Go To Market accounts for 17.5% of AI minutes and runs 39% of its AI activity on enterprise plans.

495 malicious AI models were identified on Hugging Face.

ShinyHunters vishing attack against an online automotive marketplace help desk exfiltrated 12.4 million user records (6.1 GB) in mid-February 2026

Q4 2025 automotive vulnerabilities mapped to 19 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Q4 2025 severity breakdown: 146 Medium, 54 High and 2 Critical automotive vulnerabilities

35% of law firms cite data privacy and security as AI-related concerns.

Only 29% of organizations are prioritizing sovereign AI in a concrete, near-term way.

423 financial services organizations appeared on dedicated leak sites, marking a 27% year-over-year increase.

26% of organizations leave MySQL databases exposed to the internet.

Only 29% of organizations conduct continuous simulation testing.

51% of middle market companies rely on staff training for responsible AI use.

The average cost of downtime for organizations is $15,000 per minute.

18% of organizations have zero governance over their IDE or MCP servers inside developers' workflows.

19% of consumers report being scammed.

More than 1 in 7 organizations expose API documentation to the internet.

48% of organizations report security concerns as the top barrier to AI adoption, up from 17% in 2024.

China hosted 42.3% of all tracked Cobalt Strike infrastructure, the US hosted 18.9%, and Hong Kong hosted 15.8%.

Across 2025, 7,918 victim postings were observed on ransomware group data-leak sites (DLS) across 129 distinct threat actors sourced from ransomware.

31% of breaches now start with software vulnerabilities.

48% of all breaches now involve ransomware.