NetSPI unveils AI-led workflow redesign for pentesting

NetSPI has released a redesigned user experience for its penetration testing platform, with an interface intended to reflect customer workflows and use AI to reduce the steps required for common tasks.

The update targets security teams managing growing attack surfaces and tighter remediation timelines. Many organisations run penetration testing alongside multiple point tools for scanning, tracking and reporting. As a result, teams often switch between systems as they move from findings to fixes.

Built from customer feedback and use cases, the new interface aims to let most actions be completed in two clicks or less. The redesign supports both day-to-day work for practitioners and oversight for security leaders.

Workflow Changes

The platform now provides role-based dashboards and views. It also includes tools for scheduling and tracking tests, plus a central workflow for integrations, scans and agents.

The update is also positioned as a way to improve vulnerability prioritisation. Use case-focused dashboards and customisable views are designed to surface exploitability, attack paths, ownership and remediation status. The goal is to make it clearer where teams should start and which actions reduce risk the most.

"We designed the NetSPI experience around how security teams actually work," said Nabil Hannan, Field CISO at NetSPI. "Pentesting should help you answer critical questions quickly, prioritize what matters, and move straight from insight to action, with clarity and confidence."

The changes respond to pentesting programmes that can still be slow to organise and difficult to operationalise. Teams often need to coordinate scope, logistics and reporting across multiple stakeholders, then translate results into remediation work that fits change management processes and application release cycles.

Analyst View

Christina Richmond, Principal Analyst at Richmond Advisory Group, described the approach as a move towards consolidation and workflow-led design.

"NetSPI's unified platform represents a strategic pivot toward proactive security, consolidating continuous testing and simulation into a single, outcome-driven experience that prioritizes user workflows over industry acronyms," Richmond said. "By anchoring its strategy in a hybrid model of human expertise and targeted AI, the company offers the validation depth needed to address expanding enterprise exposures. In doing so, it moves the conversation closer to measurable security outcomes rather than simply expanding the volume of security activity."

NetSPI's product direction reflects a broader shift in security operations as firms try to align testing with business risk. That often involves ranking vulnerabilities based on likelihood of exploitation, exposure of affected assets and the importance of impacted services. In parallel, security leaders face pressure from boards and regulators to show measurable progress on remediation and control effectiveness.

Beyond Pentesting

The platform also covers areas beyond traditional penetration testing, including external asset discovery, dark web monitoring, cloud security configuration reviews and domain monitoring. NetSPI says it combines human testers with AI to provide continuous visibility and validation across the attack surface.

Verizon, which previewed the experience, said the interface offered broader visibility alongside attack simulation.

"Proactive security starts with understanding your full attack surface and validating it continuously," said Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon. "What stands out about the new NetSPI experience is that it goes beyond traditional pentesting to provide broader visibility and real-world attack simulation. It gives us a clearer picture of where we're exposed and how an adversary would actually move."