We Let an AI Pentester Attack Our App — Here’s What It Found

We Let an AI Pentester Attack Our App — Here’s What It Found

From So What About AI Agents by Philippe Trounev

May 3, 2026 · 49 min · Season 2 · Episode 1

About this episode

The episode discusses the unexpected findings from an AI penetration testing agent running against a production application.

We let an autonomous AI penetration testing agent run against our production application — and the results were unexpected.In this episode, we sit down with Grant McCracken from Dark Horse Security, who built Vulcan, an AI-powered pentesting agent capable of autonomously discovering vulnerabilities in real-world systems.Instead of traditional scanners or manual pentests, Vulcan ran continuously, explored the app like a human tester, and uncovered issues we hadn’t considered — including unexpected behavior in our AI workflows.We cover:How AI penetration testing actually worksWhy traditional scanners miss critical vulnerabilitiesWhat Vulcan found in our systemHow we fixed the issues it uncoveredThe future of continuous, autonomous security testingIf you're building with AI, deploying SaaS products, or working on secure infrastructure — this is a glimpse into what security will look like going forward.

People in this episode

Host: Philippe Trounev

Guest: Grant McCracken

Topics covered

  • AI penetration testing
  • vulnerability discovery
  • autonomous security
  • SaaS security
  • AI workflows

Keywords

  • AI pentesting
  • vulnerabilities
  • security testing
  • autonomous agents
  • SaaS products

Mentioned in this episode

Organizations: Dark Horse Security

Products: Vulcan

More episodes of So What About AI Agents

Explore listener stats, chart rankings, contacts and more on the So What About AI Agents podcast page.