11% of enterprise CISOs have security tools specifically designed to protect AI systems.

78% of enterprises fund AI security through existing security budgets.

Relying on static credentials for AI systems correlates with a 20-percentage-point increase in incident rates.

69% of security leaders agree identity management must fundamentally change to support AI safely.

Enterprises deploying AI systems with excessive permissions experience 4.5x more security incidents than enterprises that enforce least-privilege controls.

7% of organizations don't know how often AI is making autonomous infrastructure changes at all.

21% of enterprises plan to introduce a dedicated AI security budget.

93% of CISOs and AppSec executives are ready to replace or purchase new AI-native application protection.

Only 3% of organizations have automated, machine-speed controls governing AI behavior.

MCP vulnerabilities grew 270% from Q2 to Q3 in 2025.

48% of security teams report blind spots around prompt injection chains or tool-chaining abuse in AI-native applications.

67% of organizations rely on static credentials for AI systems.

75% of CISOs report their enterprises rely on extending controls originally designed for other attack surfaces to cover AI-driven workflows and infrastructure.

70% of security leaders say AI systems have more access than a human in the same role.

Organizations with over-privileged AI systems have a 76% incident rate, compared to a 17% incident rate for organizations that limit AI to only the privileges needed for the task.

85% of security leaders are concerned about AI-related infrastructure risk.

Teams using attack intelligence to track emerging AI vulnerabilities increased by 10%.

In 2025, an AI agent placed in the top 5% of teams in a major cybersecurity competition.

Application of custom rules to automated code review tools to catch issues unique to AI-generated code increased by 10%.

Use of risk-ranking methods to determine where LLM-generated code is safe to deploy increased by 12%.