49% of CISOs and AppSec executives are willing to replace SAST/DAST.

58% of large AppSec teams (50 members or more) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as a major pain point.

81% of CISOs and AppSec executives are willing to pivot to new MCP protection tools.

38% of small AppSec teams (1–10 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

55% of CISOs and AppSec executives are willing to replace RASP.

52% of CISOs and AppSec executives are willing to replace SCA.

16% of CISOs and AppSec executives want to consolidate the AppSec toolchain into one platform.

Malicious web application and API transactions rose 128% year over year.

Over 75% of security professionals do not have the real-time production insight necessary to validate risk and understand how their code behaves in real-world environments.

72% of organizations experience at least one mobile app security incident in the past year.

More than half of developers are uncertain how to properly secure AI-written mobile applications.

13% of CISOs and AppSec executives use agent-based deployment.

63% of mid-sized AppSec teams (11–50 members) that use SCA cite the inability to verify if vulnerabilities are exploitable in production as their biggest pain point.

62% of security professionals are blind to shadow or undocumented APIs.

91% of mobile app developers and security leaders prefer security that spans the entire software development lifecycle.

88% of CISOs and AppSec executives are willing to replace API security solutions.

Almost 20% of developers let AI automatically save changes to the project's main code repository without human review.

Establishment of standardized technology stacks rose by more than 40%.

Streamlining of responsible vulnerability disclosure grew by more than 40%.

14.4% of AI agent configuration files grant arbitrary code execution permissions for Node.js.