decision-making.
Humans provide context: Interpreting results, understanding business priorities, and guiding AI strategy.
Roles evolve: Pen testers focus on creative reasoning, first-principles thinking, and complex contextual understanding rather than routine checklists.
“AI may surpass 95% of human performance, but collaboration remains critical for effective cybersecurity,” Bikash explained.
Visual suggestion: Graphic showing humans + AI working together as a hybrid defense model.
Key Takeaways for CISOs
AI is accelerating attack timelines, making vulnerabilities exploitable in days.
Focus on vulnerabilities that are truly exploitable and business-critical, not just high CVSS scores.
Validate attack paths and prioritize high-impact exploits over generic metrics.
Continuous, AI-driven testing is no longer optional-it’s critical for staying ahead of attackers.
“Hack Yourself Before Others Do!” Learn more at https://hubs.la/Q03M3p7r0
Conclusion: A New Era of Offensive Security
Bikash’s keynote reinforced a clear truth: AI is no longer a supporting tool-it is the engine of modern offensive security. Organizations that integrate AI, fine-tune models, and combine human expertise with machine intelligence will gain a strategic advantage in the rapidly evolving threat landscape.
Watch the Full Hacker Halted Keynote by Bikash Barai
Gain first-hand insights on AI-driven offensive security, continuous automated red teaming, and the future of cybersecurity
Stay Ahead of Attackers with AI-Powered Automated Penetration Testing.
FireCompass delivers a unified platform for Continuous Automated Red Teaming (CART), Penetration Testing, and Next-Generation Attack Surface Management.
