2025年,在IoT、AI和API风险的驱动下,2025年,重大安全缺陷急剧上升,而CISO加强了进攻性安全工作。 Critical security flaws surged in 2025, driven by IoT, AI, and API risks, with CISOs increasing offensive security efforts.

Bugcrowd的2025年CISO报告显示,关键安全弱点激增,由IoT扩展驱动的硬件缺陷上升了88%,出入控制故障上升了36%,这是目前最重要的问题。 Bugcrowd’s 2025 CISO report reveals a surge in critical security vulnerabilities, with an 88% rise in hardware flaws driven by IoT expansion and a 36% increase in access control failures, now the top issue. 敏感数据曝光率上升42%,各组织正在推动进攻性安全投资,包括关键调查结果的平均支付额增加32%。 Sensitive data exposures rose 42%, and organizations are boosting offensive security investments, including a 32% average payout increase for critical findings. 报告强调了由AI驱动的发展、代理系统以及AIP的弱点所带来的日益增长的风险,敦促CISO采取积极主动的测试、人类-AI合作以及社区驱动的战略,以对付在日益扩大的攻击表面中不断变化的威胁。 The report highlights growing risks from AI-driven development, agentic systems, and API weaknesses, urging CISOs to adopt proactive testing, human-AI collaboration, and community-driven strategies to combat evolving threats amid expanding attack surfaces.