Automotive applications faced a 91% attack rate in 2026.

89% of employees say they feel safe reporting mistakes in organizations that prioritize cybersecurity as a culture.

19% of cybersecurity leaders report their organizations have an integrated and culture-embedded approach in place to manage human-related cybersecurity risk.

58% of cybersecurity leaders report that AI agents are already taking actions within organizational workflows.

52% of organizations report their use of AI is unapproved or ungoverned.

86% of employees say deepfake content is so realistic that it is harder to know what to trust.

64% of employees say it is possible that they could be tricked by AI-enabled attacks.

58% of cybersecurity leaders say mistakes during everyday work have had the greatest impact on their organization’s cybersecurity in the past 12 months.

42% of cybersecurity leaders identify AI-enabled attacks as a key driver of future human-related cybersecurity risks.

Over a third of employees commonly source their own agentic AI tools when options are unavailable or restrictive.

Operations runs just 18% of its AI activity on enterprise plans.

74.6% of all AI use at work has a clear business purpose.

Malicious npm packages surged 451% year-over-year.

177,000 new malicious packages were detected across registries in the last year.

56 malicious extensions were identified on OpenVSX.

Secrets detection is active at just 28% of organizations.

45% of security and DevOps professionals say reviewing and hardening AI-generated code is now a major time drain.

97% of organizations claim they have certified model governance.

In 2025, 27.89% of all adversary infrastructure tracked was hosted in the US, an increase from 23.63% in 2024.

China remained the second largest adversary infrastructure hosting location at 13.55%, down from 17.57% the previous year.