DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Asia

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Secure server room connected devices exposed circuit boards warning icons vulnerabilities modern tech
#
DevOps
#
IoT Security
#
IoT

Bugcrowd report reveals surge in hardware & network risks

Wed, 24th Sep 2025
Author image
By Sean Mitchell, Publisher

Bugcrowd has published its annual CISO report showing significant increases in both hardware and network vulnerabilities over the past year, as attack surfaces expand with growing use of AI and connected devices.

The report, titled "Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World," analyses hundreds of thousands of real-world vulnerabilities submitted through Bugcrowd's platform, spanning thousands of bug bounty and vulnerability disclosure engagements. Drawing on extensive data, the report aims to provide Chief Information Security Officers with intelligence to shape risk management and strategy in response to increasingly complex threats.

Hardware and network risks

The report highlights an 88% increase in hardware vulnerabilities, which the company attributes to the proliferation of Internet of Things (IoT) devices and expanding enterprise hardware environments. 81% of security researchers surveyed for the report said they had encountered new hardware vulnerabilities in the last year.

Network vulnerabilities have doubled over the previous year, according to the findings. Additionally, there has been a 10% increase in API vulnerabilities as organisations accelerate application development - frequently with the assistance of AI-powered coding - and as attack surfaces grow in complexity.

Critical impacts and responses

Critical vulnerabilities and their mitigation remain a top concern for CISOs. The report notes a 36% rise in broken access control incidents rated as critical, which now represent the leading vulnerability category. There was also a 42% increase in critical vulnerabilities exposing sensitive data.

Despite tight budgets, organisations are also increasing their investment in offensive security. The report records a 32% average increase in payouts for critical vulnerabilities, indicating that security teams are valuing findings from ethical hackers and incorporating them into their security testing programmes more deeply.

Insights from industry leaders

"We are in a high-stakes innovation race, but with every AI advance, the security landscape becomes exponentially more complex. Attackers are exploiting this complexity, but still targeting foundational layers like hardware and APIs. No single CISO can win this race alone. To thrive, we must move beyond isolated efforts and cultivate a collective resilience of collaboration - pooling our knowledge of the hacker community to outpace emerging threats together," said Nick McKenzie, CISO, Bugcrowd. "This community-driven approach is the only way to stay ahead. We are excited to contribute to this shared goal with our latest edition of Inside the Mind of a CISO."

The report also features perspectives from NFL CISO Tomás Maldonado and Monash University CISO Dan Maslin, both of whom discuss the challenges of securing complex environments, managing AI governance, and communicating risk in board-level discussions.

Articles within the report examine the evolving interaction between AI technologies and hacking, offer practical guidance on red teaming as a strategic security tool, and provide CISOs with frameworks for measuring the effectiveness of their security programmes. The consensus is that blending human expertise with AI and frequent offensive testing is crucial for strengthening resilience.

Persistent challenges

Additional findings highlighted in the report include the enduring nature of access control failures, ongoing increases in sensitive data exposure, and steady improvements by more mature security functions in addressing severe vulnerabilities.

Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, addressed the persistent challenge CISOs face in securing resources and demonstrating security programme outcomes:

"CISOs often struggle to get board buy-in, trapped in a cycle of pushing security initiatives without a clear measure of success. This report aims to break that cycle by providing evidence-based frameworks to demonstrate tangible security outcomes," said Trey Ford, Chief Strategy and Trust Officer at Bugcrowd. "By using adversarial testing and objective measurement, security leaders can shift from reactive firefighting to building true resilience. Ultimately, this enables CISOs to confidently articulate their security story and secure resources necessary to protect their organizations."

Continued evolution

Bugcrowd's research and the data from its platform indicate that the dynamic nature of attack surfaces, especially in the era of rapid AI adoption, is driving security teams to prioritise collaboration, proactive testing, and concerted efforts across the cybersecurity community to mitigate evolving threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Arista & Palo Alto Networks launch new AI-era data centre security
Broadcom expands VMware Cloud Foundation with AI edge focus
Dell boosts PowerProtect with new cyber resilience updates
Commvault adds AI-powered automation for cleaner, safer recovery
Commvault unveils Unity platform for unified multi-cloud data protection

Top stories

Equinix invests USD $22 million in Lagos data centre for Africa
Q-CTRL integrates Fire Opal with RIKEN to drive quantum research
Duality & Google Cloud launch confidential AI with GPU power
ZutaCore & EGIL Wings launch 15MW AI Vault for green data centres
Helm 4 marks 10 years with major features for Kubernetes