Attackers exploited vulnerabilities an average of seven days before public disclosure in 2025.

87% of monitored client-facing mobile applications faced attacks in 2026, up from 55% in 2022.

Mobile application attack rates progressed in a five-step trajectory of 55% → 57% → 65% → 82.7% → 87% over the five-year period from 2022 to 2026.

45.6% of employees' personal AI activity flows through enterprise tools their company is paying for.

64.5% of activity on personal and free-tier AI accounts is business use rather than personal use.

Go To Market accounts for 17.5% of AI minutes and runs 39% of its AI activity on enterprise plans.

495 malicious AI models were identified on Hugging Face.

ShinyHunters vishing attack against an online automotive marketplace help desk exfiltrated 12.4 million user records (6.1 GB) in mid-February 2026

Q4 2025 automotive vulnerabilities mapped to 19 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Q4 2025 severity breakdown: 146 Medium, 54 High and 2 Critical automotive vulnerabilities

26% of organizations leave MySQL databases exposed to the internet.

Only 29% of organizations conduct continuous simulation testing.

51% of middle market companies rely on staff training for responsible AI use.

The average cost of downtime for organizations is $15,000 per minute.

18% of organizations have zero governance over their IDE or MCP servers inside developers' workflows.

19% of consumers report being scammed.

More than 1 in 7 organizations expose API documentation to the internet.

48% of organizations report security concerns as the top barrier to AI adoption, up from 17% in 2024.

China hosted 42.3% of all tracked Cobalt Strike infrastructure, the US hosted 18.9%, and Hong Kong hosted 15.8%.

Across 2025, 7,918 victim postings were observed on ransomware group data-leak sites (DLS) across 129 distinct threat actors sourced from ransomware.