In the first blog post, I explained why we're building LLM agents for offensive security: the global shortage of pen-testers is large, growing, and unlikely to close on its own. In the second post, I showed how the field has moved from single-host attacks to full enterprise-network compromises. I ended that post with an uncomfortable pair of questions: if full automation does become feasible, what does it mean for the balance between attackers and defenders, and what does it mean for the security workforce?

Those questions are getting harder every day.

The Capability Threshold

A year ago, prototypes like Cochise and Incalmo were interesting mostly as empirical evidence: LLMs could compromise some enterprise network users under some conditions. In spring 2026 the picture looks rather different.

In our own experiments, a recent Cochise build using Gemini-3-Flash (Preview) reliably achieves domain dominance on 1-2 of the three enterprise domains in our GOAD testbed while costing less than two Euros. In April 2026, Anthropic unveiled Claude Mythos Preview, a model specialized for long-running coding and cybersecurity work. The UK AI Security Institute reports that Mythos Preview became the first model to complete a 32-step enterprise-network attack simulation, and Anthropic itself used Mythos Preview to find thousands of zero-day vulnerabilities across every major operating system and browser.

No single result is world-ending. But the question of "Can LLMs Hack Enterprise Networks" has been answered. They can. The interesting questions are now downstream.

The Attacker-Defender Balance

The obvious fear is that all of this benefits attackers more than defenders.

Attackers only need to succeed once, on one path; defenders have to cover every path, every time. Attacker workflows (reconnaissance, lateral movement, exploit iteration) also map naturally onto what LLM agents are already good at: pattern-matching findings under uncertain conditions. Defense, in contrast, demands reliability and correctness in ways that current LLMs still struggle with. In addition, attacking is typically cheaper than defending, e.g., we recently analyzed LLM-powered attacks against LLM-powered bug-fixing systems: the attacker's costs were 0.001% of the defender's costs.

I am cautiously positive in the long run. Better security testing will increase the overall security for everyone. In the short run, I think we should expect a genuinely uncomfortable transition period, in which offensive capability is growing faster than defensive capability can absorb.

What Does This Mean for Pen-Testers?

This is the question I find hardest, partly because the answer depends on what professional pen-testing actually is.

The commodity end of pen-testing is in trouble. A lot of real-world engagements are, functionally, "run a checklist against a network, find the low-hanging fruit, write up a report." That is exactly the kind of work LLM agents are getting better at, but at cheaper costs compared to human pen-testers.

The creative end is probably safer for now. Novel targets, unusual architectures, assumptions nobody has bothered to write down.. these still benefit enormously from a human who can ask strange questions and notice things that weren't in the training data. Good pen-testers have always been part researcher, and research is harder to automate than enumeration.

But this creates a pipeline problem. Juniors learn the craft by doing the commodity work. If that work gets automated away, where does the next generation of senior pen-testers come from? This isn't a hypothetical worry; it is exactly the conversation happening in software engineering right now, and I don't think anyone has a convincing answer yet.

My gut feeling is that the most useful near-term goal is augmentation rather than replacement. An LLM as a sparring partner, as an enumeration engine, as an on-demand expert for a tool you haven't touched in two years. This helps you learn, instead of preventing that by replacing you.

Where Do We Go From Here?

Defenders need to move quickly. Cybersecurity basics, such as patching, access control, logging, network segmentation, matter more, not less, in a world of AI-enabled attackers. Reducing attack surface becomes more important than before as it reduces the attacker's leverage. The AISI evaluation explicitly notes that Mythos Preview can only exploit systems with weak security posture. Which, unfortunately, is most of them.

We need to take the workforce transition seriously. Not in a hand-wavy "AI will create new jobs" sense, but concretely: how does the pipeline from junior to senior pen-tester survive the automation of commodity work? Not asking the question is the worst option.

None of this is particularly reassuring, and I'm aware this post has fewer answers than the previous two. The first two posts were about where we came from and how we got here. This one is about the part that is still being written, and I would rather not pretend I know how it ends.