Bugcrowd reports an 88% increase in hardware vulnerabilities and a 2x spike in network vulnerabilities, 2025 CISO Report reveals
Wednesday, October 1, 2025
Annual report analyzes hundreds of thousands of vulnerability data points from the Bugcrowd Platform, revealing explosion of bugs in the wake of AI-accelerated attack surface growth
SAN FRANCISCO, Sept. 23, 2025 /PRNewswire/ -- Bugcrowd, a leader in crowdsourced cybersecurity, today released "Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World." The report analyzes hundreds of thousands of vulnerability data points from thousands of public and private vulnerability disclosure and bug bounty engagements from the previous year. Drawing on real-world vulnerability submissions, expert insights, and battle-tested strategies from the cybersecurity community, this report serves as a vital guide for security leaders navigating exponential attack surface growth due to AI. It empowers Chief Information Security Officers (CISOs) with critical intelligence, enabling them to make data-driven decisions about risk profiles, resource allocation, and strategic security investments. Furthermore, the report emphasizes the crucial role of collective intelligence and continuous offensive security testing as the foundation of organizational resilience against increasingly complex threats.
"We are in a high-stakes innovation race, but with every AI advance, the security landscape becomes exponentially more complex. Attackers are exploiting this complexity, but still targeting foundational layers like hardware and APIs. No single CISO can win this race alone. To thrive, we must move beyond isolated efforts and cultivate a collective resilience of collaboration--pooling our knowledge of the hacker community to outpace emerging threats together," said Nick McKenzie, CISO, Bugcrowd. "This community-driven approach is the only way to stay ahead. We are excited to contribute to this shared goal with our latest edition of Inside the Mind of a CISO."
The 2025 report reveals that organizations face growing challenges as applications go through multiple development cycles under pressure to release features quickly, often aided by AI-assisted coding. New attack vectors and often forgotten targets like APIs and hardware are vulnerable and should be a key focus for CISOs today. Separately, critical vulnerability payouts have risen, showing that even in times of budget decreases, security teams are increasingly investing in findings from ethical hackers in their offensive testing programs.
Beyond this, the report touches on other key insights including the persistence of access control failures, the increase in sensitive data exposure vulnerabilities, and how mature security programs are making measurable progress in hardening their systems against severe vulnerabilities.
KEY STATISTICS AND FINDINGS FROM THE REPORT:
-- 88% increase in hardware vulnerabilities amid IoT proliferation
-- 81% of security researchers encountered new hardware vulnerabilities in
the past 12 months
-- 32% increase in average payouts for critical vulnerabilities
-- 36% increase in broken access control critical vulnerabilities--now the
top category
-- 42% increase in sensitive data exposure critical vulnerabilities
-- 10% increase in API vulnerabilities as attack surfaces expand
-- Network vulnerabilities doubled
The report goes beyond data, featuring insights on modern challenges from cybersecurity leaders. NFL CISO Tomás Maldonado and Monash University CISO Dan Maslin address securing complex ecosystems, handling AI governance, and translating risk effectively to the board. Other articles feature an expert hacker's thoughts on AI's role in hacking and security, a guide to red teaming as a strategic tool, and advice for CISOs to objectively measure security program effectiveness. Collectively, these insights emphasize the importance of offensive security testing and balancing human expertise with AI for true security resilience.
"CISOs often struggle to get board buy-in, trapped in a cycle of pushing security initiatives without a clear measure of success. This report aims to break that cycle by providing evidence-based frameworks to demonstrate tangible security outcomes," said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. "By using adversarial testing and objective measurement, security leaders can shift from reactive firefighting to building true resilience. Ultimately, this enables CISOs to confidently articulate their security story and secure resources necessary to protect their organizations."
You can find the full report at the following link: Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World.
About Bugcrowd
We are Bugcrowd. Since 2012, we've been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform(TM). Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch(TM) technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors.
Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Read our blog.
"Bugcrowd", "CrowdMatch" and "Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contact
ICR for Bugcrowd
press@bugcrowd.com
bugcrowd@icrinc.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/bugcrowd-reports-an-88-increase-in-hardware-vulnerabilities-and-a-2x-spike-in-network-vulnerabilities-2025-ciso-report-reveals-302563686.html
SOURCE Bugcrowd
|
|
|
|
|
 |
Energy Toolbase Launches Energy Storage Partnership with Sungrow to Support PowerStack 255CS and PowerTitan 2.0 | Jan 22, 2026
|
|
RS now offers Phoenix Contact's pioneering new NearFi technology | Jan 22, 2026
|
|
SCAILIUM Debuts "AI Production Layer" to Overcome GPU Starvation and Slash AI Energy Waste | Jan 22, 2026
|
|
Einride and IonQ Partnership Uses Quantum Computing to Optimize the Logistics of Electric and Autonomous Freight | Jan 22, 2026
|
|
MetaOptics to Showcase Five Breakthrough Metalens-Powered Products at CES 2026 | Jan 22, 2026
|
|
Quantum Art Raises $100 Million in Series A Round to Drive Scalable, Multi-Core Quantum Computing | Jan 22, 2026
|
|
No Assembly Required: Barrett Distribution Centers Powers Maxwood Furniture's West Coast DTC Expansion | Jan 22, 2026
|
|
Hesai Recognized as the Only Lidar Company on Morgan Stanley's "Humanoid Tech 25" of Global Robotics Leaders | Jan 22, 2026
|
|
Fresco Raises EUR15m Series C to Power the Future of AI-Driven Cooking and the Connected Kitchen Ecosystem | Jan 22, 2026
|
|
Cellid and Jig.jp Jointly Develop AR Glasses | Jan 22, 2026
|
|
|
