Emerging threats

We support organisations striving to build a trustworthy, safe online environment where users can engage authentically in their communities.
Cross-sector corporatesWe support international government organisations and NGOs working to provide infrastructure or improve the capabilities, security and resilience of their nation.
International programmes and developmentWe support commercial organisations operating in a digital world, seeking to protect their reputation and prevent business disruption caused by cyber attacks and compliance breaches.
UK government and public sectorWe support UK government organisations responsible for safeguarding critical infrastructure, preserving public trust, and maintaining national security.



Rapid developments in AI have seen more companies adopting automated penetration testing to identify IT infrastructure vulnerabilities. Our security consultants are regularly asked about the effectiveness of AI in this space to automate what have usually been human-led and tech-supported services. The team here at PGI are pragmatic and always look to support our clients with the approaches that will provide the best value, so we spoke to them about the differences between a vulnerability scan, automated penetration testing and full human-led penetration testing.
Each type of testing provides a different level of detail and analysis in identifying vulnerabilities in your environment and how they could be exploited by attackers, so continue reading to find out the most effective way to safeguard your organisation’s systems and infrastructure.
A vulnerability scan is an out-of-the-box solution that can provide fast and regular reports highlighting any common vulnerabilities in your critical systems. However, unlike penetration testing, they don’t attempt to exploit these found vulnerabilities. What this means is that while a vulnerability scan is a good basic checkbox exercise, it falls short of determining whether detected vulnerabilities are exploitable in your environment, and whether they pose a significant threat to your organisation.
Penetration testing simulates real-world attacks a threat actor might attempt, analyses how difficult it would be to exploit the found vulnerabilities in your systems, and how significant the threat would be if the attack was successful. This helps your organisation to address critical risks before they can be leveraged by attackers.
To go into more detail on the difference between the two, take a look at this blog post we wrote.
Automated penetration testing uses specialised tools to replicate the process of manual human-led testing, aiming to perform as much of the assessment as possible without human input, making them generally cheaper and faster than a manual penetration test. However, in many cases, automated tools tend to be closer to what would be considered high-quality vulnerability scans rather than a full ‘manual’ penetration test, as they lack the capability to deliver comprehensive insights or tailored actions.
While automated penetration test software can identify weaknesses, it lacks the human contextual understanding needed to determine the real-world impact on an individual business, or severity of those issues, especially in complex environments. So, while tools might perform well in environments with basic security needs, they lack the adaptability and nuanced insights needed for more complex or diverse client situations.
True penetration testing is carried out by highly skilled testers who use a combination of tools, expertise, and creativity to analyse, exploit, and provide context for vulnerabilities.
Penetration testers offer a detailed analysis, often including proof-of-concept exploits and tailored remediation advice that automated tools cannot provide. Their ability to operate from a threat actor’s perspective allows them to understand the specific risks a vulnerability poses to the business. They will also consider factors like the company’s operations, systems, and industry for a more precise and actionable evaluation of risks for the organisation. So, while manual penetration tests are generally more expensive than an automated pen test or a vulnerability scan, they also can provide significantly greater value with proactive remediation. By addressing the identified vulnerabilities, you can reduce the potential risks and costs associated with data breaches or system compromises.
While automated tools are useful for routine scans and identifying common vulnerabilities quickly, full penetration testing is essential for ensuring depth, context, and addressing high-priority issues effectively, especially for organisations with complex or unique security requirements.
As a result, true, ‘manual’ penetration testing is far more comprehensive, effective in identifying complex risks, providing greater value through a deeper understanding of potential threats, and offering solutions tailored to your individual operational needs.
Read more about our flexible penetration testing services, or get in touch with us today to find out how we can help you mitigate risks with our flexible and tailored penetration testing services.


The world of cyber security has not escaped the shift brought about by rapid developments in AI. While these innovations are exciting and offer real benefits in terms of efficiency and scale, it's leading some to believe that it can replace human-led security testing all together.

Recent high-profile cyberattacks, including those affecting Jaguar and Heathrow, have highlighted a critical truth: cyberattacks don’t just impact the targeted organisation—they can ripple through the entire supply chain.

Building cyber resilience across the electoral cycleFrom biometric voter registration to real-time result dashboards, digital systems are increasingly underpinning every stage of the electoral process.