Keeping the Consultant in the Loop: How AI Supports Our Security Testing Strategy

Artificial intelligence now features in almost every security testing discussion. Our customers want to know whether AI makes testing faster, lower cost, and more thorough. They also want to know where their data goes, how these models are used, and whether anyone is still genuinely accountable for the findings they receive.

These are good questions, and we have spent considerable engineering effort answering them properly. This blog is an insight into our current strategy, our opinions, what we are building, and why our approach keeps our assessments at the highest quality while making the most of what AI genuinely offers.

AI is a powerful tool. The expertise is still what makes us special.

Large language models are trained on publicly available knowledge, including a great deal of the offensive security methodology that consultants like us helped develop and publish over the years. That makes them genuinely useful. It does not make them attackers, or a replacement for the skilled tester.

A model pattern-matches against prior data. It does not reason adversarially, it does not improvise its way through a novel attack path, and it has no real grasp of your business context, your compensating controls, or your appetite for risk. Its outputs are probabilistic rather than deterministic, which means findings still require careful consultant validation before they can support business or audit decisions.

We do not see this as a limitation, but as a clear distinction between what the tool does and what the consultant does. AI accelerates the work. Judgement, creativity, and accountability remain with experienced testers.

Where AI earns its place in an engagement

We have been deliberate about where we apply AI, favouring targeted augmentation over wholesale automation. The areas where it delivers real value during an assessment include:

Working at scale

AI lets us triage large codebases and configuration sets quickly, surfacing patterns across a volume of material that would otherwise consume disproportionate manual effort. That frees consultant time for the analysis that actually requires a human.

Accelerating the workflow

Faster interpretation of tool and scan output, support for methodology adherence, and assistance with hypothesis generation and exploit development all shorten the path from observation to validated finding.

Acting as a contextual assistant

During an engagement, a well-integrated model serves as knowledge augmentation, reducing the time a consultant spends on low-value manual tasks so more of the engagement is spent on high-value work.

In every one of these cases the principle is the same: AI supports the decision. It does not own it.

Why a human stays in the loop, by design

Keeping a consultant firmly in control is a deliberate quality and scope decision, and it reflects the parts of testing that machines are simply not suited to. No AI-generated output is treated as a finding without consultant validation and contextual analysis.

Models can misinterpret context, overstate confidence, or surface technically plausible but ultimately incorrect conclusions. Validation and reproducibility therefore remain essential parts of our methodology.

Risk assessment is contextual. Business impact, threat modelling, and exploitability depend on understanding an organisation that no model fully holds.

Subtle vulnerabilities can be missed, edge cases can be misread, and experienced testers often identify issues because something simply does not “feel” right.

Real-world attack paths are chained together with creativity and adaptive thinking. Automation does not replicate that reasoning. Scope, testing boundaries, and client-specific legal and ethical constraints need careful human handling throughout.

A large language model does not exercise moral judgement. “Guardrails” are designed to restrict certain outputs or behaviours; they are not ethics, and they are not accountability. Our clients require defensible, auditable conclusions they can act on with confidence, which means we must have a skilled operator standing behind every result.

Real attackers do not follow patterns. Neither do we. We innovate, and it is one of the proudest pillars of what makes us, us: “Our expertise and relentless curiosity combine to deliver customer-specific engagements.” That is what a determined adversary will do to you, although their objective is harm rather than good.

Our approach: controlled adoption, consultant-led

We treat AI integration as an engineering and methodology problem, which is precisely the kind of challenge we are well placed to solve.

Firstly, today the model itself is only one part of the equation. Capability across modern LLMs is increasingly converging, so we have deliberately avoided dependency on any single model or provider. What matters far more is the framework around the model: how AI is integrated into the testing lifecycle in a repeatable, controlled, secure, and auditable way.

Any harness must be built security-first. We apply strict data handling controls, isolate client data, and manage prompts and outputs safely. Deployment models are flexible to suit the sensitivity of the engagement, spanning private AI model deployments, customer-controlled environments, and local or offline models for the most sensitive scenarios.

We can clearly explain where data is processed, how models are deployed, and what controls are in place for each engagement.

AI augmentation is applied selectively throughout an engagement, based on the sensitivity of the activity and the data involved.

Our use of AI during client engagements is designed around strict data minimisation principles. Before any information is processed by a model, client-identifying data is sanitised or tokenised wherever possible. This includes measures such as scrubbing client names, email addresses, hostnames, and IP addressing information from prompts and supporting data.

Where AI augmentation is used during an engagement, we preferentially utilise private AI model deployments hosted within controlled cloud environments such as Azure AI Foundry and Amazon Bedrock. This allows us to provide clear assurances around data handling: client data is not used to train foundation models or shared with third-party model providers for training purposes, and remains within tightly controlled environments aligned to client security expectations.

In many cases, AI-assisted activities do not require client data to be processed at all. For example, large language models are highly effective at accelerating the development of scripts, tooling, detection logic, and automation used by consultants during an engagement, without requiring sensitive client information to be shared with the model.

What this means for you

We are seeing two consistent themes from clients. The first is cost pressure and a reasonable expectation of efficiency gains. The second is a healthy concern about where data goes and how models are used.

Our response to both is straightforward. We embrace AI to enhance delivery, and we do it without diluting quality. Consultant-led engagements remain the core of what we do.

We introduce automation selectively where it genuinely helps, in areas such as attack surface discovery and continuous assurance, and we can give you clear, defensible answers on data security, model usage, and the oversight wrapped around all of it.

AI is improving how we deliver. It is not changing what we deliver.

You still receive rigorous, expert-led testing and findings you can defend to an auditor, a regulator, or your board, delivered by consultants with the relevant expertise and hard-earned qualifications. The difference is that our consultants now spend more of their time on the work that only experienced testers can do, and less on the work a machine can accelerate.

The technology is changing quickly, but the relentless curiosity that defines Cyberis is far harder to automate.