Penetration testing has become a fundamental component of the strategy for Chief Information Security Officers (CISOs).

Security leaders are re-evaluating their cybersecurity strategies as digital supply chains grow and Generative AI becomes integral to critical systems. A recent survey by Emerald Research, involving 225 security leaders, revealed that 68% are apprehensive about the risks associated with third-party software and components. While most respondents claim to meet regulatory requirements, 60% acknowledge that attackers are evolving too rapidly to guarantee safety. The report underscores a rising tension between compliance and actual security, with leaders advocating for stronger controls, quicker remediation, and enhanced visibility into emerging AI risks. Many now perceive cybersecurity as a strategic business issue rather than merely a technical concern.

Third-party tools remain the primary worry, but concerns regarding Generative AI are increasing. Nearly half of the respondents expressed unease about AI-driven features and large language models. Boards are also recognising the importance of this issue, with 68% of security leaders stating that their boards now prioritise the secure deployment of Generative AI. These concerns are substantiated by findings from penetration tests of AI applications, which indicated that 32% had high-risk vulnerabilities, a rate higher than that of other system categories. The complexity of software supply chains, which often include a mix of proprietary code, open-source components, and external services, further exacerbates these concerns. Seventy-three percent of executives reported receiving at least one notification of a supply chain vulnerability or incident in the past year, prompting 83% to release formal requirements for vendor security demonstrations.