"Any distinction between emerging targets and primary targets in app security has dissolved, courtesy of bad actors' rapid adoption of agentic AI. All apps should be considered primary targets, and security budgets should be allocated to reflect the new reality."
"The number of attacks against client-facing apps monitored by the firm has increased from 55% in 2022 to 87% in 2026. This increase is driven by the role of AI in permanently collapsing the cost and expertise required by bad actors to do so. Attackers focus on AI's ability in reverse engineering, exploit generation, and dynamic analysis."
"In 2023, iOS apps faced half the attack rate of Android apps. In 2026, they face 97% of it, states the report, and the gap that remains is closing fastest in the most sophisticated attack category. AI's ability to operate in both iOS and Android environments is the cause."
"It is now, in operational terms, a security exposure event, suggests the report. One Digital.ai customer recorded a platform integrity attack on their application within one hour and fifty-six minutes of the application becoming available in the store. The window between app publication and first hostile contact is now measured in hours, not days."
Agentic AI is reshaping cybersecurity attack and defense by accelerating both offensive capability and operational tempo. The distinction between emerging targets and primary targets in application security has dissolved, so all applications should be treated as primary targets with security budgets adjusted accordingly. Attacks against client-facing applications monitored by Digital.ai increased from 55% in 2022 to 87% in 2026, driven by AI-enabled reverse engineering, exploit generation, and dynamic analysis. The iOS versus Android attack-rate gap narrowed sharply from 2023 to 2026, with iOS reaching 97% of Android’s attack rate, and the remaining gap closing fastest in sophisticated attack categories. App store publication is now a security exposure event, with hostile contact occurring within hours rather than days, including a recorded platform integrity attack within one hour and fifty-six minutes of store availability.
#agentic-ai #application-security #mobile-security-iosandroid #threat-intelligence #app-store-attack-surface
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]