WEB ATTACK

EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security

EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security

Penetration testing has long served as a cornerstone of cybersecurity—a red-team exercise, often once or twice a year, designed to surface exploitable weaknesses. But in today’s dynamic threat landscape, that model is showing its age.

Related: Pentesting in the AI era

Cloud-native architectures evolve hourly. APIs sprawl. Misconfigurations are exploited within days—sometimes hours—of deployment. Manual testing remains vital for uncovering complex flaws and chained exploits, but point-in-time audits simply can’t keep pace.

That gap has given rise to Penetration Testing as a Service (PTaaS)—a model that blends expert-led testing with automation and ongoing validation. PTaaS platforms enable faster testing cycles, integration with CI/CD pipelines, and retesting on demand. Reports from vendors like Strobes highlight how PTaaS delivers “platform-level transparency and operational alignment”—key traits that traditional models lack.

Meanwhile, AI is beginning to reshape workflows. Tools like PentestGPT and RapidPen show early potential to automate reconnaissance and even chain multi-step exploits. Yet these agents struggle with nuanced, high-context attack paths—where human judgment is irreplaceable. As one Reddit user noted: “Manual pentests are still the only option… until automated agentic AI becomes significantly better.”

Plainsea is one of the emerging players responding to this need. Founded in Sofia, Bulgaria, and profiled in The Recursive’s 2025 CEE cybersecurity report, Plainsea blends smart automation with continuous validation and expert oversight. It was the only vendor in the report featured in a full executive interview—underscoring its role in shaping the region’s shift toward continuous testing.

At Infosecurity Europe 2024, Plainsea demoed its “5-Minute Penetration Test”, which enables rapid vulnerability discovery and integrated remediation workflows. The platform is designed for MSSPs and internal teams, with full lifecycle coverage: scoping, discovery, collaboration, reporting, and retesting—all in one interface.

We spoke with Marko Simeonov, Plainsea’s CEO and founder, about why pen-testing is evolving—and what’s next.

LW: Why is point-in-time penetration testing no longer enough?

Simeonov: Penetration testing lives in a conundrum in the cyber world where it remains one of the most essential measures for evaluating critical systems’ security, performed by some of the most highly experienced professionals in the field with cutting-edge techniques to uncover vulnerabilities, yet its process for delivery and execution is vastly outdated. Compliance standards often require annual testing, which creates the illusion of safety. But in reality, that model simply can’t keep up with today’s velocity of change.

Systems nowadays evolve very quickly, new functionalities are being released on a regular basis, updates are constantly pushed, algorithms are aging, misconfigurations are common, integrations are growing, and quickly evolving threats and attack techniques are emerging. The solution organisations need is continuous penetration testing. Only with the breadth of penetration testing on a regular basis can organisations significantly decrease their risk of undiscovered exploitable vulnerabilities capitalized on by malicious actors.

LW: How does PTaaS change the equation—and what makes Plainsea’s model stand apart?

Simeonov: PTaaS delivers a solution for continuous penetration testing with a mixture of automated actions and techniques alongside expert validation and testing in high-priority systems. We at Plainsea provide a unified platform where internal security teams can manage the entire testing lifecycle – scoping, execution, communication, reporting, remediation, retesting – from a single interface. We’ve eliminated the patchwork of tools and manual handovers that slow teams down.

More importantly, Plainsea empowers security professionals of all levels. With built-in workflows and an AI companion, even junior testers or simply security experts with enough technical knowledge can initiate meaningful security checks, while senior experts focus their attention on high-stakes areas. It’s a layered approach that scales with organizations’ needs – and their team’s maturity.

LW: What’s the real advantage of “human-augmented” testing vs. fully automated scanning?

Simeonov: Automated scanners are plentiful on the market and have been available for quite a few years now. However, they are quite limited in the quality of vulnerabilities they can identify. They cover the very basic initial assessment of system security, but can often produce false positives which require human validation, lack human expertise and the ability to apply logic in a contextual setting, cover a very limited scope and are more of a fact-checking exercise rather than a human-driven process.

Human-augmented testing on the other hand is real penetration testing conducted via partially automated tools and methods like those in Plainsea, with findings then validated, prioritized, and tested by humans for the highest level of critical vulnerabilities.

LW: What makes your 5-Minute Pentest more than just a speed gimmick?

Simeonov: Our 5-minute pentest sounds appealing from a marketing standpoint, but beyond that it can actually showcase how effectively a person with limited penetration testing expertise can work alongside our AI companion to actually work through a real pentest and identify real vulnerabilities within a 5-minute time-frame. In other words its fast enough to fit into a coffee break, but powerful enough to uncover misconfigurations or weak spots before attackers do.

LW: Security teams are stretched thin. How is Plainsea helping organizations scale their capabilities?

Simeonov: Security teams today face an overwhelming task: protect more assets, respond to more alerts, and cover more attack surfaces — all with fewer people and tighter budgets. The shortage of skilled pen-testers only makes the challenge tougher.

Plainsea is built to ease that pressure. We give organizations the infrastructure to embed penetration testing into their day-to-day workflows – without needing to scale headcount at the same pace.

This allows organizations to confidently scale through technological advancements and critical system growth knowing that their risk of malicious exploitation of undiscovered vulnerabilities is significantly reduced through ongoing penetration testing.

LW: The Recursive featured Plainsea as a standout from CEE. How is that region shaping cyber innovation?

Simeonov

Simeonov: The CEE region is often overlooked, but it’s quickly becoming a proving ground for cybersecurity & defence innovation. We’re seeing a convergence of technical talent, global exposure, and real-world urgency that creates fertile ground for bold ideas.

Historically, CEE has always had to be resourceful. Companies here often operate with tighter budgets and leaner teams, which pushes them to innovate out of necessity. That mindset leads to pragmatic, efficiency-driven solutions – like ours at Plainsea – that solve real problems with minimal friction.

We’re also seeing more international investment and collaboration, particularly in sectors like AI security, offensive tooling, and cloud-native protection. Startups in Bulgaria, Romania, and Poland are already influencing global conversations around automation, threat intelligence, and secure development practices.

LW: What’s one blind spot in today’s security mindset that’s not getting enough attention?

Simeonov: Too many companies still treat security like an annual audit, not a daily habit. It’s like going to the gym once a year and wondering why you’re not in shape. That mindset is a blind spot – and it’s dangerous.

I would direct organizations towards thinking about security more as an effort such as penetration testing, rather than a check-box compliance exercise. A proactive approach for identifying vulnerabilities through partially automated testing alongside expert validation and testing can greatly reduce risk and help organizations stay ahead of the curve as their systems evolve throughout time.

Additionally, I would recommend that organizations research and invest in various AI security products and services considering the wave of AI usage for personal, as well as corporate needs. AI is a vastly powerful tool, yet comes with its own limitations and security concerns, especially for companies looking to utilize their proprietary knowledge and data in order to train and fine-tune local models.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post EMERGING TRENDS Q&A: Pentesting goes continuous as Plainsea joins wave reshaping security first appeared on The Last Watchdog.

Related Articles

The Ultimate Guide to Creating a Cybersecurity Incident Response Plan

The Ultimate Guide to Creating a Cybersecurity Incident Response Plan

Geotagging: 7 Tips to Navigating the Hazards and Consequences

Geotagging: 7 Tips to Navigating the Hazards and Consequences

Core Writing Word and Page Counts

Core Writing Word and Page Counts

Major Cyber Attacks in July 2025 SOCs Cannot Ignore

Major Cyber Attacks in July 2025 SOCs Cannot Ignore

© Copyright 2025, All Rights Reserved
Back to top button