Agentic AI Is Accelerating How Software program Will get Constructed and How It Will get Attacked. Most Enterprises Are Solely Prepared for One, Based on Digital.ai’s 2026 AppSec Risk Report

New information finds 87% of monitored client-facing apps confronted assaults in 2026 — up from 55% in 2022 — as AI completely collapses the price and experience required to use them

iOS and Android assault charges have converged for the primary time — closing a 21-point hole and invalidating a decade of platform-based safety assumptions

RALEIGH, N.C., Might 19, 2026–(BUSINESS WIRE)–AI has created two simultaneous acceleration curves in enterprise software program: one for constructing it and one for attacking it. For many software program groups, publishing an app to the App Retailer or Google Play nonetheless seems like a product milestone. In 2026, it’s a safety publicity occasion.

Digital.ai’s 2026 Application Security Threat Report attracts on real-time risk monitoring information from purposes serving billions of customers throughout monetary providers, healthcare, automotive, and telecommunications. The report finds that as AI instruments speed up software growth and transport, attackers are utilizing the identical capabilities to maneuver quicker, inflicting the window between app retailer publication and first hostile contact to vanish.

One other key discovering cuts to the basis trigger: agentic AI has reset the economics of software program assaults. The talent, time, and value obstacles that when restricted subtle assaults have collapsed. Actions that when required specialised safety experience, customized tooling, and days of guide effort can now be completed by AI-assisted code inspection, exploit era, and malware adaptation in a fraction of the time.

The five-year assault price trajectory makes the correlation seen. The 55% → 57% → 65% → 82.7% → 87% climb — monitoring carefully alongside every main AI mannequin launch since 2022 — suggests the business has crossed a threshold. The query now just isn’t whether or not agentic AI-powered assaults will hold climbing; it’s whether or not enterprises will put money into defending in opposition to them on the identical tempo.

The Assault Floor Enterprises Left Uncovered

One enterprise buyer monitoring their software in manufacturing noticed hostile exercise lower than two hours after their app appeared within the retailer, a timeline per what Digital.ai’s broader risk telemetry exhibits. The window between app publication and first hostile contact is now measured in hours, not days.

Cellular purposes have turn into a main assault floor within the enterprise portfolio — and probably the most uncovered to the brand new attacker capabilities that AI has unlocked. The purposes that enterprises distribute immediately into the arms of billions of shoppers exist exterior the enterprise firewall. They stay on gadgets the safety workforce doesn’t management, in public marketplaces on the open web. When an attacker compromises a cell app, the app just isn’t the vacation spot; it’s the entry level. Reverse engineering a cell software offers an attacker a blueprint to the backend APIs, authentication logic, and server infrastructure that energy it — the identical infrastructure defending buyer information, transactions, and core enterprise operations.

A companion discovering places a finer level on the place the underinvestment is displaying up.

The iOS Funds Assumption Has Expired

In 2023, iOS apps confronted roughly half the assault price of Android apps, a spot that justified considerably decrease safety funding on Apple’s platform. In 2026, iOS apps have been attacked at an 86% price, in comparison with 89% for Android. This hole, which as soon as stood at 21 share factors, has now successfully closed. iOS instrumentation assaults alone jumped 10 share factors in a single 12 months, as AI-assisted dynamic evaluation tooling matured right into a mainstream attacker functionality.

iOS has at all times been tougher to assault however is not the deciding consider goal choice. AI-assisted reverse engineering absorbs what complexity stays. Enterprise AppSec price range allocations that also replicate a 2-to-1 Android-to-iOS risk assumption are actually misaligned with the info.

The Quantity That Matter

87% of monitored cell purposes confronted assaults in 2026, up from 55% in 2022 — a 58% climb that maps carefully alongside each main AI mannequin launch since ChatGPT launched in November 2022
The explanation: agentic AI has collapsed the price and talent flooring of attacking software program. What as soon as required a specialist workforce and weeks of labor now takes a day and an LLM subscription
Monetary providers apps hit a 2026 assault price of 91% — the very best ever recorded for any vertical within the report’s historical past
Automotive apps reached 91% — statistically similar to monetary providers — as related car apps turned main management surfaces for belongings value tens of hundreds of {dollars}
Medical gadget apps recorded the most important single-year bounce of any named vertical — 8 share factors, from 78% to 86%. A compromised medical gadget app raises doable penalties far past a typical information breach. It’s a potential pathway to affected person hurt.
iOS apps have been attacked at an 86% price in 2026, in comparison with 89% for Android — closing a spot that when stood at 21 share factors and invalidating the price range assumptions that hole justified
iOS instrumentation assaults jumped 10 share factors in a single 12 months. That is the sharpest single-year transfer recorded for any assault sort on both platform and a direct sign that AppSec budgets nonetheless favoring Android over iOS are misaligned with the info

“The identical AI your builders used to construct your app this morning is getting used to assault it this afternoon. That forces a query each AppSec workforce must reply: is the appliance constructed to defend itself from the second it hits the shop? Or is it ready for the safety workforce to note it’s getting used because the entry level? In an surroundings the place 87% of monitored apps are underneath assault, ready just isn’t a method,” mentioned Derek Holt, CEO, Digital.ai. “The hole between the place the assaults are and the place the safety funding is, is not acceptable.”

To learn the complete report, go to Digital.ai.

Concerning the Report

The Digital.ai 2026 Utility Safety Risk Report relies on real-time risk telemetry collected from monitored purposes serving billions of finish customers throughout monetary providers, healthcare, automotive, telecommunications, and different regulated industries globally. The information was collected throughout billions of software situations throughout This autumn 2025.

Most revealed risk intelligence in software safety describes server-side assaults, community exercise, or post-incident forensics. This report describes one thing totally different — client-side and runtime assaults noticed in opposition to purposes working in manufacturing, within the wild, on gadgets and networks exterior enterprise management. Digital.ai operates the most important software hardening telemetry footprint within the business, with roots tracing to the unique industrial software of anti-tampering know-how developed at Purdue College in 2001. The dataset behind this report just isn’t derivable from public sources, vendor surveys, or risk intelligence feeds.

About Digital.ai

Digital.ai permits the world’s most advanced organizations to ship trusted software program at AI velocity. By making use of agentic AI throughout the important levels of software program supply — from planning by safety, testing, and supply — Digital.ai helps enterprises take away bottlenecks, cut back threat, and enhance the move of software program worth to manufacturing. Its options combine into present environments, permitting organizations to remodel to AI-first with out disruption. At present, 53% of the Fortune 100 belief Digital.ai to make that occur.

Ahead-Trying Statements

This launch comprises forward-looking statements in regards to the software safety risk surroundings, Digital.ai’s merchandise and capabilities, and the actions enterprises could absorb response. These statements replicate Digital.ai’s present expectations and are topic to dangers and uncertainties that might trigger precise outcomes to vary materially. Digital.ai undertakes no obligation to replace any forward-looking assertion. Figures cited on this launch replicate risk telemetry collected throughout This autumn 2025 and reported within the 2026 version of the Risk Report; see the Methodology part of the complete Report for particulars on dataset scope and year-over-year comparability. Third-party names and marks referenced are the property of their respective house owners.

View supply model on businesswire.com: https://www.businesswire.com/news/home/20260519967565/en/

Contacts

Media:
Colleen Martin
Zer0 to 5ive, for Digital.ai
colleen@0to5.com

Agentic AI Is Accelerating How Software program Will get Constructed and How It Will get Attacked. Most Enterprises Are Solely Prepared for One, Based on Digital.ai’s 2026 AppSec Risk Report

Steve Yegge’s AI agent orchestration challenge Fuel City involves the cloud — and brings the Wasteland with it

Nissan and Crimson Hat co-engineer the way forward for software-defined automobiles

Asus Zenbook Duo’s actual Intel chip leap meets an awesome utility disaster

Alibaba teases new Qwen previews, highest-ranking Chinese language AI fashions on Enviornment