# CyberSecStats #45 - Devs oversharing with AI agents, phishing attack speed gains and fraud trends > CyberSecStats #45: AI fraud up 1210%, malicious email every 19 seconds, 1 in 5 devs give AI agents unrestricted access, callback phishing up 500%. Source: https://fmcybersecurity.com/en/insights/strategy/cybersecstats-45/ Locale: English Other locale: https://fmcybersecurity.com/insights/strategy/cybersecstats-45/ ## Metadata - Date: 2026-05-18 - Author: fredrik-standahl - Topic: strategy - Format: news - Scope: international ## This Week's Cybersecurity Eye-Openers Three takeaways from this week's data. **1. 1210% more AI-related fraud last year vs 2024** AI-related fraud (fraud enabled by AI or directly involving AI) surged 1210% in 2025. A major US healthcare provider is facing over $40 million in account exposure from fraudulent AI bot calls alone. **2. Phishing attacks happen twice as fast** A malicious email attack now occurs every 19 seconds in 2025, more than double 2024's pace of one every 42 seconds. **3. Developers grant AI agents dangerous permissions** One in five developers grants AI code agents unrestricted access to perform high-risk actions without human oversight, including unrestricted file deletion and arbitrary code execution. ## Threat Landscape ### 2026 Annual Security Report (DNSFilter) 2025 threat trends, generative AI's role in cyberattacks, and emerging threat vectors heading into 2026. **The threat surge:** - Threats on the DNSFilter network grew by 30% between October 2024 and September 2025. - Malicious or impersonation GenAI sites decreased by 92% from April 2024 to April 2025. - The average internet user encounters 66 threats per day, up from 29. [Read the full report here.](https://explore.dnsfilter.com/2026-annual-security-report-dnsfilter?ref=cybersecstats.com) ## Software Security ### BSIMM16 (Black Duck) How organizations are transforming software security practices in response to AI-generated code, government regulations, and supply chain risks. **The AppSec evolution:** - Nearly 30% more organizations now produce SBOMs to meet transparency requirements. - Automated verification of infrastructure security surged by more than 50%. - Use of risk-ranking methods to determine where LLM-generated code is safe to deploy increased by 12%. [Read the full report here.](https://www.blackduck.com/resources/analyst-reports/bsimm.html?ref=cybersecstats.com) ## AI Security ### International AI Safety Report The first comprehensive, internationally collaborative scientific review of the capabilities and risks of general-purpose AI systems, written by over 100 experts and backed by more than 30 countries. **The global AI picture:** - At least 700 million people use leading AI systems weekly. - Across much of Africa, Asia, and Latin America, estimated AI adoption rates remain below 10%. - In 2025, an AI agent placed in the top 5% of teams in a major cybersecurity competition. [Read the full report here.](https://internationalaisafetyreport.org/?ref=cybersecstats.com) ### 2026 AI Adoption and Risk Report (Cyberhaven Labs) How enterprise AI adoption is happening at different paces, with data security and governance risks growing as employees use AI tools with sensitive company data. **The adoption divide:** - The top 1% of early adopter organizations use more than 300 GenAI tools. - 82% of the top 100 most-used GenAI SaaS applications are classified as medium, high, or critical risk. - 39.7% of all data movements into AI tools involve sensitive data, including prompts or copy-paste actions. [Read the full report here.](https://www.cyberhaven.com/resources/report/ai-adoption-risk-report-2026?ref=cybersecstats.com) ### YOLO Mode: Hidden Risks in Claude Code Permissions (UpGuard) What happens when developers give AI agents permissions they should not have. **The developer risk:** - One in five developers grants AI code agents unrestricted access to perform high-risk actions without human oversight. - 14.4% of AI agent configuration files grant arbitrary code execution permissions for Node.js. - Almost 20% let AI automatically save changes to the project's main code repository without human review. [Read the full report here.](https://www.upguard.com/blog/yolo-mode-hidden-risks-in-claude-code-permissions) ## AI Fraud ### The Year Trust Broke: Inside the 2025 AI Fraud Spike (Pindrop) How AI-powered threats like deepfakes and synthetic voices are driving billions in contact center fraud. **The trust breakdown:** - AI fraud surged 1210% in 2025. - Non-AI fraud increased by 195% by the end of 2025. - Even when explicitly warned that synthetic bots are common, 33% of study participants still shared sensitive information. [Read the full report here.](https://www.pindrop.com/ai-fraud-spike/?ref=cybersecstats.com) ## Social Engineering ### The New Era of Phishing: Threats Built in the Age of AI (Cofense) How AI is transforming phishing attacks. **The phishing acceleration:** - A malicious email attack occurs every 19 seconds in 2025, more than double 2024's pace of one every 42 seconds. - 76% of initial infection URLs were unique and had not appeared in other campaigns. - 82% of malicious files have unique hashes that traditional pattern-matching fails to detect. [Read the full report here.](https://cofense.com/annualreport?ref=cybersecstats.com) ### Q4 2025 Email Threat Trends Report (VIPRE Security Group) Analysis of Q4 2025 email threat trends. **The Q4 email threats:** - Callback phishing increased from 3% to 18% of all phishing incidents in Q4 2025, a 500% spike. - Business Email Compromise accounted for 51% of all email fraud cases. - CEOs and senior executives accounted for 50% of impersonation-based BEC emails. ## Industry Deep Dives ### The Top 3 Healthcare Attacks in 2025 (Paubox) The dominant email attack patterns behind healthcare breaches in 2025, and how organizations can better defend against them. **The healthcare email threat:** - Stolen login credentials led to the most damaging email-related healthcare breaches, exposing more than 630,000 patient records. - Nearly one-third of all healthcare email incidents were attributed to vendor and business associate email exposure. - Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers. [Read the full report here.](https://www.paubox.com/the-top-three-healthcare-email-attacks-in-2025-and-how-to-defend-against-them?utm_campaign=36021776-RPT.20260122.TopAttacks&utm_source=businesswire) --- For the full documentation index, see https://fmcybersecurity.com/llms.txt For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt