Cobalt’s latest AI pentesting research shows security teams are testing AI apps more often, but serious LLM vulnerabilities still have the lowest fix rate of any category. The useful lesson is not to abandon automation, but to connect AI security tests to ownership, triage, and retesting.