In 2025, 36% of AI-related KEVs involved an API attack surface.

99% of API vulnerabilities are remotely exploitable.

In 2025, 17% of 67,058 published vulnerabilities (11,053 vulnerabilities) were API-related.

72% of organizations experience at least one mobile app security incident in the past year.

Ransomware attacks against industrial organizations increased 64% year-over-year.

Organizations with comprehensive OT visibility detect and contain OT ransomware incidents in an average of 5 days, compared to the industry-wide average of 42 days.

In June 2025, BAUXITE deployed two custom wiper malware variants against Israeli targets.

The average dwell time for ransomware in OT environments is 42 days.

KAMACITE conducted sustained reconnaissance of U.S. industrial devices from March through July 2025.

25% of ICS-CERT and NVD vulnerabilities have incorrect CVSS scores.

70% of global ransomware activity targets English-speaking countries.

In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.

In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

Only 2% of organizations in industrial and critical infrastructure environments use enterprise-grade authentication such as 802.1X.

62% of security professionals are blind to shadow or undocumented APIs.

73% of SCA users lack visibility into whether flagged vulnerabilities are exploitable in production.

46% of security teams struggle to correlate Model Context Protocol (MCP) actions with execution outcomes.

48% of security teams report blind spots around prompt injection chains or tool-chaining abuse in AI-native applications.

88% of CISOs and AppSec executives are willing to replace API security solutions.