Measurement model
Q4 had 63% more findings than Q3. But Q3's findings were far more severe . Making Q3 the more dangerous quarter. Total count made it look calm.
Needs work
Strong
Moderate
Cloud budget share
Cloud overtook web as the primary attack surface in 3 separate quarters of 2025. While cloud testing coverage grew only 1.23× in the same period.
Moderate
Needs work
Strong
Cross-surface scope
In 2025, 80% of AWS credential exposure was found during mobile pentests, not cloud scans.
Needs work
Strong
Moderate
Testing cadence
August–September was the most dangerous period of the year; most annual and quarterly tests had already concluded. December produced 1.8M vulnerabilities, more than all of 2024.
Strong
Needs work
Moderate
The metric you're using wrong
Pages 5–10
Cloud: the trojan horse in your risk mapping
Pages 20–29
Your costliest cloud breach is a 4.2-star app
Pages 20–24
The 30-day blind spot
Pages 11–19
