Malicious npm packages surged 451% year-over-year.

177,000 new malicious packages were detected across registries in the last year.

Q1 2026 automotive vulnerabilities map to 25 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

77 distinct CWEs mapped in Q1 2026, up from 64 in Q4 2025

47% of large organizations do not have full visibility into employee AI tool usage.

89% of senior IT leaders report that managing the growing identity footprint is challenging.

56% of cybersecurity decision-makers are concerned about employees inadvertently exposing sensitive information to AI systems.

47% of U.S. cybersecurity decision-makers report concern about lack of visibility into employee AI tool usage, compared with 42% globally.

73% of U.S. cybersecurity decision-makers cite disconnected or poorly integrated tools as creating exploitable gaps, compared with 63% globally.

Attacks on the logistics sector surged 200% year-on-year in Q1 2026.

93% of organizations operate across multiple clouds.

86% of organizations run applications across on-premises, public cloud, and colocation environments.

Fewer than one in four organizations globally have deployed a dedicated password manager.

18% of middle market organizations experienced a data breach in the past year.

Only 7% of organizations believe their controls would prevent a compromised agent from operating.

Organizations spent more than $1 million on average in the past year responding to AI agent identity and security issues.

It takes nearly a week to contain and remediate a compromised AI agent.

56% of organizations use embedded AI within third-party vendor tools that employees often do not recognize as using AI.

Over two-thirds of GRC and security leaders are only "somewhat confident" or "not very confident" that their organization can respond decisively to a fast-moving AI security incident.

20% of high-risk digital work is canceled entirely due to exposure or compliance constraints.