Built in the trenches. Backed by data. For the boardroom.
State of continuous pentesting report 2025
Expert insights on 2025’s top cybersecurity trends, AI-driven
threats, and why continuous pentesting is key to staying
ahead in a fast-changing threat landscape.
What’s inside?
Backed by 800+ manual pentests, nearly 150K automated vulnerability scans, & data from 900+
global companies, this security trends 2025 report delivers real-world, quantifiable security intelligence.
Threat Landscape
Insights on spikes in vulnerabilities detected across APIs, web apps, and cloud
Industry Trends
How SaaS, finance, and healthcare secured their assets and where gaps remain
Cost of (In) Action
With $2.88B+ in potential losses prevented, see how security efforts translate to business impact
The Road Ahead
Why continuous security, AI-driven threats, and asset-specific targeting will define 2025
Key insights & cybersecurity predictions 2025
10X jump in low-severity vulnerabilities, often chained together into high-impact exploits
Critical vulnerabilities are up by 83%, yet make up just 5.34% of all findings on average in the 2025 cyber threat landscape
Automated DAST is surging 2.5X, with detection climbing nearly 40%, advancing real-time threat identification
5.3 vulnerabilities are being identified every minute, with an accelerating growth
1 in 2 vulnerabilities found today didn’t exist a year ago, thanks to Attack AI. Attackers are outpacing defenses, and many organizations are losing the race
Download full report
Voices from the frontlines of security
“Security is increasingly shifting to the hands of developers,while security teams find themselves more overwhelmed than ever.”
Ananda Krishna
Co-founder and CTO, Astra.
AI is a double-edged sword, benefiting both red and blue teams. On defense, AI enhances detection, response, and proactive threat prevention. On offense, it enables more unique and sophisticated attacks. Social engineering, the top attack vector, will likely become even more dangerousas AI amplifies attackers' ability to craft hyper-personalized exploits!
Peter Merkert
CTO, Retraced
When you first start thinking about security, you make it complex - more tools, more alerts, more noise. But if you keep going, if you really think deeply about it with an AI first mindset, you get to something beautiful: security that’s so neatly integrated, it just works seamlessly. That’s what 2025 is about - not adding complexity, but eliminating it. We’re going to see security tools which ‘actually’ help fix or even fix the security gaps for engineers & security teams with less to no noise.
Clinton Skakun
CEO, Dedupely
