GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence

Mounia Zaydi; Yassine Maleh

doi:10.5220/0013378700003899

GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence

Mounia Zaydi, Yassine Maleh

2025

Abstract

Generative Artificial Intelligence (GAI), particularly Large Language Models (LLMs) like ShellGPT (SGPT), offers transformative potential in automating penetration testing (pentesting) tasks, enabling organizations to strengthen their cybersecurity defenses. This paper discusses the integration of GAI into pentesting workflows, covering phases such as reconnaissance, exploitation, and post-exploitation. GAI reduces manual effort by automating key tasks, such as dynamic payload generation and adaptive exploitation, which in turn accelerates the assessments and enhances the accuracy of vulnerability detection. Our case study will show how GAI-driven automation improves the efficiency of pentesting while reducing costs, thus making advanced security assessments available to organizations of all sizes. GAI integration will also overcome the pitfalls of traditional approaches that are intensive and expensive, hence putting small-scale organizations at risk. Application of GAI in virtualized environments provides a means to construct dynamic synthetic testbeds that further improve assessment robustness. These results prove that GAI can revolutionize pentesting into a scalable, adaptive, and cost-effective process. It concludes by emphasizing the role of GAI in democratizing proactive cybersecurity measures, making comprehensive security testing possible even for resource-constrained organizations.

Download

Paper Citation

in Harvard Style

Zaydi M. and Maleh Y. (2025). GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 426-433. DOI: 10.5220/0013378700003899

in Bibtex Style

@conference{icissp25,
author={Mounia Zaydi and Yassine Maleh},
title={GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={426-433},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013378700003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - GAI-Driven Offensive Cybersecurity: Transforming Pentesting for Proactive Defence
SN - 978-989-758-735-1
AU - Zaydi M.
AU - Maleh Y.
PY - 2025
SP - 426
EP - 433
DO - 10.5220/0013378700003899
PB - SciTePress