44% of threat detections originate from the cloud.

25% of reported security issues in Agentic AI remain open.

In the UK, security risks associated with third-party suppliers have surged by "more than ten percentage points" as a top concern, largely driven by the integration of third-party AI solutions

56% of threat detections originate from the endpoint.

Financial (17.4%) was the #1 targeted industry.

Global median dwell time was 26 days when external entities notified.

Over 700 issues in Agentic AI repositories remain unaddressed.

60% of top vulnerabilities found in Agentic AIwere access control-related

Europe was the second most targeted region in March. Europe accounted for 27% of attacks and experienced 162 attacks.

44% of security leaders surveyed plan to prioritize security infrastructure oversight and implementation, much of which now focuses on securing AI systems and preventing data leakage.

Security operations, which was the top security priority last year, has fallen to third place. Security awareness training is now the second priority.

Less than 10% of enterprises have implemented data protection policies and controls for AI applications.

600 ransomware attacks were recorded globally in March.

Government (9.5%) was the 4th most targeted industry.

86% of security alerts escalate into tickets, which indicates that most alerts still require human validation.

In January 2025, customers uploaded a combined 176GB of data into the DeepSeek AI chatbot.

95% of AI applications are at medium or high risk for EU GDPR violation.

Only 22% of all AI applications are in adherence to one or more compliance certifications such as HIPAA, PCI, ISO, FISMA, and FedRAMP.

84% of AI applications don’t support ‘Data Encryption at Rest’.

Safepay was the third most active threat group in March, with 42 attacks.