Since 2022, the attack rate on enterprise applications has risen from 55% to 87%.
And the clock starts the moment your app hits the store. Real-time telemetry data from billions of application instances recorded first hostile contact within just one hour and fifty-six minutes of app store publication.
The skills, tools, and costs that once limited sophisticated attacks have collapsed. A threat actor with a laptop and an LLM subscription can now reverse-engineer your app in an afternoon.
AI has created two simultaneous acceleration curves in enterprise software — one for building it, one for attacking it. Enterprises are investing heavily in the first, but the second has received far less attention than it deserves.
Inside the report:
- The shrinking iOS gap: In 2023, iOS apps faced half Android’s attack rate. In 2026, the gap is under 3 points.
- Connected-vehicle risk: Connected-vehicle apps are now attacked at the same rate as banking apps; 91% each.
- The global shift: EMEA, LATAM, and APAC attack rates all surpassed North America’s for the first time in 2026.
- The medical device surge: The largest single-year jump in attack rates of any vertical we track, from 78% to 86%.
