In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition.

Was it just pen testing with a portal? Continuous testing? Cheaper delivery?

We break down what PTaaS was meant to be, how it evolved, and why it seems to have faded, without ever being clearly defined.

Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community.

In this episode of Let’s Talk Security Testing, we break down what the announcement actually means for application security teams, whether it represents real progress or just another wave of industry hype.

We also dive into one of the hardest problems in security testing - business logic flaws, and discuss whether tools can realistically detect them.

Finally, we play a game: build an AppSec programme with only $10, exploring the trade-offs security teams face when budgets are limited.

AI is reshaping how software is built. But is it reshaping how it’s secured?

In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing.

We cover:

• The reality of AI in modern development pipelines
• The current maturity of AI-powered pentesting
• How buyer expectations are shifting
• Whether pentesting is evolving or simply being rebranded

For CISOs, Heads of AppSec, and security leaders trying to make sense of the noise, this is the grounded perspective you need.