VendorsCobalt
Cobalt
Cybersecurity reports and statistics published by Cobalt
8 categories7 reports
Research Reports
Reports and publications from Cobalt
State of Pentesting Report 2026
4/21/2026
Pentester Profile Report
3/5/2026
State of Pentesting in Financial Services 2025
9/30/2025
State of Pentesting in Healthcare 2025
9/3/2025
CISO Perspectives Report: AI and Digital Supply Chain Risks
7/31/2025
The State of LLM Security Report
6/24/2025
State of Pentesting Report 2025
4/14/2025
Recent Statistics & Reports
Only 66% of organisations are conducting regular security assessments like pentesting on their AI products.
4/14/2025•
TestingPen testingOffensive security
Since 2017, the median time to resolve serious vulnerabilities has decreased dramatically—from 112 days down to 37 days last year.
4/14/2025•
VulnerabilitiesVulnerability remediationVulnerability management
Median time to resolve issues of all criticalities stretches to 67 days.
4/14/2025•
VulnerabilitiesVulnerability managementVulnerability remediation
94% of security leaders agree that pentesting is foundational to security.
4/14/2025•
TestingPen testingOffensive security
Most companies set ambitious service-level agreements (SLA) requiring vulnerabilities to be fixed within 14 days.
4/14/2025•
VulnerabilitiesSLAs
69% of the highest-risk (serious) vulnerabilities are resolved.
4/14/2025•
VulnerabilitiesVulnerability managementVulnerability remediation
The rate for serious findings in pentests being resolved in each calendar year remains stuck at just 55%.
4/14/2025•
TestingPen testingOffensive security
57% of organisations resolve at least 90% of their serious findings in pentests.
4/14/2025•
TestingPen testingOffensive security
Small companies lead with 81% of serious findings in pentests resolved.
4/14/2025•
TestingPen testingOffensive security
The proportion of serious findings in pentests has also declined by about half (from 20% to 11%) over 10 years.
4/14/2025•
TestingPen testingOffensive security
AI and LLM security has emerged as the top concern among security professionals (72%).
4/14/2025•
AILLM
Only 21% of serious vulnerabilities discovered in LLM tests are being resolved.
4/14/2025•
LLMPen testingOffensive security
This represents a cut of 75 days, or two-thirds.
4/14/2025•
VulnerabilitiesVulnerability remediationVulnerability management
Larger organisations take over a month longer (61 days) than smaller ones (27 days) to resolve serious findings in pentests.
4/14/2025•
TestingPen testingOffensive security
LLM pentests yield the highest proportion of serious vulnerabilities (32%) than any other asset type tested.
4/14/2025•
LLMPen testingOffensive security
Showing 81-95 of 95 results