New research: Where your AppSec blind spots really are

The Cyberthreat Defense Report is out and the findings on application security should give every security leader pause.

The CyberEdge 2026 Cyberthreat Defense Report   What 1,200 security professionals say about application risk   Download the 2026 Report     Every year, CyberEdge surveys 1,200 IT security professionals across 17 countries and publishes the findings as the Cyberthreat Defense Report (CDR). The 2026 report is now available and the findings on application security tell a story worth paying attention to. Here's what stood out: when security professionals rated their own confidence across the major security functions, application development and testing (SDLC/DevSecOps) scored just 4.10 out of 5 — putting it among the lowest-rated security domains in the entire survey. That's not a catastrophic score, but in a year where overall security posture hit an all-time high of 4.07 on CyberEdge's Security Posture Index, it signals something important: AppSec is the function where confidence lags furthest behind investment and attention. What's changing the equation? AI: At least 75% of organizations are already using or implementing AI-powered security tools. CDR researchers point to maturing AI capabilities as the primary driver of rising security confidence industry-wide — and AppSec stands to benefit most. Consolidation: Organizations are moving from fragmented point tools to integrated platforms that correlate data across environments and automate response. AppSec belongs inside that platform.         The 2026 CDR gives you the data to understand where your organization stands — and where the field is heading.       Download the 2026 Report     Want to learn more about CyberEdge’s 2026 CDR? Watch our webinar on-demand.           36 Queen Street London, EC4R 1BN United Kingdom     emea@veracode.com      +44 (0)20 3761 5501 © 2026 Veracode Inc. All rights reserved. Unsubscribe  |  Manage preference