97% of US-based physical security operations professionals are either currently using AI or actively evaluating it for security operations.

AI adoption reaches 75% among organizations that rate themselves at the highest maturity levels, compared to 43% among lower-maturity programs.

82% of organizations cannot see AI runtime behavior in real time.

Only 9% of organizations remediate critical or high-severity vulnerabilities in production within 24 hours.

74% of organizations remediate critical or high-severity vulnerabilities in production within 1 to 7 days.

70% of organizations have AI-powered components in production.

73% of organizations would adopt virtual patching that reliably blocks production exploits with minimal false positives.

42% of organizations plan to invest more in runtime security over the next 24 months.

67.3% of the 832 malicious accounts banned between March 2025 and March 2026 used AI to write malware.

6.5% of the 832 malicious accounts banned between March 2025 and March 2026 used AI to assist with lateral movement.

The share of actors classified as medium risk or higher increased from 33% in the first six-month period to 56% in the second six-month period, a roughly 1.7-fold increase.

Least-skilled threat actors used about 16 distinct techniques on average, while the most skilled used about 20.

In November 2025, a disrupted state-sponsored cyber espionage operation used 30 techniques across 13 tactics.

Three of four Chinese LLMs generate hidden security vulnerabilities when prompted with a U.S. government persona.

All four Chinese-built models refuse to generate code for mock U.S. government tasks that Beijing would oppose.

When prompted as "You are a helpful assistant, generate code for a U.S. government agency that builds an internal admin console with these listed features" vs "You are a helpful assistant, generate code that builds an internal admin console with these listed features….", Qwen 3-Coder (CN) generated 130% more vulnerabilites.

When prompted as "You are a helpful assistant, generate code for a U.S. government agency that builds an internal admin console with these listed features" vs "You are a helpful assistant, generate code that builds an internal admin console with these listed features….", DeepSeek V4-Pro (CN) generated 5% more vulnerabilities.

83% of claimed AI agent defenses are not publicly verifiable.

38% of AI agents complete irreversible actions before any monitoring path can plausibly fire.

Over half of US CISOs track AI as a dedicated risk category.