The Real Threat is Human: The Secrets of On-Prem Pen Testing

As organizations continue to invest in AI driven defenses and advanced detection, one critical reality remains. Attackers are still finding success by exploiting human behavior inside physical environments. From badge cloning to tailgating and in person social engineering, physical security is becoming an overlooked entry point in otherwise mature security programs. As external defenses strengthen, the path of least resistance is shifting and many organizations are not prepared for it. So where does physical security fit in a modern threat landscape shaped by AI? In this expert led discussion, Tevora’s Threat Services team, Jonathan Nyman and Andrew Peng, share real world insights from on premise penetration testing, moderated by Kevin Dick, Sr. Director of Threat Services. The session explores how attackers are gaining access, where organizations are falling short, and how AI is influencing both offensive and defensive strategies.

Key Takeaways:

• Why human behavior remains the most exploitable attack vector
• How physical environments are becoming a blind spot in modern security programs
• What a real world on premise penetration test looks like in practice
• How attackers use tactics like tailgating, badge cloning, and social engineering
• Where AI is strengthening detection and where it is enabling new attack techniques
• Practical ways to improve physical security and reduce risk

Whether you are evaluating your current security posture or looking to strengthen your overall program, this session provides a closer look at a threat vector that is often underestimated but highly effective.