AppSec Research & Data Studies
Original studies built on primary data I collected and analyzed ourselves. No vendor surveys, no sponsored content.
The Rise of AI Pentesting Agents: A Technical Analysis (2026)
I dug into 39+ open-source AI pentesting agents, read 8 academic benchmarks, and tracked every commercial company from PentestGPT to Anthropic Mythos. A technical look at how autonomous pentesting actually works.
Supply Chain Attack Statistics 2026
65+ supply chain attack stats from Sonatype, Black Duck OSSRA, Verizon DBIR, JFrog, and original research: malicious packages, SBOM adoption, breach costs.
Software Vulnerability Statistics 2026
60+ vulnerability stats from NVD, Verizon DBIR, IBM, Veracode, Edgescan, and original research: CVE trends, exploitation speed, remediation, breach costs.
API Security Statistics 2026
55+ API security stats from Salt Security, Wallarm, Verizon DBIR, OWASP, and original research: API attacks, BOLA, shadow APIs, breach costs, market data.
AI Security Statistics 2026
70+ AI security stats from IBM, Gartner, HiddenLayer, OWASP, Snyk, and original research: AI code vulnerabilities, prompt injection, deepfakes, agentic risks.
MCP Server Security Audit 2026
I analyzed 33 MCP servers using mcp-scan and Cisco mcp-scanner. YARA flagged 27 patterns across 10 servers โ but ~78% were false positives. Full breakdown of what pattern-based scanning catches and misses.
DevSecOps Statistics 2026
60+ DevSecOps stats from industry reports and original research: adoption rates, market growth, supply chain risks, vulnerability data, breach costs.
Application Security Statistics 2026
50+ application security statistics from original research. AI code vulnerabilities, security header adoption, open-source tool health, and more.
AI-Generated Code Security Study 2026
I asked 6 LLMs to write Python and JavaScript code for common development tasks, then scanned the output with 5 SAST tools (4 open-source plus CodeQL). See which models produce the most secure code.
State of Open Source AppSec Tools 2026
GitHub-data analysis of 64 open-source AppSec tools across 8 categories โ community traction, maintenance health, and adoption rankings.
Security Headers Adoption Study 2026
I scanned 10,000+ websites to measure adoption rates of CSP, HSTS, and other security headers. See which headers are widely deployed and which remain rare.
CandyShop: Open-Source Security Tool Benchmark 2026
Real scan results from 12 open-source security tools tested against 6 intentionally vulnerable applications. Compare SAST, DAST, SCA, container, and IaC scanners with actual detection data and F-measure accuracy scores.