44% of organizations use or plan to use static API keys and 43% use or plan to use username/password combinations for agents.

45% of Canadian IT & security professionals reported that employees using weak or compromised credentials is a top security concern

48% of organizations adopted AI-enhanced phishing detection.

33% of ransomware incidents involved compromised credentials

36% of insider incidents involved user credentials.

88% of open-source Model Context Protocol (MCP) server implementations require credentials.

28% of Gen Z parents admit to sharing passwords verbally or through text or email.

46% of developers worry about AI systems sharing or leaking API credentials.

16% of organizations identify AI agents operating with user credentials as a Shadow AI concern.

In 16% of large ransomware claims, attackers leveraged compromised or weak credentials to gain entry.

The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.

Over 1.8 billion credentials were stolen in the first half of 2025 alone. The 1.8 billion stolen credentials represent an 800% increase.

Of organisations that experienced attacks, 38% of breaches stemmed from compromised employee credentials.

Among non-PAM users, 8% still store credentials in spreadsheets.

68% of users admitted to reusing passwords across multiple accounts.

36% of enterprises said data breaches due to weak and stolen credentials was one of the most common ways to lose data.

One in nine (11%) password reset attempts in 2024 was a fraud attack. This rate rose to over one in four (27%) reset attempts initiated on a desktop computer.

2.9 billion unique sets of compromised credentials identified in 2024. This is an increase from 2.2 billion in 2023.

Animals are common in passwords: "lion" (9.8 million), "fox" (7.8 million).

Months are popular in passwords, with "May" appearing in 28 million entries and "April" in 5.2 million.