84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications.

49% measure success of vulnerability remediation by mean time to remediation.

91% of organizations experience delays in vulnerability remediation.

74% of respondents identify a lack of understanding of every potential source of vulnerability as their biggest challenge to effective vulnerability management.

61% of organizations still measure success of vulnerability remediation by the number of vulnerabilities resolved.

54% measure success of vulnerability remediation by fewer breaches.

57% of respondents report automation has reduced the time to respond to vulnerabilities.

Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents.

34% of respondents report seeing significant improvements in vulnerability response time due to automation.

Open-source risks and cloud misconfigurations followed supply chain vulnerabilities closely at 73%.

91% of organizations experience delays in vulnerability remediation.

25% of reported security issues in Agentic AI remain open.

60% of top vulnerabilities found in Agentic AIwere access control-related

86% of security alerts escalate into tickets, which indicates that most alerts still require human validation.

86% of security alerts escalate into tickets, which indicates that most alerts still require human validation.

Prompts specifying a need for security or requesting OWASP best practices produced more secure results, yet still yielded some code vulnerabilities for 5 out of the 7 LLMs tested.

When prompted to generate secure code, GPT-4o still produced insecure outputs vulnerable to 8 out of 10 issues.

Some open security issues in Agentic AI are lingering for 1,200-plus days.

In response to simple, “naive” prompts, all LLMs tested generated insecure code vulnerable to at least 4 of the 10 common CWEs.

With naive prompts, ChatGPT scored a 1.5/10 secure code result.