Journal: Volume 30, No. 3, 2025
Pages: 47 – 60
DOI: https://doi.org/10.62660/bcstu/3.2025.47
1,104 Views

Possibilities and limitations of artificial intelligence in vulnerability testing: Effectiveness of the approach as opposed to traditional pentesting

Igor Rudenko
Received 04.03.2025
Revised 28.07.2025
Accepted 15.09.2025

Abstract

The research relevance is determined by the growing threats in cybersecurity, which require improved methods of detecting vulnerabilities in software, with the help of the latest technologies such as artificial intelligence (AI). The study aimed to determine the effectiveness of AI for vulnerability testing as an alternative to traditional security testing methods, particularly pentesting. To achieve this goal, machine learning algorithms were analysed, a hybrid model for vulnerability detection was developed, and the use of intrusion detection and prevention systems, automated approaches to software testing, and application interface security was addressed. The study determined that decision trees quickly classify traffic but overlearn; support vector machines accurately analyse logs but are sensitive to settings; naive Bayesian classifiers effectively filter messages but are limited by assumptions; neural networks and deep learning detect complex threats but require a lot of data; the k-nearest neighbours’ algorithm is suitable for small systems but slow; and random forests are accurate in code analysis but less interpretable. AI is fast and scalable but limited in understanding context and responding to new threats. The results showed that pentesting prevailed in detecting complex vulnerabilities, and the hybrid machine learning model achieved 93% accuracy and 100% prediction accuracy but missed 17% of vulnerabilities. For their part, cybersecurity technologies such as application interface testing, bug bounty programmes, security integration into development, intrusion detection systems, end-to-end encryption, IoT security and phishing are also effective, but need to be adapted to new threats. The results of the study can be used by cybersecurity companies, software developers, and security engineers to improve vulnerability testing and cyber threat protection processes, including with the help of AI-based tools

Keywords

machine learning algorithms; hybrid analysis models; intrusion detection and prevention systems; software verification automation; application interface protection; attack simulation scenarios

References

  1. Akinyemi, A.M., & Sims, S. (2025). Role of artificial intelligence in modern cybersecurity vulnerability management practices. World Journal of Advanced Research and Reviews, 26(1), 555-584. doi: 10.30574/wjarr.2025.26.1.1028.
  2. Almajali, A., Al-Abed, L., Yousef, K.M., Mohd, B.J., Samamah, Z., & Abu Shhadeh, A.I. (2024). Automated vulnerability exploitation using deep reinforcement learning. Applied Sciences, 14(20), article number 9331. doi: 10.3390/app14209331.
  3. Almheiri, H.M., Ahmad, S.Z., Abu Bakar, A.R., & Khalid, K. (2024). Artificial intelligence capabilities, dynamic capabilities and organizational creativity: Contributing factors to the United Arab Emirates government’s organizational performance. Journal of Modelling in Management, 19(3), 953-979. doi: 10.1108/JM2-11-2022-0272.
  4. Andani, M., Triloka, J., Irianto, S.Y., & Nugroho, H.W. (2025). Comparison of K-nearest neighbor, naive bayes, random forest algorithms for obesity prediction. SinkrOn, 9(1), 502-510. doi: 10.33395/sinkron.v9i1.14478.
  5. Arifin, S., Wijonarko, D., Faisal, M., Pratama, M.N., & Prasetyo, P.W. (2025). Text data security through double encryption: Implementation of unimodular hill cipher and advanced encryption standard. International Journal on Advanced Science Engineering and Information Technology, 15(2), 444-455. doi: 10.18517/ijaseit.15.2.20424.
  6. Awad, A., Qutqut, M.H., Ahmed, A., Alhaj, F., & Almasalha, F. (2024). Artificial intelligence role in software automation testing. In Conference: 2024 international conference on decision aid sciences and applications (DASA) (pp. 1-6). Manama: IEEE. doi: 10.1109/DASA63652.2024.10836630.
  7. Bharti, S. (2024). Intrusion detection and prevention systems (IDS/IPS) for OS protection. Interantional Journal of Scientific Research in Engineering and Management, 8(4), 1-5. doi: 10.55041/IJSREM31718.
  8. Capelli, G., Verdi, D., Frigerio, I., Rashidian, N., Ficorilli, A., Grasso, S.V., Majidi, D., Gumbs, A.A., Spolverato, G., & Taher, H. (2023). White paper: Ethics and trustworthiness of artificial intelligence in clinical surgery. Intelligence & Robotics, 3(2), 111-122. doi: 10.20517/ais.2023.04.
  9. Cruz, E. (2025). Sustaining human vulnerability at the crossroads of the sciences of the self, artificial, and spiritual intelligence. Christian Perspectives on Science and Technology, 3. doi: 10.58913/OWHV7073.
  10. Karambelkar, A. (2025). Next generation firewall using IPS & IDS. International Journal for Research in Applied Science and Engineering Technology, 13(4), 2868-2874. doi: 10.22214/ijraset.2025.68804.
  11. Kudriashov, A. (2024). Artificial intelligence and security in 5G and 6G mobile technologies. Computer-Integrated Technologies: Education, Science, Production, 54, 236-242. doi: 10.36910/6775-2524-0560-2024-54-29.
  12. Kumar, A. (2025). Ethical hacking and penetration testing. International Scientific Journal of Engineering and Management, 4(4). doi: 10.55041/ISJEM02790.
  13. Liang, B.-H., Hwang, R.-H., Lin, J.-Y., & Chen, H.-H. (2025). Comprehensive vulnerability detection and malware infection testing strategies for IoT devices. IEEE Internet of Things Journal, 12(12), 20556-20571. doi: 10.1109/ JIOT.2025.3543819.
  14. Martin, R., Pava, R., & Mishra, S. (2024). Analyzing machine learning algorithms for antivirus applications: A study on decision trees, support vector machines, and neural networks. Issues in Information Systems, 25(4), 455-465. doi: 10.48009/4_iis_2024_135.
  15. Mayoral-Vilches, V. et al. (2025). CAI: An open, bug bounty-ready cybersecurity AI. Arxiv. doi: 10.48550/ arXiv.2504.06017.
  16. Nasir, M., & Pomeroy, J. (2025). Ethical hacking meets AI: Revolutionizing vulnerability assessments and penetration testingdoi: 10.13140/RG.2.2.25822.55368.
  17. Neelapu, M., & Pub, A. (2023). Enhancement of software reliability using automatic API testing model. International Journal of Multidisciplinary Research and Growth Evaluation, 4(3), 1113-1117.
  18. Nguyen, H.P., Zhi, C., Hasegawa, K., Fukushima, K., & Beuran, R. (2024). PenGym: Pentesting training framework for reinforcement learning agents. In Proceedings of the 10th international conference on information systems security and privacy (pp. 498-509). Rome: ScitePress. doi: 10.5220/0012367300003648.
  19. Pan, L., Cohney, S., Murray, T., & Pham, V.-T. (2024). EDEFuzz: A web API Fuzzer for excessive data exposures. In A. Paiva & R. Abreu (Eds.), Proceedings of the 46th IEEE/ACM international conference on software engineering (article number 45). New York: Association for Computing Machinery. doi: 10.1145/3597503.3608133.
  20. Pispa, A., & Halunen, K. (2024). Comprehensive artificial intelligence vulnerability taxonomy. European Conference on Cyber Warfare and Security, 23(1), 379-387. doi: 10.34190/eccws.23.1.2157.
  21. Pratama, D., Suryanto, N., Adiputra, A.A., Le, T.-T., Kadiptya, A.Y., Iqbal, M., & Kim, H. (2024). CIPHER: Cybersecurity intelligent penetration-testing helper for ethical researcher. Sensors, 24(21), article number 6878. doi: 10.3390/ s24216878.
  22. Putri, A.I., Husna, N.A., Mella, N., Arba, M.A., Aisyi, N.R., Pramesthi, C.H., & Irdayusman, A.S. (2024). Implementation of K-nearest neighbors, naïve bayes classifier, support vector machine and decision tree algorithms for obesity risk prediction. Public Research Journal of Engineering Data Technology and Computer Science, 2(1), 26-33. doi: 10.57152/predatecs.v2i1.1110.
  23. Riaz, S., Asif, A., Khan, Y., Ibrar, M., Afzal, S., Hamid, K., Gul, S., & Iqbal, M.W. (2025). Software development empowered and secured by integrating a DevSecOps designJournal of Computing & Biomedical Informatics, 8(2).
  24. Shvets, F., Soroka, V., Zoshchuk, V., Shvets, M., & Moroz, O. (2024). Artificial intelligence technologies in education: Opportunities and prospects for use. Bulletin National University of Water and Environmental Engineering, 2(106), 271-281. doi: 10.31713/ve2202425.
  25. Silomon, J., Hansel, M., & Schwartz, F. (2022). Bug bounties: Between new regulations and geopolitical dynamics. International Conference on Cyber Warfare and Security, 17(1), 298-305. doi: 10.34190/iccws.17.1.21.
  26. Singh, P., Agrawal, P.P., & Dolai, S. (2025). Recon automator: Enhancing cybersecurity reconnaissance with automation. International Journal for Research in Applied Science and Engineering Technology, 13(3), 2729-2735. doi: 10.22214/ijraset.2025.67932.
  27. Teo, S.A. (2025). Artificial intelligence, human vulnerability and multi-level resilience. Computer Law & Security Review, 57, article number 106134. doi: 10.1016/j.clsr.2025.106134.
  28. Thool, A., & Brown, C. (2025). Integrating DAST in Kanban and CI/CD: A real world security case study. ArXivdoi: 10.48550/arXiv.2503.21947.
  29. Trofymenko, O., Sokolov, A., Chykunov, P., Akhmametieva, H., & Manakov, S. (2024). AI in the military cyber domain. Technologies and Engineering, 4, 85-92. doi: 10.30857/2786-5371.2024.4.8.
  30. Wang, N., Pan, S., & Wang, Y. (2025). How can artificial intelligence capabilities empower sustainable business model innovation? A dynamic capability perspective. Business Process Management Journaldoi: 10.1108/BPMJ11-2024-1045.
  31. Wang, Z., Tian, W., & Cui, B. (2024). RESTlogic: Detecting logic vulnerabilities in cloud REST APIs. Computers, Materials & Continua, 78(2), 1797-1820. doi: 10.32604/cmc.2023.047051.
  32. Wylie, P., & Crawley, K. (2020). Building a pentesting lab. In P. Wylie & K. Crawley (Eds.), The pentester blueprint (pp. 65-81). London: John Wiley & Sons. doi: 10.1002/9781119684367.ch5.

Suggested citation

Rudenko, I. (2025). Possibilities and limitations of artificial intelligence in vulnerability testing: Effectiveness of the approach as opposed to traditional pentesting. Bulletin of Cherkasy State Technological University, 30(3), 47-60. https://doi.org/10.62660/bcstu/3.2025.47