The cybersecurity world has been moving fast with AI.

We now have tools that do more than scan systems. Some platforms can identify targets, choose test paths, generate payloads, validate vulnerabilities, collect evidence, and produce reports with minimal human involvement.

That is powerful.

But it also creates a new problem:

If a tool can perform penetration testing on its own, how do we make sure it stays safe, controlled, and within scope?

That is exactly the problem the new OWASP Autonomous Penetration Testing Standard, or OWASP APTS, is trying to solve.

How it worked before

Traditionally, penetration testing was human-led.

Security teams used tools, scanners, scripts, and frameworks, but the key decisions were made by people.

A human tester decided:

• what systems were in scope,

• what tests should be performed,

• whether exploitation was safe,

• whether a finding was valid,

• when testing should stop,

• what evidence should be reported.

Existing methodologies such as PTES, OWASP WSTG, and OSSTMM helped guide the testing process.

But those frameworks were mainly designed for a world where a human was still in control.

What changed

AI and autonomous testing platforms are changing that model.

The tool is no longer just assisting the tester. In some cases, it may start making decisions by itself.

That includes decisions like:

• selecting attack paths,

• generating payloads,

• chaining vulnerabilities,

• validating exploitability,

• escalating test depth,

• writing the report.

This creates risks that traditional pentesting methodologies do not fully address.

For example:

• What if the tool tests something outside the approved scope?

• What if it runs an unsafe payload?

• What if it misunderstands instructions?

• What if it gets manipulated by prompt injection?

• What if it produces confident but incorrect findings?

• What if sensitive data gets stored or exposed?

These are not just technical testing issues.

They are governance, safety, accountability, and trust issues.

What OWASP APTS is

OWASP APTS is a governance standard for autonomous penetration testing platforms.

It defines what these platforms should do to operate safely, transparently, and within defined boundaries. OWASP states that APTS applies whether the platform is vendor-delivered, provided as a service, or built internally by enterprise security teams.

It is important to understand what APTS is not.

It is not a hacking checklist.

It does not replace existing testing methodologies.

Instead, it complements standards like PTES, OWASP WSTG, and OSSTMM by focusing on issues unique to autonomous testing: scope enforcement, safe autonomy, manipulation resistance, and accountability.

What the standard covers

OWASP APTS currently has 173 tier-required requirements across 8 domains.

The 8 areas are:

Domain - What it means

1. Scope Enforcement : The platform must define, validate, and enforce what it is allowed to test.

2. Safety Controls : It should have safeguards like impact classification, blast-radius limits, kill switches, rollback, and sandboxing.

3. Human Oversight : Humans should be involved through approval gates, dashboards, escalation paths, and qualified operators.

4. Graduated Autonomy : The platform’s autonomy level should be clearly defined, from L1 Assisted to L4 Autonomous.

5. Auditability : The system should maintain logs, decision trails, evidence integrity, and isolated audit records.

6. Manipulation Resistance : It should defend against prompt injection, adversarial inputs, and attempts to widen scope.

7. Supply Chain Trust : It should address AI provider trust, data handling, multi-tenancy isolation, and model disclosure.

8. Reporting : Findings should include validation, confidence scoring, and coverage disclosure.

Compliance tiers

APTS also introduces three compliance tiers:

Tier - Meaning

Tier 1 – Foundation : Basic controls: the platform should not test outside scope, should be stoppable, and should maintain an audit trail.

Tier 2 – Verified : Adds stronger transparency, tamper-proof audit trails, and independently verifiable findings.

Tier 3 – Comprehensive : Highest assurance level, aimed at critical infrastructure and L4 autonomous operations.

OWASP also clarifies that APTS currently has no certification body, no mandatory third-party audit, and no fee. Assessment may be through self-assessment, independent internal review, or external third-party assessment.

Why it matters

APTS matters because the risk has changed.

Earlier, the question was : Can the tool find vulnerabilities?

Now the question is : Can the tool find vulnerabilities safely, within scope, with proper evidence and accountability?

That shift is important.

As AI-based testing becomes more common, organizations need a way to evaluate whether these platforms are controlled enough for real-world use.

A powerful autonomous testing tool without governance can become a risk by itself.