The penetration testing industry is discovering the value of crowdsourcing, which allows buyers to curate precisely the right pentest team for their needs, diversify their view of the attack surface, and unlock a scaled pay-for-impact incentive model that reduces risk. However, some pen testing vendors are adopting a "crowd washing" strategy, making their offerings sound more modern and impactful than they really are by misrepresenting their capabilities or using buzzwords like "cloud" to rebrand old products. To avoid these tactics, buyers should look for providers with a credible track record, pay-for-impact incentives, and a platform that can deliver on the operational details of crowdsourcing at scale.