Friends Friday Recap: How AI Is Reshaping Offensive Security And Why Humans Still Matter

The latest PlexTrac Friends Friday podcast episode brought together host Dan DeCloss, PlexTrac’s founder and CEO, and returning guest Rey Bango, a seasoned penetration tester and educator from a Fortune 100 telecommunication company. Dan and Rey revisited a topic from their last podcast episode, over 18 months ago, on how artificial intelligence is reshaping offensive security. This time around, they dove deeper into what’s changed in the past year and half as it pertains to AI, and how tools like PlexTrac are helping security teams stay efficient and human-focused in the process.

Kicking Things Off: The Pace of AI Innovation

Dan opened the session with the energy that has made Friends Friday a community favorite: “It’s moving so fast,” he said, teeing up the theme of the day. Rey agreed that AI’s velocity has surprised even the most seasoned practitioners.

When Rey was last on the show, AI in offensive security was still experimental. Today, as both noted, it’s become embedded in how professionals code, test, and report. “We were talking about what could happen,” Dan reflected. “Now it’s what is happening.”

When Machines Meet Manual Expertise

Rey shared how he uses AI in his daily penetration testing work, such as generating vulnerable demo apps for educational use to troubleshooting findings faster. But he emphasized the importance of oversight. Even the most capable AI agents need validation.

Dan jumped in with a nod to PlexTrac’s philosophy: AI should enhance, not replace, expertise. That’s why the PlexTrac platform leverages AI-assisted writing to streamline reporting while keeping analysts in control. “Anything we can automate, we should,” Dan said, “but it’s never about removing the human from the loop.”

Together they framed AI not as a threat but as a force multiplier, reducing friction in documentation and analysis while freeing practitioners to focus on the creative, critical thinking that drives real security impact.

The Double-Edged Sword of Automation

The conversation turned naturally to how attackers are also benefiting from these same efficiencies. Rey described seeing phishing attempts that were grammatically perfect and visually flawless. In fact, he referred to them as, “So convincing I had to double-check everything.”

Dan tied this back to why PlexTrac exists: to help security teams operationalize collaboration between red and blue teams, so they can spot patterns, validate findings, and measure risk faster than adversaries can exploit it. The two agreed that human intuition paired with structured reporting and evidence management is still the best defense.

Guardrails, Bypasses, and the New Testing Frontier

The hosts dove deeper into the emerging field of AI system testing. Pentesters now find themselves probing large language models for prompt-injection vulnerabilities and guardrail failures, much as they once tested for SQLi and XSS.

Courses like Jason Haddix’s Attacking AI are arming professionals with those skills. “This is the next generation of offensive testing,” Dan noted, adding that PlexTrac’s flexible reporting engine allows teams to track findings from any new domain, like LLM security, without retooling their workflow.

Staying Grounded Amid Deepfakes and Disinformation

The episode broadened into the societal implications of AI: manipulated video, election interference, and deepfake scams. Rey urged listeners to verify before reacting, while Dan highlighted how PlexTrac’s customers in critical industries are already thinking about resilience beyond the technical layer—training employees, verifying media, and preparing for the human side of cyber risk.

Looking Ahead: Collaboration, Education, and Efficiency

As the conversation wrapped, Rey shared his excitement about teaching again through his new YouTube channel, while continuing to contribute to open-source security projects. Dan closed the loop by reminding listeners that PlexTrac was built to bridge knowledge sharing, helping experts like Rey document, communicate, and automate insights so the entire team benefits.

“Efficiency doesn’t mean cutting corners,” Dan said. “It means giving experts the time to do what only humans can do.”

Key Takeaways

• AI is accelerating both sides of the cybersecurity battle, but the advantage goes to teams who integrate it thoughtfully.
  
• Human validation remains essential; automation should complement judgment, not replace it.
  
• PlexTrac’s AI-enhanced reporting exemplifies how structured tools can multiply output without sacrificing accuracy.
  
• Verification is the new vigilance,whether reviewing phishing emails or viral videos.
  
• Continuous learning—from AI prompt testing to modern red teaming—is now a core security skill.
  

Watch the Full Episode

Catch the full Friends Friday conversation, The Evolution of AI in Offensive Security: What Still Holds True?, on PlexTrac’s LinkedIn channel.

PlexTrac Team Editorial Group At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.