SAN FRANCISCO: Horizon3.ai, a global leader in offensive security, today released its 2025 Cybersecurity Insights Report, revealing the common security gaps organizations struggle to close. By analyzing exploit trends from 50,000 NodeZero® autonomous security tests run in 2024, along with insights from a survey sample of nearly 800 security leaders and practitioners, the report presents clear evidence of how current security strategies are failing, and what organizations must change to stay ahead of evolving threats.

The data reveals:

• Vulnerability Scanning Falls Short – Despite 98% of organizations using vulnerability scanning, only 34% find it highly effective due to false positives that hinder teams from focusing on real risks.
• Credential-Based Attacks Remain a Major Risk – NodeZero successfully performed credential dumping in over 28,000 cases, demonstrating the widespread risk of weak credential practices and policies.
• Patch Management Delays Leave Systems Exposed – Over half of practitioners (53%) and more than a third of security leaders (36%) admit to delaying patches due to operational constraints, leaving critical vulnerabilities open.
• Known Vulnerabilities Remain Unpatched – NodeZero exploited 229 known vulnerabilities nearly 100,000 times in customer environments, demonstrating that many organizations struggle to remediate even widely recognized threats.

"Security isn’t about reacting—it’s about outpacing your adversary," said Snehal Antani, CEO & Co-Founder of Horizon3.ai. "Too many organizations still confuse compliance for security, falling back on outdated assumptions and annual testing cycles. This report shows what modern defenders already know: you have to think like an attacker, validate like an operator, and build a security program that stands up to real-world pressure."

Why Offense-Driven Security Is the Only Way Forward

These aren’t isolated problems—they reflect a broader pattern the report lays bare. Across nine key themes, it shows that organizations continue to rely on point-in-time testing, noisy tools, and risk models built on assumptions rather than proof.

Each section exposes a recurring failure, from vulnerability overload and delayed patching to ineffective pentests, cloud misconfigurations, and especially credential weaknesses. Fixing these issues requires more than remediation; it demands continuous visibility into identity, access, and privilege exposure.

The takeaway: only an offense-driven approach that continuously tracks readiness and validates defenses while leveraging deception, detection, and real-world attacker perspectives can expose and eliminate the gaps attackers rely on.

"This report is a reality check for security teams," said Stephen Gates, Principal Security SME at Horizon3.ai. "It doesn’t just highlight where defenses are failing, it points to a better path forward. If you're still relying on assumptions, static tools, or annual tests, this data makes it clear: it's time to evolve. Offensive security isn’t a nice-to-have—it’s the strategy that separates the resilient from the exposed."

The State of Cybersecurity in 2025: Data-Driven Insights from Over 50,000 NodeZero® Pentests is available to download now. Explore the root causes behind today’s most persistent security failures—and learn how an offense-driven approach is helping organizations finally close the gaps attackers rely on.

About Horizon3.ai

The NodeZero® Platform by Horizon3.ai drives continuous exposure management across production infrastructure. With NodeZero, customers overcome barriers of limited offensive security talent and infrequent, expensive penetration testing. They stay ahead of a rapidly-evolving threat landscape with autonomous pentesting, emerging threat intelligence, threat detection, and unified data and reporting. Founded in 2019 by former industry leaders and U.S. National Security veterans, Horizon3.ai solves diverse use cases across industries and has powered more than 120,000 penetration tests.

Follow Horizon3.ai on LinkedIn and X.

Fonte: Business Wire