Skip to content
NOW AVAILABLE Learn About New Metrics Capabilities in PlexTrac Priorities Learn more >>

Unleash the Power of AI to Speed Pentest Reporting

See Plex AI in action

PlexTrac Founder and CTO Dan DeCloss hosted Nick Popovich, PlexTrac customer and owner of Rotas Security, in a webinar to introduce PlexTrac’s new AI capabilities: Plex AI. Plex AI is the industry’s first pentest report authoring AI assistant. Designed to securely generate findings descriptions and writeups and aggregate large data sets, Plex AI is taking reporting automation to the next level. 

Find out more about Plex AI including:

  • The value of Plex AI to scale report authoring 
  • The vision and roadmap for AI in the PlexTrac platform
  • The secure-by-design method used to build Plex AI

Watch the full webinar or read on for the highlights.

What Value Can Plex AI Provide Today?

PlexTrac was built by a pentester to ease the burden of report writing by automating the tedious, manual aspects of the process. Plex AI helps take that mission to the next level by further streamlining and automating the reporting workflow so service providers and enterprise teams can deliver even more value to stakeholders faster — and translate that efficiency into more and deeper testing. 

“Being able to find ways to be able to provide automation at scale that is reliable has been the constant Holy Grail. You’re trying to find ways to take all this data that you gather during testing, assessments, and even internally in organizations. Being able to find ways to curate data and present it well and at scale, too, with large amounts of data — because the more data you have, the more informed you can be as a risk professional. And so it’s been really exciting to see PlexTrac providing this solution. For me as someone who runs a business and feeds their family with pentesting practice, the ability to take data, package it up, and present it well means more work. When I was on large internal teams, it meant more efficiency, it meant the ability to do more with less and with less overhead,” explained Nick.

Dan continued, “The ability to go faster on the reporting lifecycle is just so critical. It keeps the teams focused on the testing and the automation around the actual test execution. Which extrapolating back to the reporting lifecycle, means that your customers are going to get more value out of their tests because you’re spending more time finding critical security issues. You’re able to schedule more tests throughout your calendar year, so that if you’re a service provider, that’s helping you generate more revenue. If you’re an enterprise team, it’s helping you get through more of your portfolio from your testing capabilities or requirements.”

So how does Plex AI extend the capabilities of PlexTrac’s solution? Plex AI auto-generates findings descriptions and recommendations, enhances existing writeups, and analyzes large data sets to create narrative sections based on your findings. Plex AI makes the benefits of generative AI available directly and securely in the platform where you already can consolidate your data, create the report, QA the report, and even share it with your stakeholders via the client portal. 

Nick explained the value he is seeing with the new capabilities: “Where we’re seeing so much use for this is in the exotic findings as we move more into hacking at PLCs and hacking its products. And when you’re hacking at clouds and when you’re doing assessments against findings that don’t fit a concise narrative, it’ll fit like a CWE or a category. But when you want to add in verbiage, I mean, let’s be real, everybody’s doing this already. When my consultants come across an interesting thing, where do they go first? They go to a generative AI. They put in a little prompt about the flaw that they found, they take the description, they take some of the remediations, and they tweak it out. They make sure it’s right, but it’s a catalyst for innovation and inspiration for them. And so the reality is, I don’t think there’s a professional who works in IT who has been exposed to generative AI in the last two years and doesn’t use it a lot. And so having it in the platform just makes sense. And I’m excited for it because of the number of exotic, maybe esoteric findings that we come across that just don’t come from a tool, they come from observation or experience. And those types of things are what you can really leverage these capabilities for.” 

What Is the Vision for AI in PlexTrac?

Plex AI is just the first step in PlexTrac’s vision of leveraging AI to support proactive security. The roadmap includes enhancements to Plex AI and additional AI capabilities to bring automation to multiple areas of the offensive security lifecycle. Soon you’ll be able to use AI in PlexTrac to gain even deeper insights into your findings and risk posture, enabling faster time to remediation and reduced risk. 

Dan explained the near-term goals for Plex AI: “As time goes on, it’ll continue to train and learn and grow, so that it makes everything more accurate and more applicable. So that’s just part of what’s next. We’ll continue to improve its model and its training capabilities. We use external sources of data today, but next, we will be able to provide, in a confined space within your tenancy, the ability to start learning on your reports. That’ll all be self-contained, but then it’ll continue to help learn how you write reports and how you write up your findings.” 

Is Plex AI Secure? 

The most asked question in the webinar and in general is about the security of Plex AI — and rightly so. Plex AI has been developed with a secure-by-design approach to ensure that your data and that of your clients and stakeholders are not compromised. 

Dan explained, “Currently, it’s using a private model that is based on an open-source LLM, and then we’re using industry data on top of it, including NIST, MITRE, CVE vulnerability databases. We’ll continue to throw in more intelligence feeds as we get going down the road. And so that is what is being used to train the publicly available, I say publicly available loose in terms of what’s available, within Plex AI. So that’s the data that it’s being trained on. We’re not contaminating any data across clients or tenants within Plex AI.”

Interested in finding out how Plex AI can cut your reporting time by up to 75%? Visit to learn more, see security FAQs, and request a demo.

Liked what you saw?

We’ve got more content for you

Request a Demo

PlexTrac supercharges the efforts of cybersecurity teams of any size in the battle against attackers.

See the platform in action for your environment and use case.