AI-Driven Web App Testing - Will LLMs Replace Manual Vulnerability Research?
15:05 - 15:35, 20th of May (Wednesday) 2026 / R&D & Cybersec
AI is transforming pentesting faster than most teams can adapt their processes. For years, we relied on traditional DAST scanners and manual testing, which required a specialist to piece together tool outputs, business context, and their own intuition. Today, multi-agent systems like PentAGI are entering the scene. These systems can autonomously plan actions, run offensive tools, analyze logs, modify payloads, and execute tests concurrently across multiple targets. But does this spell the end of manual vulnerability research?
In this presentation, I will show where AI truly excels: enumeration, automation, persistence, and processing large volumes of data. I will dive into the architecture of PentAGI, the importance of observability and cost control, and the role of private scrapers, local models, and air-gapped environments. Using Juice Shop as an example, I will compare the agent-based approach against classic DAST. I will also reference the Stanford results and the ARTEMIS framework, which clearly illustrate both the advantages and limitations of machine-driven testing.
AI isn’t replacing the pentester; it’s evolving the role. Come see how.
