A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment


Vulnerability assessment (e.g., vulnerability identification and exploitation; also referred to as penetration testing) is a relatively mature industry, although attempting to keep pace with the diversity of computing and digital devices that need to be examined is challenging. Hence, there has been ongoing interest in exploring the potential of artificial intelligence to enhance penetration testing and vulnerability identification of systems, as evidenced by the systematic literature review performed in this paper. In this review, we focus only on empirical papers, and based on the findings, we identify a number of potential research challenges and opportunities, such as scalability and the need for real-time identification of exploitable vulnerabilities.