Risky Business Features Former Adobe, Cisco and Salesforce CISO talks AI pentesting
Feb 19, 2026
Brad Arkin, former CISO/CSO at Adobe, Cisco and Salesforce, brings enterprise security strategy and testing experience. He explores where AI fits in penetration testing, its cost and scaling benefits, limits of AI tools, and when to prioritize architecture or containment over endless bug fixes. The conversation also covers AI’s impact on bug bounties and using tests for M&A risk decisions.
AI Snips
Chapters
Transcript
Episode notes
AI Tempts With Cost Savings And Hard Questions
- AI pentesting appeals because it can arbitrage high human rates and scale testing quickly.
- But it also forces fundamental questions about the purpose and value of pen tests beyond bug counts.
Reasoning Agents Impress But Have Limits
- Early AI pentest demos showed multi-step reasoning agents that plan, execute, and iterate.
- Those agents were impressive but limited compared with human flexibility on complex SaaS products.
First Expo Demo Blew His Mind
- Brad recalled his first demo with Expo where he saw reasoning agents before mainstream large models.
- He was both thrilled by the tech and unsure how to apply it to complex production SaaS.