We’ve been heads-down on several major reports over the past couple of months (hence the near radio silence), and the first of those has recently been published. Please check out Radware’s 2025 Cyber Survey: Application security at a breaking point (published June 12). This is the third year running we’ve had the privilege of working on Radware’s application security research, and this year’s research extends, expands, and tightens the nature of this annual research program.
From an extend perspective, the 2025 survey had a much higher focus on the role of AI in cybersecurity – from both the offensive and defensive sides. AI in cybersecurity has become a significant research area for Osterman Research, and each research program gives us the opportunity to refine our questions and contextualize those within a specific strand of the cybersecurity matrix. As you’ll see from the findings for this research program, the threat of AI being used to intensify hacking tradecraft is of highest concern to the organizations we surveyed. There’s a common set of refrains among respondents about the effect of AI on threat evolution, detection difficulty, and growing threat diversity. Unsurprisingly, there’s also a common refrain on strengthening application security defenses via AI-based cybersecurity solutions.
From an expand perspective, the research encompassed new threat areas we haven’t looked at over the past couple of research rounds. The major addition was API business logic attacks – a new class of threat – which is already being experienced with high frequency. On page 9 of the report, we say: Business logic attacks present an ideal opportunity for threat actors to use emerging offensive AI capabilities. For example, AI agents can automate the malicious exploration of API sequencing, looking for unexpected logic vulnerabilities and loopholes to exploit. Organizations should expect hackers to develop and share newly crafted playbooks to amplify threat opportunities. Our annual diagram on the cadence of different attack types portrays good news – in that average cadence is lower than our previous data set – along with a dire warning, in that the amplification of threat actor capabilities via AI is likely to increase attack cadence over the next 12 months.
And finally, from a tighten perspective, this year’s research doubled the number of organizations surveyed to allow a deep dive focus on two specific industries (financial services and healthcare) compared to all other industries. There are cohort-to-cohort comparisons throughout the report, with the interesting findings where financial services and healthcare are different to the overall data set or the other two cohorts noted. These are oriented around different attack patterns (page 6), API usage (page 7), documentation status (page 8), among others.
Please get your copy of the full report from the Radware web site.
Join the webinar on June 26
We will be presenting the key findings from our research with Radware later this week. The webinar is on Thursday June 26 – please register to attend. We’d love to have you there.