VendorsVeracode
Veracode
Cybersecurity reports and statistics published by Veracode
8 categories4 reports
Research Reports
Reports and publications from Veracode
Recent Statistics & Reports
OpenAI’s non-reasoning GPT-5-chat model delivered a 52% pass rate on security tests.
11/22/2025•
Gen AIGen AI codeOpenAI
Over 85% of tasks related to Cryptographic Algorithms passed across the industry.
11/22/2025•
Gen AIGen AI code
Google Gemini 2.5 Pro achieved a 59% pass rate on security tests.
11/22/2025•
Gen AIGen AI codeGoogle Gemini
OpenAI’s standard GPT-5 achieved a 70% pass rate on security tests.
11/22/2025•
Gen AIGen AI codeOpenAI
The pass rates for Cross-Site Scripting (XSS) vulnerabilities remained below 14% across all evaluated models.
11/22/2025•
Gen AIGen AI codeXSS vulnerabilities
Anthropic’s Claude Sonnet 4.5 achieved a 50% pass rate on security tests.
11/22/2025•
Gen AIGen AI codeAnthropic
xAI Grok 4 achieved a 55% pass rate on security tests.
11/22/2025•
Gen AIGen AI codexAI Grok 4
Qwen3 Coder achieved a 50% pass rate on security tests.
11/22/2025•
Gen AIGen AI codeQwen3 Coder
The pass rates for Log Injection vulnerabilities were near 12% across all evaluated models.
11/22/2025•
Gen AIGen AI codeLog Injection vulnerabilities
OpenAI’s GPT-5 Mini achieved a 72% pass rate on security tests, marking the highest recorded to date.
11/22/2025•
Gen AIGen AI codeOpenAI
Top-performing BFSI enterprises remediate over 9% of open flaws monthly, while lagging organizations have security debt in 85% or more of their applications.
11/1/2025•
Open-source VulnerabilitiesVulnerabilitiesremediation
77% of financial services organizations reported accruing some level of security debt.
11/1/2025•
Open-source VulnerabilitiesVulnerabilitiessecurity debt
Open-source flaws account for over 82% of critical security debt at financial firms, despite third-party code representing only 17% of total security debt.
11/1/2025•
Open-source VulnerabilitiesVulnerabilitiesremediation
63% of banking, financial services, and insurance organizations reported harboring critical security debt in 2025, which is 13 percentage points higher than the cross-industry average.
11/1/2025•
Open-source VulnerabilitiesVulnerabilitiessecurity debt
The average flaw half-life for financial services organizations is 276 days, indicating it takes nearly a month longer to fix security issues than in other industries.
11/1/2025•
Open-source VulnerabilitiesVulnerabilities
LLMs failed to secure code against log injection (CWE-117) in 88% of cases
7/30/2025•
AI codeGen AILLMs
LLMs failed to secure code against cross-site scripting (CWE-80) in 86% of cases.
7/30/2025•
AI codeGen AILLMs
AI-generated code introduces security vulnerabilities in 45% of cases.
7/30/2025•
AI codeGen AISecurity vulnerabilities
When given a choice between a secure and insecure method to write code, GenAI models chose the insecure option 45% of the time.
7/30/2025•
AI codeGen AISecurity vulnerabilities
In 45% of all test cases, LLMs introduced vulnerabilities classified within the OWASP Top 10.
7/30/2025•
AI codeGen AILLMs
Showing first 20 results