The Expert View: Why the Annual Penetration Test Is No Longer Enough to reduce API security risk

One attendee at a recent TEISS dinner briefing at the House of Lords had 4,000 API endpoints across their organisation. Keeping an inventory of them was already a challenge. Testing them in any meaningful, continuous way was something else entirely. That admission set the tone for a discussion – hosted by Equixly – that ranged across API sprawl, MCP security, and why the annual penetration test has become, in the words of one participant, ’barely useful.’

 

Mattia Dalla Piazza, CEO and co-founder of Equixly, described the frustration that led to founding the company: pen test reports arriving after the IT estate had already moved on, the same API vulnerabilities appearing repeatedly, and no tool capable of understanding application context at the scale modern environments demand. Equixly’s answer is an Agentic AI Hacker — a proprietary model purpose-built for continuous, autonomous offensive security testing across APIs, applications, LLMs, and MCP servers.

 

The challenge for security teams in the room, said Paul Harland, Senior Solutions Engineer at Equixly, is that the rest of the business is moving faster than ever. “Acceleration is the only moat,” he said. “Everything is getting faster, and embracing that seems to be the best way to compete.”

 

The end of point-in-time pen-testing

 

The traditional annual pen test was widely seen as obsolete. It always was a box-ticking exercise, one attendee argued, but at today’s pace of change it is barely useful. By the time results come back, the IT estate has moved on.

 

Continuous testing emerged as the clear direction of travel. What the discussion made clear is that the model is no longer aspirational. For organisations shipping code daily across thousands of endpoints, it is becoming a baseline requirement.

 

Developers prioritise delivery, attendees agreed, and security too often arrives late. “If you give a developer a requirement, security is not always a priority,” one participant said. “They want to deliver the product.” Several others reported “vibe-coded” applications going live, sometimes built inside business units to solve a niche problem and never reviewed by IT.

 

Even where development teams ship constantly, security budgets rarely keep pace, attendees said. Products still go live with single sign-on and multi-factor authentication “on the roadmap”, which makes it unsafe to assume any third-party API is secure by default. The board’s risk appetite sets the limit. Move too fast and things will go wrong; slow down and the competition pulls ahead.

 

APIs, MCPs and the AI attack surface

 

The rush to integrate AI through MCPs is opening new gaps, attendees said, because they are not being secured by default. With every vendor now offering an MCP server, the attack surface is widening rapidly. Manufacturing was given as a case in point: connecting operational technology to IT to stream data to the cloud has clear benefits but also exposes factories to cyber-threats that segregation used to contain.

 

Static code can be audited, but the code that runs dynamic AI agents cannot. Once an AI agent is making decisions in real time, the only meaningful check is functional testing of behaviour. That has implications for what assurance looks like, and the discussion suggested existing models will need to be rebuilt around it.

 

AI’s fluency made it useful, attendees said, but also a hazard. One participant gave the example of an AI tool given a codebase to read and confidently reporting back, when its context window was too small to ingest the whole thing. Convincing wrong answers can be worse than obvious ones.

 

One pragmatic response is to use AI in adversarial pairs, with one model checking another and confidence thresholds set high enough to be operationally useful. Equixly’s Oracle agent was offered as one example, checking whether vulnerabilities flagged in pen-testing are genuinely exploitable. Tier 1 SOC analyst work, several attendees said, was already largely automated because only AI could respond at the speed today’s threats require.

 

Longer-term questions

 

Two AI-related issues suggested reasons for concern in future. The first concerned the talent pipeline. Many businesses have stopped hiring graduates, attendees said, which raises the question of where the next generation of senior security experts will come from.

 

The second concerned the potential leap in AI models: a technology such as Anthropic’s Mythos, currently unreleased, is purported to be able to uncover vast numbers of security flaws across an organisation’s estate. Add to that the looming threat of quantum computing, and much of our security landscape could be rewritten in just a few years. That is well inside many organisations’ planning horizons.

 

Closing the discussion, Harland brought the conversation back to the immediate priority. “Businesses are more connected than ever, and the way they’re connected is through insecure APIs,” he said. “That’s a significant risk that we must address.” If there was one check to prioritise, he added, it was pen-testing, because it told you about real threats rather than theoretical ones. This is a principle that sits at the core of what Equixly was built to deliver, not a report that describes theoretical risk, but continuous, exploit-validated findings that reflect what an attacker could do in your environment today.

---

To learn more, please visit: www.equixly.com