// NEXUSVOID RESEARCH & ANALYSIS

<- ALL RESEARCH & ANALYSIS

NexusVoid AI Research

Why AI-Built Apps Need a Different Pentest

AI writes code faster than anyone secures it, and the failure modes are new. Prompt injection, over-permissioned agents, secrets in generated code, and attacks on the AI assistant itself sit outside a standard pentest. Here is what testing an AI-built app should actually cover.

VAPT, AI security, pentesting, AI-generated code, prompt injection, application security

RESEARCH · Evidence synthesis. Primary sources and our prior analysis are linked throughout.

AI now writes a large and growing share of production code, and it writes it faster than anyone is securing it. The problem for anyone shipping an AI-built app is that the failure modes are new. A penetration test built for human-written web apps will confirm you are safe against yesterday's threat model and stay quiet about the one that actually applies to you.

The classes of bug that AI-built apps introduce, prompt injection, over-permissioned agents and tools, secrets baked into generated code, and attacks that ride the AI assistant itself, sit largely outside what a standard scan or checklist pentest looks for.

The velocity gap

In our review of 23 studies on AI-generated code, a consistent share of AI output shipped with security weaknesses, and the pass rate did not improve across model generations. Meanwhile the cadence and scope of security testing has not changed to match. Code is being produced in a new way and tested in the old one.

What a standard pentest misses on an AI-built app

None of these is hypothetical. All were documented in the field in 2026:

  • Prompt injection. Untrusted text becomes instructions the app acts on. We covered a case of prompt injection redirecting AI-agent crypto payments, and one where a public GitHub issue pulled data from private repositories.

  • Over-permissioned agents and tools. An agent with real access reads attacker-controlled input and acts on it. Scoping, not cleverness, is the control.

  • The build pipeline itself. The assistant writing your code is attack surface. See GhostApproval, where an approved file edit was redirected to run code, and DuneSlide, where a single prompt ran code in the Cursor editor.

  • Secrets and unsafe defaults in generated code. AI-assisted repositories leak credentials and ship insecure defaults at a higher rate, and those rarely appear on a standard web-app test plan.

  • Scanners that can be fooled. The tools meant to catch this are themselves evadable, as with SkillCloak.

What a pentest for AI-built apps should cover

Everything a good application pentest already does, plus the AI-specific surface:

  • Prompt-injection and jailbreak testing of every LLM-backed feature, including indirect injection through data the model reads.

  • Agent and tool permission review: what can each tool reach, and what happens when its input is hostile.

  • Data-flow tracing from untrusted input to any privileged or irreversible action.

  • Secrets in generated code and git history, and the security of AI dependencies and connected tools.

  • The human-approval gates themselves: can an approval be bypassed or redirected, as GhostApproval showed.

The honest caveats

  • A pentest is a point in time, and the AI threat landscape moves quickly. Our analysis of exposure windows is the argument for testing continuously rather than once.

  • Not every AI feature carries the same risk. Depth should follow what the model can actually reach and do.

  • Testing finds problems; it does not fix them. The report has to be actionable, not just a list.

Where this fits

This is the threat model our VAPT is built for. It tests the AI-specific surface above alongside the standard application checks, and it produces the report you can hand to a customer or an auditor. If you are shipping an AI-built app, that is the coverage the old test plan does not give you.

DATA SOURCES

Nexus Void AI-generated code evidence review (23 studies); Nexus Void Cyber News coverage, 2026; OWASP Top 10 for LLM Applications

Liked this post? Share it:

Related posts

Related posts appear on the live page

VIEW ALL RESEARCH ->

// FROM THE LAB

Pentesting is easy and affordable now.

Continuous VAPT you can run every month, with a report built for AI-built apps.

RUN A VAPT ->

// CYBER NETWORK

Shape the next analysis.

A curated network of security practitioners who help set our research agenda. By application.

APPLY TO JOIN ->

Get new research first

We publish original analysis and experiments on how attackers actually move. Follow along:

PAGE CONTENTS

Contents appear on the live page