Digital.ai Releases 2025 Application Security Threat Report: Rise of Free AI Tools Contributes to Surge in Sophisticated Attacks on Client-Side Applications, Highlighting Critical Need for Greater App Security

Digital.ai, the only AI-powered software delivery platform for the enterprise, today announced the results of its third annual State of App Sec Threat Report, illuminating and quantifying the risks to applications “in the wild” – those that have been released and are no longer under the author’s control. The results reveal that (83%) of applications are under constant attack, a nearly 20% increase from last year, with attack rates surging across all industries, most significantly in telecom (91%), FinServ (87.5%), automotive (86%), and healthcare (78.5%). While Android apps have historically been targeted more often (90.4%), the gap has narrowed as iOS attacks increased (88.1%), with the rise in jailbreaking and advanced exploitation techniques.

The report is based on point-in-time data collected between January 1 – 31, 2025, from Digital.ai’s global application security customers. The data was aggregated and anonymized from customer apps that use Digital.ai’s Application Security solutions and are deployed to their end users through various online app stores.

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale.

Derek Holt, CEO, Digital.ai, said, “We live in an app-first world that is shaping our lives, dominating brands, and transforming daily interactions between businesses and consumers. For enterprises, apps represent a gainful bridge to their consumers and employees, but for threat actors, these apps represent lucrative targets. Today, we see more attackers expanding their focus to target not just flagship apps but secondary apps, plugins, add-ons, and more. As AI exponentially increases the capabilities of threat actors, businesses must dramatically increase their ability to protect and monitor all applications against reverse engineering, tampering, and man-in-the-middle attacks. Delivering applications without these security protections is like leaving your front door unlocked and wide open.”

The report results highlight that no sector is immune—even previously less-targeted industries, such as healthcare and automotive, are now under significant threat. Three coinciding trends are contributing to the growing frequency of attacks:

• Tool democratization is expanding. Reverse-engineering tools (Frida, Ghidra, etc.) continue to proliferate and attract large communities of users likely to share ideas, tips, and tricks.
• The proliferation of AI tools used by threat actors. GenAI assists in both malware development (more malware, created faster) and in source code analysis.
• Apps are growing at an unprecedented rate. The growing attack surface not only increases the total number of attacks due to incomplete security coverage but also provides fertile ground for threat actors to thrive. White-hat and black-hat hackers typically learn by doing, and the rapidly escalating number of apps offer ample opportunities to hone their skills.

Organizations that have implemented app protection measures are staying ahead of increasingly sophisticated attacks, while those without these defenses remain vulnerable targets.

To learn more about Digital.ai’s application security, visit our website.

Survey Methodology
The report is based on data collected between January 1–31, 2025, from select customers of Digital.ai’s Application Security offerings around the world. Digital.ai monitors and protects the surveyed customer applications from attacks occurring in the wild across the globe and in every major industry, including banking, media, telecom, manufacturing, gaming, and cyber security. The attack types discussed in this report (integrity, environment, and instrumentation) are the most common threats identified by the Organization of Worldwide Application Security Professionals (OWASP^®) and documented in the OWASP Mobile Application Security Verification Standard (MASVS). More information on OWASP^® Foundation, Inc. and the MASVS can be found here.

For more information on Digital.ai, visit Digital.ai. To read the full report, click here.

About Digital.ai
Digital.ai is the only AI-powered software delivery platform purpose-built for the enterprise, enabling the world’s largest organizations to build, test, secure, and deliver high-quality software. By unifying AI-driven insights, automation, and security across the software development lifecycle, Digital.ai empowers enterprises to deliver innovation with confidence. Trusted by global 5,000 enterprises, Digital.ai is redefining how enterprises build better software in an AI-driven world. Additional information about Digital.ai can be found at digital.ai and on Twitter, LinkedIn and YouTube.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250319492579/en/