
The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson
From Shared Security Podcast by Tom Eston, Scott Wright, Kevin Tackett
March 23, 2026 · 44 min
About this episode
Tom Eston interviews Andrew Wilson about the evolution of offensive security and the impact of AI on penetration testing.
Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s growing cybersecurity and AI ecosystem, driven by talent, community events, and government-university partnerships, and how offensive security has shifted from “one-person army” generalists to more specialized roles. Wilson explains his PhD work modeling expert pen testers’ cognitive approaches to shape AI agents, argues AI lowers barriers but requires validation due to hallucinations, and predicts routine, methodology-driven testing will be automated while expert human work persists. He forecasts compliance and audit frameworks will eventually accept more objective, scalable AI-based control validation, reshaping the pen testing market. If you work in cybersecurity, involved in penetration testing and offensive security, or are just trying to figure out what the AI hype actually means for attackers and defenders, this episode is for you! **…
People in this episode
Host: Tom Eston
Guest: Andrew Wilson
Topics covered
- offensive security
- penetration testing
- AI in cybersecurity
- cybersecurity ecosystem
- expert cognitive approaches
- automation in testing
Keywords
- offensive security
- penetration testing
- AI
- cybersecurity
- Bishop Fox
- Cactus Con
- automation
- expert testing
- cognitive approaches
Mentioned in this episode
Organizations: Bishop Fox, Cactus Con
Places: Guadalajara, Mexico
More episodes of Shared Security Podcast
- Mobile Application Security: What Every Organization Needs to Know · June 10, 2026 · 32 min
- Microsoft Threatens Legal Action Over Exploit Disclosure · June 8, 2026 · 17 min
- Apple Finally Fixes One of Texting’s Biggest Security Problems · June 1, 2026 · 15 min
- Should AI Have Access to Your Financial Life? · May 25, 2026 · 25 min
- Cybersecurity Lessons from the Canvas Data Breach · May 18, 2026 · 17 min
- Passwords Are Still Failing Us (World Password Day 2026) · May 11, 2026 · 22 min
Explore listener stats, chart rankings, contacts and more on the Shared Security Podcast podcast page.