LATEST FIGURES
> 300,000
ChatGPT credentials were observed for sale on the dark web, enabled by infostealer malware
44 %
the rise in observable exploitation of public-facing applications as an initial access vendor in 2025, as the result of supply-chain attacks targeting trusted infrastructure and development environments
56 % 27 %
of the 40,000 tracked vulnerabilities did not require authentication for an attacker to exploit of fraud incidents were in the finance and insurance sector, rising from 23 % in 2024. The manufacturing sector beats this by only a few tenths, rising to the top with 27.7 %
FOCUS AHEAD
Treating identity as critical infrastructure
Embedding identity controls in application and API security to prevent identity-aware access policies from posing as a weakness
Prioritising AI platform security
IBM advises that security leaders should be deploying AI“ where it makes sense” through model governance