98% of organisations experienced a breach stemming from vulnerable code in the past year.

Within the next 12 to 18 months, nearly a third (32%) of CISOs, AppSec managers and developers expect Application Programming Interface (API) breaches via shadow APIs or business logic attacks.

Only 18% of organisations have policies governing AI use.

81% of organisations knowingly ship vulnerable code.

Up to 60% of code is being generated by organisations using AI coding assistants.

20% of organisations still forbid the use of AI coding assistants.

Half of CISOs, AppSec managers and developers already use AI security code assistants.

81% of organisations knowingly ship vulnerable code.

Only 21% of Millennials and 17% of Gen Z avoid using unofficial AI tools at work

Just 37% of organisations have a data privacy team overseeing AI initiatives.

Nearly half (46%) of IT and security decision-makers report reducing their planned security investments for 2025 due to ongoing federal funding instability.

19% of organisations deploy between 21 and 50 types of AI agents.

13% of employees are anxious or resistant about AI, uneasy about the risks and consequences.

41% of IT and security decision-makers say budget or resource cuts have led to reduced capacity for detection and monitoring.

15% of employees deliberately avoid telling their manager about their AI use.

79% of U.K. IT and security decision-makers say growing U.S. cybersecurity instability has made them more cautious with U.S.-based vendors.

7% of organisations assess API risk monthly or less.

Only 22% of US consumers are comfortable sharing data with AI agents.

16% of employees who hide their AI use worry it will be seen as lazy.

Nearly half (48%) of organisations currently use between 6 and 20 types of AI agents.