Saved in:
| Main Author: | |
|---|---|
| Format: | Recurso digital |
| Language: | English |
| Published: |
Zenodo
2026
|
| Online Access: | https://doi.org/10.5281/zenodo.18637846 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- <p><em><span>Penetration testing is a key process for identifying vulnerabilities within organizational systems, simulating real-world cyberattacks to uncover weaknesses before exploitation. These tests often generate extensive reports with numerous findings, making it challenging for organizations to determine which vulnerabilities should be addressed first. Limited resources such as time, budget, and skilled personnel further complicate prioritization. Traditional approaches, relying mainly on technical severity scores, often fail to capture the full business impact, operational criticality, and organizational priorities, leaving critical risks unaddressed. </span></em></p> <p><em><span>This research proposes an AI-assisted framework to enhance post-penetration testing vulnerability prioritization as a decision-support tool rather than a replacement for human expertise. By integrating technical severity with organizational and contextual factors such as business impact, asset criticality, exploit likelihood, and resource constraints, the framework provides explainable AI recommendations to assist security teams. The approach aims to improve remediation efficiency, strengthen risk management, and align vulnerability prioritization with strategic organizational objectives, demonstrating how AI can complement human decision-making to achieve more resilient cybersecurity postures. </span></em></p>