84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications.

57% of respondents report automation has reduced the time to respond to vulnerabilities.

Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents.

Over 40,000 new vulnerabilities were added to the National Vulnerability Database in 2024. This marks a 39% rise from 2023.

85% of organizations believe their cross-team collaboration is strong.

34% of respondents report seeing significant improvements in vulnerability response time due to automation.

Open-source risks and cloud misconfigurations followed supply chain vulnerabilities closely at 73%.

1 in 5 organizations take four or more days to fix critical vulnerabilities.

Nearly 40% of organizations still rely on manual workflows for most of their vulnerability remediation processes.

91% of organizations experience delays in vulnerability remediation.

Fewer than 1 in 5 organizations use structured prioritization models.

Prompts specifying a need for security or requesting OWASP best practices produced more secure results, yet still yielded some code vulnerabilities for 5 out of the 7 LLMs tested.

Over 700 issues in Agentic AI repositories remain unaddressed.

When prompted to generate secure code, GPT-4o still produced insecure outputs vulnerable to 8 out of 10 issues.

86% of security alerts escalate into tickets, which indicates that most alerts still require human validation.

With naive prompts, ChatGPT scored a 1.5/10 secure code result.

25% of reported security issues in Agentic AI remain open.

In response to simple, “naive” prompts, all LLMs tested generated insecure code vulnerable to at least 4 of the 10 common CWEs.

Claude 3.7 Sonnet scored 10/10 with security-focused prompts.

60% of top vulnerabilities found in Agentic AIwere access control-related