OX Safety lately analyzed 216 million security findings throughout 250 organizations over a 90-day interval. The main takeaway: whereas uncooked alert quantity grew by 52% year-over-year, prioritized vital threat grew by almost 400%.
The surge in AI-assisted improvement is making a “velocity hole” the place the density of high-impact vulnerabilities is scaling quicker than remediation workflows. The ratio of vital findings to uncooked alerts almost tripled, transferring from 0.035% to 0.092%.
Key Findings from the 2026 Evaluation:
- CVSS vs. Enterprise Context: Technical severity scores are now not the first driver of threat. The most typical elevation components have been Excessive Enterprise Precedence (27.76%) and PII Processing (22.08%). In trendy environments, the place a vulnerability lives is now extra essential than what the vulnerability is.
- The AI Fingerprint: We noticed a direct correlation between the adoption of AI coding instruments and the quadrupling of vital findings (averaging 795 per org, up from 202). Elevated code velocity is yielding extra advanced, context-dependent flaws that bypass fundamental linting and legacy scanners.
- Sector Variance: Danger profiles are usually not uniform. Insurance coverage corporations confirmed the very best density of vital findings (1.76%), whereas the Automotive sector generated the very best uncooked quantity of alerts—possible as a result of large scale of codebase enlargement in software-defined automobiles.
That is the second 12 months OX has carried out this evaluation to benchmark the state of Utility Safety.
Full report, together with methodology and industry-specific benchmarks, is obtainable right here.
