72% of organizations experience at least one mobile app security incident in the past year.

62% of security professionals are blind to shadow or undocumented APIs.

88% of CISOs and AppSec executives are willing to replace API security solutions.

81% of CISOs and AppSec executives are willing to pivot to new MCP protection tools.

55% of CISOs and AppSec executives are willing to replace RASP.

52% of CISOs and AppSec executives are willing to replace SCA.

49% of CISOs and AppSec executives are willing to replace SAST/DAST.

13% of CISOs and AppSec executives use agent-based deployment.

Over 75% of security professionals do not have the real-time production insight necessary to validate risk and understand how their code behaves in real-world environments.

Malicious web application and API transactions rose 128% year over year.

91% of mobile app developers and security leaders prefer security that spans the entire software development lifecycle.

More than half of developers are uncertain how to properly secure AI-written mobile applications.

63% of mid-sized AppSec teams (11–50 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

58% of large AppSec teams (50 members or more) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as a major pain point.

16% of CISOs and AppSec executives want to consolidate the AppSec toolchain into one platform.

38% of small AppSec teams (1–10 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

Automated verification of infrastructure security surged by more than 50%.

Teams using attack intelligence to track emerging AI vulnerabilities increased by 10%.

14.4% of AI agent configuration files grant arbitrary code execution permissions for Node.js.

Use of risk-ranking methods to determine where LLM-generated code is safe to deploy increased by 12%.