Annual report analyzes hundreds of thousands of vulnerability data points from the Bugcrowd Platform, revealing explosion of bugs in the wake of AI-accelerated attack surface growth
Bugcrowd,a leader in crowdsourced cybersecurity, today released “Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World.”The report analyzes hundreds of thousands of vulnerability data points from thousands of public and private vulnerability disclosure and bug bountyengagements from the previous year. Drawing on real-world vulnerability submissions, expert insights, and battle-tested strategies from the cybersecurity community, this report serves as a vital guide for security leaders navigating exponential attack surface growth due to AI. It empowers Chief Information Security Officers (CISOs) with critical intelligence, enabling them to make data-driven decisions about risk profiles, resource allocation, and strategic security investments. Furthermore, the report emphasizes the crucial role of collective intelligence and continuous offensivesecurity testing as the foundation oforganizational resilience against increasingly complexthreats.
https://mma.prnewswire.com/media/1669466/Bugcrowd_New_Logo.jpg
“We are in a high-stakes innovation race, but with every AI advance, the security landscape becomes exponentially more complex. Attackers are exploiting this complexity, but still targeting foundational layers like hardware and APIs. No single CISO can win this race alone. To thrive, we must move beyond isolated efforts and cultivate a collective resilience of collaboration-pooling our knowledge of the hacker community to outpace emerging threats together,” said Nick McKenzie, CISO, Bugcrowd. “This community-driven approach is the only way to stay ahead. We are excited to contribute to this shared goal with our latest edition of Inside the Mind of a CISO.”
The 2025 report reveals that organizations face growing challenges as applications go through multiple development cycles under pressure to release features quickly, often aided by AI-assisted coding. New attack vectors and often forgotten targets like APIs and hardware are vulnerable and should be a key focus for CISOs today. Separately,critical vulnerability payouts have risen, showing that even in times of budget decreases, security teams are increasingly investing in findings from ethical hackers in their offensive testing programs.
Beyond this, the report touches on other key insights including the persistence of access control failures, the increase in sensitive data exposure vulnerabilities, and how mature security programs are making measurable progress in hardening their systems against severe vulnerabilities.
KEY STATISTICS AND FINDINGS FROM THE REPORT:
— 88% increase in hardware vulnerabilities amid IoT proliferation
— 81% of security researchers encountered new hardware vulnerabilities in the past 12 months
— 32% increase in averagepayouts for critical vulnerabilities
— 36% increase in broken access control critical vulnerabilities-now the top category
— 42% increase in sensitive data exposure critical vulnerabilities
— 10% increase in API vulnerabilities as attack surfaces expand
— Network vulnerabilities doubled
The report goes beyond data, featuring insights on modern challenges from cybersecurity leaders. NFL CISO Tomás Maldonado and Monash University CISO Dan Maslin address securing complex ecosystems, handling AI governance, and translating risk effectively to the board. Other articles feature an expert hacker's thoughts on AI's role in hacking and security, a guide to red teaming as a strategic tool, and advice for CISOs to objectively measure security program effectiveness.Collectively, these insightsemphasize the importance of offensive securitytesting and balancing human expertise with AI for true security resilience.
“CISOs often struggle to get board buy-in, trapped in a cycle of pushing security initiatives without a clear measure of success. This report aims to break that cycle by providing evidence-based frameworks to demonstrate tangible security outcomes,” said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. “By using adversarial testing and objective measurement, security leaders can shift from reactive firefighting to building true resilience. Ultimately, this enables CISOs to confidently articulate their security story and secure resources necessaryto protect their organizations.”
You can find the full report at the following link: Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World.
About Bugcrowd
We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.
Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.
“Bugcrowd”, “CrowdMatch” and “Security Knowledge Platform” are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contact
ICR for Bugcrowdpress@bugcrowd.combugcrowd@icrinc.com
https://edge.prnewswire.com/c/img/favicon.png?sn=NY80614&sd=2025-09-23
View original content to download multimedia:https://www.prnewswire.com/news-releases/bugcrowd-reports-an-88-increase-in-hardware-vulnerabilities-and-a-2x-spike-in-network-vulnerabilities-2025-ciso-report-reveals-302563686.html
SOURCE Bugcrowd
https://rt.newswire.ca/rt.gif?NewsItemId=NY80614&Transmission_Id=202509230900PR_NEWS_USPR_____NY80614&DateId=20250923