
From Annual Checkbox To Continuous SDLC Testing: Operationalizing AI Pentests - Andy Dennis of XBow
From The Security Repo by Mackenzie Jackson & Dwayne McDaniel
March 13, 2026 · 20 min
About this episode
Dwayne McDaniel interviews Andy Dennis about operationalizing AI-backed penetration testing and its implications for continuous testing in the software development lifecycle.
In this episode of the Security Repo Podcast, Dwayne catches up with returning guest Andy Dennis (Head of Field Engineering at XBOW) to unpack what it really means to run “AI-backed” penetration testing at scale, without turning red teaming into a gimmick. They dig into how XBOW approaches discovery, guardrails, and reporting beyond “scan results,” and why operationalizing LLM-driven testing in real enterprises still demands SaaS-grade controls and infrastructure. The conversation closes on where this all goes next: continuous testing in the SDLC, deeper discovery of business-logic bugs, and a near future where findings increasingly translate into remediation-ready pull requests. https://xbow.com/ https://www.linkedin.com/in/andy-d-b43a17b/Head of Field Engineering at XBOW. Published author. Public speaker. Former undergraduate tutor and examiner. Cyber Security and AI Strategy. M&A technical due diligence. 22+ years in industry. International team management experience across 5 continents and 400+ individuals. Interest in Cybernetics. Andy has 22+ years experience in the technology industry and has worked in the UK, Canada and US. He’s had 5 books published on a variety of…
People in this episode
Hosts: Mackenzie Jackson, Dwayne McDaniel
Guest: Andy Dennis
Topics covered
- AI penetration testing
- continuous testing
- SDLC
- cybersecurity
- business-logic bugs
Keywords
- AI
- penetration testing
- SDLC
- cybersecurity
- continuous testing
- business-logic bugs
- reporting
Mentioned in this episode
Organizations: XBOW, Goldsmith’s College, HEC
More episodes of The Security Repo
- AI, Automation, & Humans' Role In Security: A View From Rsac 2026 With Jeff Man and Dwayne McDaniel · April 1, 2026 · 43 min
- Avoiding Operational Chaos While Defending A Credit Union With Data Classification - John Wallace · March 25, 2026 · 20 min
- OIDC And IAP In Production: Scaling Startup Security For Deepfake Defense - Talia Smiley · March 18, 2026 · 20 min
- The PCI Ultimatum -Thrift Store OSINT, and "Lost Media" with Dwayne Edwards and Mike Radigan · March 17, 2026 · 22 min
- Why Compliance Isn’t Governance & How GovOps Rebuilds Trust Boundaries – Mike Schwartz · March 11, 2026 · 38 min
- Building AI Solutions with a Security-First Mindset: Frameworks and Lessons with Henry Odibi · February 11, 2026 · 19 min
Explore listener stats, chart rankings, contacts and more on the The Security Repo podcast page.