AI-Driven App Attacks Surge to 87% by 2026, Blurring Lines Between Target Categories
The landscape of cybersecurity is undergoing a profound transformation, driven primarily by the rapid adoption of agentic AI by malicious actors. This shift has effectively erased the distinction between emerging and primary targets in application security, necessitating a reevaluation of security budgets and strategies. As all applications are now considered primary targets, organizations must adapt to this new reality.
Rising Threats in Application Security
According to Digital.ai’s 2026 App Security Threat Report, the percentage of attacks against client-facing applications has surged from 55% in 2022 to an alarming 87% by 2026. This dramatic increase is attributed to the capabilities of AI, which has significantly lowered the barriers of cost and expertise for attackers. The report highlights that adversaries are leveraging AI for tasks such as reverse engineering, exploit generation, and dynamic analysis, making it easier to compromise applications.
The report also notes a significant closing of the security gap between iOS and Android platforms. In 2023, iOS applications experienced half the attack rate of their Android counterparts. By 2026, this gap has narrowed, with iOS apps facing 97% of the attack rate seen by Android apps. This shift indicates that AI’s capabilities are now effectively operational across both platforms, making previously secure systems increasingly vulnerable.
The Speed of Attack and Development
The acceleration of app development facilitated by AI has a dual effect: while it enhances the speed at which new applications are released, it also empowers attackers to act more swiftly. The report states that the publication of an app on platforms like the App Store or Google Play is no longer merely a milestone; it is now viewed as a potential security exposure event. One case cited involved a platform integrity attack occurring just one hour and fifty-six minutes after an application became available in the store, illustrating how quickly adversaries can exploit new vulnerabilities.
The report further breaks down attack instances by sector, revealing that the rates of attacks have converged across four verticals from 2025 to 2026. Notably, automotive and medical device applications have seen the steepest increases in attack rates. Historically, automotive apps were safeguarded by their technical complexity, which included vehicle telematics protocols and OEM-specific authentication flows. However, the advent of AI-assisted tools has made it easier for attackers to navigate this complexity.
The Medical Device Sector Under Siege
The medical device sector has experienced a notable rise in attack rates, with an eight-percentage point increase reported. This trend suggests that attackers are finding greater value in targeting connected medical-device applications, which previously required specialized expertise to compromise. The report indicates that the verticals where attackers had to exert the most effort to extract value are now the same ones where AI-assisted tools yield substantial returns.
The implications of these findings are significant. The distinction between primary and emerging targets has effectively vanished. Organizations can no longer prioritize their security budgets based on outdated categorizations; all applications must be treated as primary targets in the current threat landscape.
Geographic Insulation No Longer Effective
The report also challenges the notion of geographic insulation as a viable defense strategy. Organizations that have relied on geographic distance from threats must reassess this reliance. The same AI technologies used by developers to build applications are now being employed by attackers to exploit them. Derek Holt, CEO of Digital.ai, emphasizes the urgency of this issue, stating that every AppSec team must consider whether their applications are designed to defend themselves from the moment they are published. In an environment where 87% of monitored apps are under attack, a passive approach is no longer tenable.
The Need for Defensive AI
The analysis from Digital.ai underscores the necessity for defenders to adopt their own agentic AI systems to counter the increasingly sophisticated tactics employed by attackers. Historically, bad actors have been quicker to adopt new technologies than the industry itself. This trend continues, resulting in a rapid increase in attack instances. The onus is now on defenders to develop secure agentic systems that can effectively narrow the gap between attack and defense.
The findings from Digital.ai’s report serve as a critical call to action for organizations to rethink their security strategies. As the landscape evolves, so too must the methods employed to protect sensitive applications and data.
For further insights into the evolving landscape of cybersecurity, including the impact of AI on cybercrime, visit SecurityWeek.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
