72% of SAST/DAST users are challenged by an overwhelming number of false positives.

The average enterprise spends over 400 hours per year managing false positive alerts from data loss prevention (DLP) or email security tools.

11% of security teams say application security false positives happen constantly.

45% of respondents report consistent false positives from their cloud security tools.

56% of decision-makers at financial institutions named false positives as the leading pain point in fraud operations.

False positives are the #1 blocker to Shift Left, cited by 35% of respondents.

55% of respondents report having to address too many false positives.

Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents.

Despite 98% of organisations using vulnerability scanning, only 34% find it highly effective due to false positives.

The top five vulnerability management problems they’re actively trying to solve with AI today were: false positives (49%), overload of data (39%), reliance on manual processes (33%), disparate results from scanning tools (31%), and false negatives (31%)

False positive and negative rates are the No. 1 way that organizations reported that they evaluate the efficacy of AI in security, named by 66% of respondents