In 2025, 43% of CISA KEV additions were API-related, making APIs the single largest exploited surface in that dataset.

In 2025, 36% of AI-related vulnerabilities involved APIs (786 of 2,185 AI-related vulnerabilities).

In 2025, 14% of published AI vulnerabilities were MCP-related (315 MCP-related vulnerabilities).

97% of API vulnerabilities can be exploited with a single request.

MCP vulnerabilities grew 270% from Q2 to Q3 in 2025.

98% of API vulnerabilities are easy or trivial to exploit.

59% of API vulnerabilities require no authentication.

In 2025 breach data, AI platforms and tooling accounted for 15% of API-related breaches, tying software as the largest category in the dataset.

65% of organizations report customer churn or app uninstalls as a direct result of security issues.

79% of mobile app developers and security leaders cite time-to-market pressure as the top barrier to stronger mobile app protection.

96% of developers use AI-assisted tools to build mobile apps and SDKs.

81% of developers say AI-generated code has introduced new vulnerabilities.

91% of mobile app developers and security leaders prefer security that spans the entire software development lifecycle.

96% of organizations using multi-layered protection report fewer mobile app security incidents.

More than half of developers are uncertain how to properly secure AI-written mobile applications.

Manufacturing accounts for more than two-thirds of all ransomware victims.

26% percent of advisories in 2025 contained no patch or mitigation from vendors.

The number of ransomware groups targeting industrial organizations increased 49% year-over-year to 119 groups, collectively impacting 3,300 organizations globally.

68% of observed wireless networks in industrial and critical infrastructure environments operate without Management Frame Protection (MFP) despite using modern encryption.

Approximately 98% of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication.