16 Jul 2026 · 5 min read

With AI, technical interviews are becoming harder and harder to trust. Candidates now have access to automated tools designed to help them cheat in real time, and some people even charge $400 per session to teach them how to use those tools more effectively.

I have been speaking with a lot of pentesting boutique owners and AppSec team managers, and for many of them, it has become a nightmare. They have shared some very creative ways of detecting this kind of cheating, although I cannot repeat those here. Let me just say that some of them are hilarious.

The core problem is that most interview formats only look at the output. A take-home challenge, a multiple-choice screen, or a "walk me through how XSS works" question all reward the right final answer, and the right final answer is exactly what these tools are good at producing. To tell a real candidate from an assisted one, you have to look at something the tools cannot generate for them: how they got there.

This brings us to one of our customers' favourite PentesterLab features: Interview.

You learn a lot by watching someone work

After running in-person security training for years, I can tell you that it is surprisingly easy to assess someone's practical ability simply by watching them work. You can learn a lot from how they use their computer, browser, proxy, and other tools. You see their speed, precision, habits, and thought process. Even small details can be revealing, such as copying a URL before visiting it so they do not lose a payload.

Interview gives you a structured way to do this. You select a set of labs, either by choosing them yourself or using one of our predefined lists, and ask the candidate to work through them while sharing their screen.

Instead of only seeing whether they eventually reached the answer, you can observe how they investigate the application, form and test hypotheses, use their tools, detect when they have made a mistake, understand what went wrong, and recover from it.

This is exactly what makes it hard to fake. An AI tool can hand a candidate the final answer, but it cannot fake the wrong turn, the moment they realise something is off, or the way they work back out of it. That process is what you are actually watching for, and it is the part no tool can generate on their behalf.

Hacking and code review

Interview can be used to assess both hands-on hacking and security code review skills. Alongside our hacking exercises, we provide dedicated code review interview labs covering the most common programming languages.

For every interview lab, we provide suggested questions, expected answers, and additional "Go Further" questions. These help you explore the candidate's understanding in more depth, assess candidates more consistently, and distinguish genuine expertise from a lucky result or an AI-generated answer.

See how your candidates actually work

If you want to make your technical interviews more resistant to AI-assisted cheating, see how candidates actually hack, or simply move beyond asking everyone to test Juice Shop again, take a look at Interview.

Explore Interview and see how your candidates actually work.

Want to build these skills hands-on?

PentesterLab has 700+ real-world labs on web hacking, code review, and vulnerability analysis. Start with a free account.

Photo of Louis Nyffenegger
Louis Nyffenegger
Founder and CEO @PentesterLab