The frequency of cyber-attacks on customer-facing cellular apps has elevated quickly over the previous few years, as AI reduces ability, time and price limitations for menace actors, in response to Digital.ai.
The DevOps specialist collected telemetry from billions of software situations throughout shoppers in monetary providers, healthcare, automotive, telecommunications and different sectors to compile its 2026 Software Safety Menace Report, revealed on Could 19.
It claimed that 87% of monitored apps confronted assaults in 2026 – up from 55% in 2022. The rise over that point has mirrored the expansion in AI mannequin use since ChatGPT launched in November 2022, the agency mentioned.
Monetary providers (91%), automotive (91%) and medical gadget apps (86%) had been probably the most continuously focused – placing private funds, autos and well being knowledge doubtlessly in danger.
Learn extra on cellular gadget threats: 92% of Cellular Apps Discovered to Use Insecure Cryptographic Strategies.
Digital.ai claimed that agentic AI is now enabling comparatively low-skilled menace actors to realize in just some hours what could have taken specialist groups weeks up to now, by accelerating code inspection, exploit technology, and malware adaptation.
Android and iOS Neck and Neck
Curiously, the hole between iOS and Android has closed considerably. In 2023, iOS apps confronted round half the amount of assaults as their Android counterparts. In 2026, 86% had been attacked, versus 89% of Android apps, with iOS instrumentation assaults surging 10 share factors yearly.
Digital.ai argued that AI-assisted reverse engineering is making it a extra fashionable goal for menace actors. A niche that when justified considerably decrease safety funding in Apple’s platform has now vanished for builders, it claimed.
Apps are being attacked simply hours after showing of their respective on-line shops, it added.
That is unhealthy information for safety groups because the software program usually lives on worker units exterior their management, Digital.ai mentioned.
The agency’s CEO, Derek Holt, argued that the identical AI builders used to create apps is getting used to assault them.
“That forces a query each appsec workforce must reply: is the appliance constructed to defend itself from the second it hits the shop? Or is it ready for the safety workforce to note it’s getting used because the entry level?” he added.
“The hole between the place the assaults are and the place the safety funding is, is not acceptable.”