Application-Layer Attacks Occur Every 3 Minutes

Highlighting a surge in application-layer exploits as adversaries shift focus to runtime vulnerabilities in custom code, APIs, and application logic. These attacks bypass traditional defenses like Web Application Firewalls (WAFs) and Endpoint Detection and Response (EDR), occurring on average every 3 minutes per application. The research, based on anonymized telemetry from thousands of applications protected by Contrast's runtime security platform, underscores how AI is accelerating targeted attacks, with hackers exploiting new flaws in just 5 days—far faster than the 84-day average patch time. This makes application-layer threats one of the most prevalent vectors, contributing to broader trends in breaches as noted in complementary reports like Verizon's DBIR 2025 and Google Mandiant's M-Trends 2025.Key facts from the report and related analyses:

• Frequency and Scale: Applications face an average of 81 confirmed attacks per month that evade other defenses, equating to one every 3 minutes. Globally, cyber attacks occur every 39 seconds (2,244 per day), with application-layer exploits rising due to AI-driven automation.
• Common Vectors: Untrusted deserialization, method tampering, OGNL injection, and flaws in APIs/custom code. These target runtime environments, often in cloud setups like SSO portals, and exploit the gap where traditional tools lack visibility.
• Vulnerability Trends: Apps accumulate 17 new vulnerabilities monthly but fix only 6, leaving an average of 30 serious flaws. Hackers exploit in 5 days, while patching takes 84 days for critical issues.
• Impacted Sectors: Primarily cloud-reliant industries (e.g., finance, healthcare, government), where application-layer services are exposed. Broader stats show 35% of breaches involve application vulnerabilities.
• Expert Insights: Jeff Williams, CTO of Contrast Security, noted: “We’re seeing a fundamental shift in how applications are being attacked. AI is making it easier than ever for adversaries to launch targeted, viable attacks at scale, while tools like WAFs, SAST, and EDR remain blind to what’s happening inside the application while it’s running.”
• Response and Recommendations: Shift to runtime protection for in-app detection/blocking, shared telemetry across teams to prioritize exploitable threats, and faster remediation to reduce alert fatigue.