New data from thousands of real-world applications confirms what many security teams have long suspected: the application layer isn’t just exposed, it’s being actively and repeatedly attacked. Contrast Security’s Software Under Siege 2025 report offers a detailed look at how attackers are targeting custom code and APIs, and why traditional tools aren’t keeping up.
Unlike reports based on external scans or generalized survey data, this report is built on real-time telemetry captured from inside live applications. Contrast’s embedded threat sensors operate within the runtime environment, providing line-of-code visibility into vulnerabilities, attack behavior and actual exploit paths. This internal vantage point offers a level of accuracy and relevance that perimeter tools and synthetic testing can’t match.
Drawn from 1.6 trillion runtime observations per day, the report reveals:
- The average application is hit with 81 confirmed exploit attempts each month
- 17 new vulnerabilities emerge per app per month, but teams only fix 6
- WAFs and EDRs routinely miss these threats due to a lack of runtime context
- AI-enabled attackers move quickly, exploiting new vulns in 5 days; defenders patch in 84
These findings show a widening gap between attacker speed and defender visibility. The report not only highlights the risks but also offers a path forward, grounded in runtime protection and real exploit data, not assumptions.
Download the full report to see data about specific kinds of attacks and tactics, and what threat actors are doing industry by industry.
