Offensive Security
Cybersecurity statistics about offensive security
Related Topics
Showing 1-20 of 34 results
60% of security professionals state they require stronger LLM testing capabilities.
47% of organizations favor automation for low-risk environments, up 22 percentage points.
38% of LLM vulnerabilities were fixed while 62% remain open.
32% of AI-related pentest findings were classified as high risk, compared to 12% of all pentest findings overall.
9% of organizations rely entirely on AI automation for testing, down from 29%, while 47% prefer a hybrid testing model.
77% of organizations conduct regular security assessments and pentests for AI-powered products, an increase of 11 percentage points from last year.
78% of organizations experienced fully automated scanning tools missing critical vulnerabilities and returning false negatives.
Support for hybrid testing models increased by 22 percentage points to 47%.
42% of security professionals plan to increase human-led red team operations.
79% are concerned about missing vulnerabilities introduced between scheduled tests
53% of organizations say point-in-time penetration testing becomes outdated before results can be acted upon.
94% of organizations explicitly see the importance of keeping humans in the loop for offensive security programs.
60% of organizations expect analysts to shift from executing offensive security tasks to supervising autonomous workflows.
58% of organizations utilize pentesting-as-a-service (PTaaS) for continuous testing.
88% of organizations plan to increase offensive security spending over the next 12 months, with 65% planning moderate increases and 23% planning significant increases.
51% of professional pentesters cite the pressure to be the first to submit a finding as their primary frustration with bug bounty programs.
54% of professional pentesters report having discovered a Zero-Day or N-Day vulnerability that had no existing public patch or advisory.
1% of professional pentesters believe AI-only scanning is effective for uncovering high-impact, exploitable vulnerabilities.
U.S. enterprises allocate an average of $187,000 annually to pentesting.
50% of CISOs identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.