95% of Enterprises Prioritize Pentesting, Yet Only 32% of Attack Surfaces Are Tested, New Synack and Omdia Research Finds

Rhea-AI Summary

Synack (NASDAQ:TTGT) and Omdia released "The 2026 State of Agentic AI in Pentesting," showing a major testing coverage gap: enterprises test only 32% of their global attack surface, leaving 68% untested.

The study of 200 U.S. security leaders finds 87% are actively planning, piloting, or using agentic AI, 95% rank pentesting as a top priority, and 95% expect agentic AI to displace traditional pentesting to some degree.

Positive

• 95% of organizations rank pentesting as a top priority
• 87% are actively planning, piloting, or using agentic AI for pentesting
• 64% prefer an agent-led model with human oversight, supporting hybrid solutions

Negative

• Only 32% of global attack surfaces are currently tested, leaving 68% untested
• 95% expect agentic AI to displace traditional pentesting, pressuring legacy service models

Key Figures

Pentesting priority: 95% Attack surface tested: 32% Environment untested: 68% +5 more

8 metrics

Pentesting priority 95% Organizations ranking pentesting as a top priority

Attack surface tested 32% Average proportion of global attack surface currently tested

Environment untested 68% Portion of enterprise environment left untested

Surveyed leaders 200 Number of U.S. security leaders in primary research

Using/plan agentic AI 87% Organizations planning, piloting, or using agentic AI for pentesting

Expect AI to displace pentesting 95% Organizations anticipating displacement of traditional pentesting services

Significant displacement 49% Organizations expecting complete or significant displacement by agentic AI

Agent-led preference 64% Organizations preferring agent-led, human-oversight model

Market Reality Check

Price: $3.85 Vol: Volume 474,433 is below t...

normal vol

$3.85 Last Close

Volume Volume 474,433 is below the 571,973 20-day average (relative volume 0.83x). normal

Technical Shares at $3.80 are trading below the $5.80 200-day MA and far under the $15.55 52-week high.

Peers on Argus

Two peers in related IT services, CNDT and LZMH, appeared on momentum scans with...

2 Up

Two peers in related IT services, CNDT and LZMH, appeared on momentum scans with gains of about 4.31% and 5.52%, respectively, while TTGT showed no pre-news price move, suggesting stock-specific drivers around Omdia/Synack research rather than a clear sector rotation signal.

Historical Context

5 past events · Latest: Mar 17 (Positive)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Mar 17	AI solutions launch	Positive	+3.0%	Launch of AI Visibility Audit and GEO Topic Planner for B2B brands.
Mar 11	Full-year earnings	Negative	+8.0%	Flat revenue, higher Adjusted EBITDA, but large goodwill impairment-driven net loss.
Mar 11	Media behavior study	Positive	+8.7%	Omdia research on rising mobile-video multitasking among older US viewers.
Mar 10	PC market outlook	Negative	-3.8%	Omdia forecast for 12% decline in 2026 PC shipments amid supply issues.
Mar 04	Smartphone outlook	Negative	+0.0%	Omdia projection of 7% drop in 2026 smartphone shipments and downside risks.

Pattern Detected

News tied to AI and data/insight launches has often coincided with positive moves, while some negative industry forecasts have been absorbed with only modest or mixed reactions.

Recent Company History

In recent months, TTGT-related news has centered on AI offerings, macro tech forecasts from Omdia, and 2025 financial results. An AI-focused content launch on Mar 17, 2026 saw a +2.98% move, while 2025 earnings with flat revenue but higher Adjusted EBITDA and a large goodwill impairment coincided with a +7.97% reaction. Omdia’s forecasts for declines in PCs and smartphones produced mixed market responses. Today’s agentic AI pentesting report continues the theme of leveraging AI-driven research and tools across TTGT’s information assets.

Market Pulse Summary

This announcement highlights growing enterprise demand for continuous, AI-driven penetration testing...

Analysis

This announcement highlights growing enterprise demand for continuous, AI-driven penetration testing, with 95% of organizations prioritizing pentesting but testing only 32% of their attack surface. For TTGT, it reinforces Omdia’s role in surfacing data on AI and security trends, complementing earlier AI-focused product launches and industry forecasts. Investors may watch how TTGT further integrates such research into its offerings and how enterprises adopt agentic AI models for offensive security at scale.

Key Terms

pentesting, agentic AI, attack surface, offensive security

4 terms

pentesting technical

"leader in human-led and AI-powered penetration testing, and Omdia..."

Penetration testing, often called pentesting, is when security professionals simulate real cyberattacks on a company's systems, networks or applications to identify vulnerabilities before malicious actors can exploit them. For investors, pentesting matters because it helps lower the chance of costly data breaches, regulatory penalties and reputational harm — like a home inspection that uncovers hidden problems before you buy — and signals proactive risk management.

agentic AI technical

"The 2026 State of Agentic AI in Pentesting," revealing a major gap..."

Agentic AI refers to computer systems that can make their own decisions and take actions without needing someone to tell them what to do each time. It's like giving a robot a degree of independence to solve problems or achieve goals on its own, which matters because it could change how we work and interact with technology in everyday life.

attack surface technical

"they are currently testing only 32% of their global attack surface on average."

The attack surface is the collection of points where a company's digital systems, devices, or networks can be accessed, misused, or breached — think of it as the number of doors and windows a thief could try. A larger or more complex attack surface raises the chance of a costly security breach, which can lead to direct losses, regulatory fines, and damage to customer trust and the company's stock value, so investors watch it as a measure of operational and cybersecurity risk.

offensive security technical

"shift from traditional pentesting to agentic, AI-driven offensive security..."

Offensive security is the practice of proactively testing and simulating attacks on an organization’s systems and networks—using controlled hacking, penetration testing, and red‑team exercises—to find weaknesses before real criminals do. Investors care because these activities lower the chance of costly data breaches, regulatory fines, and business interruptions; companies that actively test and fix vulnerabilities can better protect revenue and reputation, making their financial outlook and risk profile more predictable.

AI-generated analysis. Not financial advice.

Growing attack surfaces and increasing AI use by adversaries outweigh concerns over AI guardrails

REDWOOD CITY, Calif., March 19, 2026 /PRNewswire/ -- Synack, the leader in human-led and AI-powered penetration testing, and Omdia, a technology research firm, released a new report, "The 2026 State of Agentic AI in Pentesting," revealing a major gap between security priorities and real-world testing coverage. While 95% of organizations rank pentesting as a top priority, they are currently testing only 32% of their global attack surface on average.

This massive security gap leaves 68% of the enterprise environment untested, creating significant blind spots as AI-enabled adversaries become more prevalent. The primary research study, commissioned by Synack, surveyed 200 U.S. security leaders to understand how organizations are adopting agentic AI to overcome the scalability limits of traditional, manual pentesting. This disconnect highlights a structural limitation in traditional pentesting models, which cannot scale with the speed and complexity of modern cloud and AI-driven environments.

The report signals a fundamental shift from traditional pentesting to agentic, AI-driven offensive security while maintaining a human in the loop.

"This research proves the industry is ready to move beyond the twice-a-year pentest model," said Jay Kaplan, Synack CEO and Co-founder. "We founded Synack on the idea that security requires machine speed for breadth and human judgment for creativity. This report confirms the market is catching up to that reality. Continuous, agent-led testing with human oversight is how the modern enterprise will stay ahead of today's sophisticated threats."

Dr. Mark Kuhr, Synack CTO and Co-founder, added, "AI delivers scale and coverage, but real-world risk still requires human creativity. By combining agentic AI with our elite Synack Red Team, we enable continuous testing that reflects how attackers actually operate."

"The data shows a clear disconnect—security leaders know pentesting is critical, yet most of their environment remains untested," said Angela Heindl-Schober, CMO at Synack. "That gap is redefining how organizations approach offensive security. Agentic AI is not a future concept—it's becoming the only scalable way to continuously test modern, dynamic environments."

Key Findings from the 2026 Research

• The findings underscore a growing urgency for enterprises to rethink how they approach continuous security testing.
• 87% of organizations have moved beyond evaluation and are actively planning, piloting, or using agentic AI for penetration testing.
• 95% of organizations anticipate that agentic AI will displace traditional pentesting services, though the degree varies: 49% expect complete or significant displacement.
• 64% of organizations prefer an agent-led, human-oversight model, combining machine scalability with a human safety net.
• 87% of leaders trust agentic AI, yet 93% state that comprehensive guardrails and transparent decision-making are critical for safe operation.

The report serves as a call to action for security teams aiming to improve remediation times and prove business value to leadership. By delivering a complete offensive security platform, Synack is helping CISOs transition to a dynamic, resilient security posture to match the scale and speed of the modern threat landscape. As enterprises face AI-driven threats, closing the pentesting coverage gap will be a defining priority for modern cybersecurity.

Where to Get the Report

The full report, "The 2026 State of Agentic AI in Pentesting," is available for download at [https://go.synack.com/ai-pentesting-report-omdia].

About Synack

Synack is the leader in human-led and AI-powered penetration testing, transforming offensive security to help organizations proactively reduce risk, stay compliant and defend against evolving cyber threats. Synack harnesses agentic AI innovations and a talented, vetted community of security researchers to deliver continuous penetration testing and autonomous vulnerability management. Founded by former NSA operatives, Synack has enabled nearly 10 million hours of expert testing to protect critical assets, from global financial systems to U.S. Defense Department networks. Learn more at www.synack.com.

About Omdia

Omdia, part of TechTarget, Inc. d/b/a Informa TechTarget (Nasdaq: TTGT), is a technology research and advisory group. Our deep knowledge of tech markets grounded in real conversations with industry leaders and hundreds of thousands of data points, make our market intelligence our clients' strategic advantage. From R&D to ROI, we identify the greatest opportunities and move the industry forward.

View original content to download multimedia:https://www.prnewswire.com/news-releases/95-of-enterprises-prioritize-pentesting-yet-only-32-of-attack-surfaces-are-tested-new-synack-and-omdia-research-finds-302718985.html

SOURCE Synack

FAQ

What did Synack and Omdia find about pentesting coverage in the March 19, 2026 report for TTGT?

Enterprises test an average of 32% of their global attack surface, leaving 68% untested. According to Synack, this gap creates blind spots as AI-enabled adversaries increase in sophistication.

How many organizations are using or planning agentic AI for pentesting, per Synack's March 19, 2026 report?

87% of organizations have moved beyond evaluation and are planning, piloting, or using agentic AI for pentesting. According to Synack, this signals rapid adoption to improve scale and coverage.

What proportion of firms expect agentic AI to replace traditional pentesting, according to the 2026 study tied to TTGT?

95% of organizations anticipate agentic AI will displace traditional pentesting to some degree, with 49% expecting complete or significant displacement. According to Synack, the degree of change varies by use case.

Does the Synack report recommend human oversight for agentic AI pentesting for TTGT investors?

Yes. 64% of organizations prefer an agent-led model with human oversight to balance scale and judgment. According to Synack, human-in-the-loop approaches help manage risk and creativity in testing.

What operational concerns do security leaders have about agentic AI in the March 19, 2026 Synack study?

93% of leaders say comprehensive guardrails and transparent decision-making are critical for safe operation. According to Synack, trust depends on clear controls and auditability for agentic systems.

How does the report frame the business opportunity for Synack (TTGT) in 2026?

The report frames a shift to continuous, agentic AI testing with human oversight as an emerging market need. According to Synack, this positions their hybrid platform to address scale, coverage, and remediation demands.