AI security and risk management capability gaps affect 61% of organizations globally.

One in five phishing links clicked by users went completely undetected by legacy URL filtering.

80% of enterprise servers are reachable from anywhere inside the network, creating greenfield conditions for ransomware, operational disruption, and full-environment compromise.

43% of internal authentication traffic still relies on NTLM, a legacy protocol frequently abused for credential replay and privilege escalation attacks.

12% of organizations maintain direct user-to-server administrative pathways, meaning a single compromised employee device can provide immediate access to high-value systems.

Roughly 80% of enterprises have deployed internal AI agents while two-thirds lack governance policies for those agents.

78% of organizations report more incidents after deploying AI-generated code in the past 12 months.

19% of organizations report no AI-generated code challenges in the past six months.

88% of organizations include vibe coding in formal production policies.

5% of organizations restrict vibe coding to non-production environments.

62% of technology leaders report their engineering teams often trust AI-generated code enough to ship it to production without line-by-line manual verification.

61% of leaders rate AI-generated code as somewhat higher quality, 33% rate it as much higher, and 2% perceive it as lower quality.

78% of engineering teams routinely prompt AI tools to include specific telemetry (logs, traces, metrics) directly into generated code.

86% of organizations report an increase in the time senior staff spend fixing AI-generated code in the past 12 months.

67% of technology leaders state that AI now generates or significantly refactors between 51% and 75% of their organization's weekly code output.

53% of organizations say point-in-time penetration testing becomes outdated before results can be acted upon.

58% of organizations utilize pentesting-as-a-service (PTaaS) for continuous testing.

88% of organizations plan to increase offensive security spending over the next 12 months, with 65% planning moderate increases and 23% planning significant increases.

60% of organizations expect analysts to shift from executing offensive security tasks to supervising autonomous workflows.

14% of consumers report falling victim to a scam in the past year.