Injection (CWE-74) occurrences grew 3,110%.

66% of analyzed CVEs had minimal real-world applicability.

Only 40% of organizations have adopted malicious package detection.

53% of organizations self-host models from sources where malicious payloads have been detected.

45% of IT leaders believe AI has increased cyber risk significantly.

30% of executives and board members believe AI has increased cyber risk significantly.

51% of Americans aged 65 and older are extremely concerned about AI-powered fraud.

On average, organizations recover 72% of affected data following a ransomware attack.

33% of organizations cite regulatory shifts as a top emerging threat.

42% of organizations report limited visibility into all AI tools or models used across the organization.

94% of organizations are beginning to prepare for quantum computing security risks.

In late 2025, 32% of consumers cited payment security as a concern and 26% cited privacy

In Q4 2025, 73% of consumers reported using AI at some point in their shopping journey

40% of organizations say security policies have not yet been updated to address AI-specific risks.

More than 80% of IT and security leaders report AI agents require more manual oversight than they save in efficiency.

80% of IT security professionals believe AI will significantly reduce the number of people required to perform their current roles.

90% of senior cybersecurity decision makers identify public cloud as a top visibility and vulnerability concern.

Anthropic Claude Opus 4.6 detected an average of 46% of attack evidence per MITRE tactic.

78% of senior cybersecurity decision makers indicate that potential visibility gaps or blind spots could slow detection or investigation of malicious activity.

84% of senior cybersecurity decision makers point to IT vulnerabilities as a worrisome bridge into OT/ICS environments.