Once apps go live, they’re exposed. And in 2025’s threat landscape, that exposure is a liability unless matched with equally dynamic defense. The figures signal a troubling shift—from sporadic exploitation to chronic siege.
Apps are now permanent targets, not occasional ones. According to Digital.ai’s third annual State of App Sec Threat Report, 83% of applications in the wild are under relentless attack—a dramatic 20% jump from last year (Business Wire, 2025).
Some industries are faring worse than others. The telecommunications sector leads the chart, with a staggering 91% of its applications being attacked. That makes sense—telcos power national infrastructure, carry user data, and are increasingly tied to mobile payments and critical messaging services. Financial services aren’t far behind at 87.5%. In an era of embedded finance and decentralized platforms, FinServ apps are being probed daily for exploitable logic, exposed APIs, or weak credential storage. One successful breach can trigger cascading failures across banks, credit unions, and fintech providers. The automotive sector's 86% attack rate is a new frontier. The line between app and physical safety is vanishing with connected vehicles and over-the-air software updates. A compromised car app today could mean a hijacked vehicle tomorrow. Meanwhile, healthcare—already vulnerable due to legacy systems and urgent data needs—remains a ripe target at 78.5%.
Android has long worn the target on its back, but the report reveals a narrowing attack gap—Android apps saw a 90.4% attack rate, while iOS apps jumped to 88.1%. This closing gap reveals a disturbing trend: iOS is no longer the relatively safe harbor it once was. The rise of jailbreaking, sideloading, and increasingly sophisticated iOS-specific exploits has eroded Apple’s walled-garden advantage. Attackers are now bringing their A-game to both ecosystems. They're reverse-engineering business logic, spoofing in-app purchases, or injecting rogue code through repackaging—even targeting enterprise iOS apps with spyware-grade payloads.
But one of the most compelling insights from the report is the growing role of AI—not just as a security tool, but as a weapon. The same machine learning models that help automate quality assurance or detect bugs are now being used by attackers to probe for vulnerabilities at machine speed. Freely available AI-powered tools allow even novice actors to reverse-engineer apps, simulate user behavior, and automate fuzz testing. In effect, AI lowers the technical barrier to launching sophisticated attacks—and makes mass exploitation scalable. Automation has become the force multiplier. Organizations are no longer up against a lone hacker—they’re up against autonomous threat engines trained on thousands of prior breaches.
Applications have become digital proxies for enterprise identity, user trust, and even national infrastructure. The rising attack rates reflect not just growing vulnerabilities but growing value. Wherever money, access, or influence flows—threat actors follow.