Software Under Siege 2025

Contrast’s 2025 Application Threat Report reveals what traditional tools miss: real-world attack data from inside running applications.

Today’s attackers aren’t guessing, they’re using AI to launch targeted, viable attacks at scale. Most security tools never see them.

Software Under Siege 2025 analyzes 1.6 trillion runtime observations per day across real-world applications and APIs. This report gives security leaders the visibility they’ve been missing.

•  81 confirmed, real exploit attempts per app/month
•  14,250 hostile events monthly - what's noise and what's real?
•  Top attack types by industry and language
•  Exploits launch in 5 days, patching takes 84
•  Which critical threats get by WAFs, EDRs, and SAST

"AI has changed how apps are attacked.
This report shows what defenders actually need to know."
 — Jeff Williams, Founder, Contrast Security