In this episode of Let’s Talk Security Testing, we revisit PTaaS (Pen Testing as a Service) — a buzzword that never quite settled on a definition.

Was it just pen testing with a portal? Continuous testing? Cheaper delivery?

We break down what PTaaS was meant to be, how it evolved, and why it seems to have faded, without ever being clearly defined.

Anthropic recently announced a new code analysis capability that’s sparked a lot of discussion across the AppSec community.

In this episode of Let’s Talk Security Testing, we break down what the announcement actually means for application security teams, whether it represents real progress or just another wave of industry hype.

We also dive into one of the hardest problems in security testing - business logic flaws, and discuss whether tools can realistically detect them.

Finally, we play a game: build an AppSec programme with only $10, exploring the trade-offs security teams face when budgets are limited.

AI is reshaping how software is built. But is it reshaping how it’s secured?

In this episode, we’re joined by NCC Group to explore what’s really happening across the AppSec landscape. From AI adoption in development workflows to the rise of AI-driven pentesting tools, we unpack what’s progressing, and what’s still marketing.

We cover:

• The reality of AI in modern development pipelines
• The current maturity of AI-powered pentesting
• How buyer expectations are shifting
• Whether pentesting is evolving or simply being rebranded

For CISOs, Heads of AppSec, and security leaders trying to make sense of the noise, this is the grounded perspective you need.

Agentic AI is the latest shift in application security, but how much of it is delivering real results?

In this episode, we break down:

- What “agentic” really means in AppSec

- Where agentic workflows are genuinely adding value

- The limits of automation, and where human expertise still leads

- How enterprises are adopting it without overcommitting

If you’re trying to separate practical capability from future promise in AI-driven security, this one’s for you!

Is AI Pentesting Just DAST in Disguise? 🤖💥

Everyone’s talking about AI-powered pentesting - but is it actually useful, or just dressed-up DAST?

In this episode, we dig into:

- What AI tools really test (and what they miss)

- Why they sometimes look better than they are

- Hallucinations, pricing, and trust

- How they compare to micro pen tests and manual reviews

If you’re trying to make sense of AI in security testing, this one’s for you.

In Season 2, Episode 9, we ask a big question: does the Change Advisory Board (CAB) still have a place in today’s fast-moving DevSecOps world?

Traditionally seen as a gatekeeper for risk, CABs are often accused of slowing things down, blocking innovation, and creating more process than value.

But can AI shift the role of CAB from bottleneck to enabler? We explore what a modern, AI-assisted CAB could look like, and whether change governance can finally move at the speed of development.

In Season 2, Episode 8, we throw planning out the window and build a web app purely on vibes. No specs, no structure, just straight-up code. Then, we do what any responsible team would do... we try to hack it. In this live pen testing session, we explore what happens when code is written without rules, and whether security still holds up under pressure.

In Season 2, Episode 7, we put human intuition to the test against machine precision. As AI tools become more embedded in secure design workflows, we ask the big question: can AI threat model as well as a real human?

We pit a seasoned pentester against our own AI tool in a live challenge, and the results might surprise you.

👉 Try the tool for yourself: https://www.cytix.io/change-analysis-tool