OX Security recently analysed 216 million security findings across 250 organisations over a 90-day period. The primary takeaway is that while raw alert volume grew by 52% year over year, prioritised critical risk grew by nearly 400%. The analysis notes a velocity gap driven by AI-assisted development, with the ratio of critical findings to raw alerts nearly tripling—from 0.035% to 0.092%.
Among the key findings, technical severity scores are less influential than factors such as High Business Priority (27.76%) and PII Processing (22.08%) in elevating risk. The AI fingerprint section reports a quadrupling of critical findings, averaging 795 per organisation, up from 202. Insurance firms showed the highest density of critical findings at 1.76%, while the Automotive sector generated the highest raw volume of alerts. This is the second year that OX Security has conducted the analysis to benchmark the state of Application Security.