Research · 002 · Cybersecurity

AI in security and
physical penetration testing.

Two connected research areas. First: how AI is transforming security — threat detection, vulnerability assessment and automated defence. Second: the case for physical penetration testing and where Ernex is building toward in the security space.

Status: Research phase · Building methodology and credentials · 2026
$2.74bn
global penetration testing market value in 2025, growing at 12.5% annually
Fortune Business Insights · 2025
50%
of UK firms implemented penetration testing solutions in 2024, up from previous years
Straits Research UK Market Report · 2024
210%
growth in AI-related vulnerability reports in 2025 — the attack surface is expanding fast
HackerOne Security Report · 2025
30%
reduction in testing time when AI-powered pen testing tools are used alongside human testers
Straits Research · 2025
Area one

How AI is transforming
security operations.

The security industry is undergoing a fundamental shift. AI is moving from a tool that supports security analysts to one that actively conducts threat detection, vulnerability discovery and attack path mapping at a speed and scale impossible for human teams alone.

Agentic AI systems now handle intelligence gathering, policy analysis, compliance mapping and discovery pathways autonomously. The human tester's role is shifting toward verification, complex vulnerability analysis and the areas where contextual judgement still outperforms automation.

Automated reconnaissance: AI maps attack surfaces, identifies entry points and classifies data — reducing manual discovery time dramatically
Continuous testing: AI enables ongoing security validation rather than annual pen tests — catching vulnerabilities as they emerge
Threat intelligence: AI correlates data across sources to identify patterns and predict attack vectors before they're exploited
Incident response: AI-powered systems reduce response times and automate containment actions in the critical first minutes of a breach
Security technology systems

AI Security Systems · Research · 002 · Ernex Ltd · 2026

Area two

Physical penetration testing.
The human layer of security.

Digital security is only part of the picture. Physical penetration testing assesses the human and physical vulnerabilities that no firewall can address — tailgating, social engineering, RFID cloning, lock picking, access control bypass. These are the attack vectors that sophisticated actors use when digital routes are locked down.

Ernex is in active research and methodology development in this area. This is a long-term direction — building credentials, studying technique and preparing the groundwork for a formal physical security consulting capability.

Social engineering assessment: Testing whether staff follow security protocols when approached by convincing bad actors
Physical access control testing: Assessing the real-world robustness of locks, badges, biometric systems and access procedures
RFID and credential cloning: Testing whether contactless access systems can be exploited with widely available hardware
Onsite assessment methodology: Structured frameworks for scoping, executing and reporting physical security engagements
Physical security and penetration testing

Physical Security · Research · 002 · Ernex Ltd · 2026

The Ernex direction

Where this is
going.

Security is a long-term direction for Ernex — not a current service, but a serious and planned evolution. Here's what the roadmap looks like.

NOW · 2026
Research and methodology

Building the evidence base, studying physical pen testing methodology and exploring AI security integration. Active research phase.

NEXT · 2027
Credentials and licensing

Pursuing relevant certifications, SIA licensing and formal qualifications that underpin a credible security consulting capability.

FUTURE · 2027/28
First security engagements

Structured physical pen testing engagements for UK businesses, delivered under a clear methodology and formal engagement framework.

VISION · 2028+
Full security consulting

A serious, multi-discipline security consulting capability — combining AI security systems and physical assessment into end-to-end engagements.

← Back to all research Next: AI in Business →