It’s hard to believe a full year has passed since I stepped in as CEO of Cobalt. The time has moved quickly, filled with incredible energy, collaboration, and progress. When I joined, I saw a company with the unique potential to redefine offensive security. Now, 12 months later, I’m more inspired than ever by what we’ve built together and where we’re headed.
This past year has been a testament to the power of a clear vision and a dedicated team. For that, I want to extend my deepest gratitude to our customers, our partners, our incredible community of pentesters, and the entire Team Cobalt. Your trust and dedication are the bedrock of our momentum.
A Year of Purpose-Driven Performance
The security landscape is more complex than ever. Security teams need more than just vulnerability reports; they need speed, scale, and expertise to secure their entire attack surface.
Our mission has been to meet this need by empowering our clients to build true programmatic offensive security programs—a continuous, strategic approach to risk reduction that secures everything from code to company.
I’m thrilled to say this vision has resonated. Looking back at the first half of the year, our progress speaks for itself:
- Our customer base grew by 18% as more businesses turned to us for a strategic security partner.
- Our amazing 450+ strong Cobalt Core community conducted thousands of pentests, uncovering an average of 16 critical vulnerabilities for our clients every single day. We conduct over 5,000 pentests annually—more than any other pentesting provider.
- We achieved a Net Promoter Score (NPS) of 9.12. This is the metric I’m most proud of, as it reflects the deep trust our customers place in us.
- We were honored with six industry awards and a record-setting 79 badges from G2.
- GigaOm placed us as a Leader and Outperformer in the GigaOmn Radar Report—for PTaaS, for the third year in a row.
- This momentum is the result of a relentless focus on our mission, and it provides a powerful foundation for what comes next.
The Next Frontier: Building with Intelligence
Over a decade ago, Cobalt invented the category of penetration testing as a service (PTaaS). We are now transforming the industry once again by creating an AI driven offensive security platform that delivers the quality testing our customers expect, with even greater scale and speed. We are leveraging automation, AI, and our unparalleled dataset of pentests to augment our greatest asset—our people. The benefit to our customers is decreased time to find and fix vulnerabilities across their entire attack surface.
At Cobalt, we view AI as an opportunity to both enhance our service offerings and to improve our internal operations. Our AI manifesto outlines our commitment to responsibly leveraging AI to deliver superior value. We are advancing along two parallel paths:
- AI in our product: We are integrating AI to enhance our platform, not to replace our experts. We see AI as a way to intelligently guide our testers, automating mundane tasks so they can focus their ingenuity on discovering complex risks that require human expertise.
- AI in our operations: We are turning this lens inward, using AI to streamline processes and boost productivity in every single department. This frees up our people to innovate and strategize on what matters most.
We are firmly committed to using AI ethically and responsibly, with an unwavering focus on data privacy, security, and transparency.
Leading the Charge in Securing AI Itself
While we focus on using AI for security, we cannot ignore the other side of the coin: securing the AI and LLM-based applications businesses are rapidly deploying. The risks are not theoretical. Our own research shows that 32% of findings in our LLM pentests are high-risk vulnerabilities—a higher rate than in any other kind of pentest we conduct.
This is why Cobalt is at the forefront of developing new methodologies for testing these systems. Our pentesters contributed to the OWASP Top 10 for LLMs, and we leverage that expertise to uncover hard-to-find vulnerabilities in our clients' products, enabling them to innovate securely.
As we look to the future, our mission is to revolutionize the way organizations protect themselves from cyberthreats by uniting the best of people and technology. We are building a future where AI handles the noisy, repetitive work of reconnaissance and data analysis, freeing up the creative ingenuity of our human pentesters to find the high-risk vulnerabilities that automated scanners miss.
At the same time, helping our customers thrive in a secure future means confronting new frontiers of risk. As organizations rapidly deploy their own AI and LLM-based applications, we are at the forefront of securing these new technologies. This dual focus—using AI to empower our experts, and providing the expertise to secure AI itself—is how we will ensure our customers can go forward with confidence.
My optimism continues to grow. We are building on a year of incredible performance to create a future for our customers where offensive security is programmatic, continuous, and intelligently enhanced. By combining the scale and speed of AI with the irreplaceable intelligence of human experts, we are giving our customers true confidence in their security posture. The future is built by those bold enough to create it, and we’re just getting started.
