The proliferation of poorly secured IoT devices is a major factor behind an increase in hardware vulnerabilities, a new survey has revealed.
The latest report from Bugcrowd, a specialist in crowdsourced cybersecurity, was based on analysis of hundreds of thousands of data points and revealed a substantial rise in risk levels. Some of the increased vulnerability is down to inadequately secured devices at the network perimeter, while ubiquitous API deployment and a rapid AI-driven expansion in attack surfaces are also to blame, according to Bugcrowd.
The report, titled “Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World”, shows a dramatic 88% increase in global hardware vulnerabilities amid a rise in IoT use cases. Some 81% of security professionals questioned have encountered new hardware vulnerabilities in the past 12 months. Gaps in network security have doubled and a 42% increase in sensitive data exposure has been noted.
“Hardware attacks are up considerably,” noted Julian Brownlow Davies, the vice president of Advanced Services at Bugcrowd. “The attack surface is increasing as the number of IoT devices continues to grow. As we get better at securing traditional web and infrastructure targets, threat actors are pivoting to attack more IoT end points, such as those in the typical supply chain. There has been an emphasis around the world on making devices ‘secure by design’. But there are still so many IoT devices shipping with low grade security.”
The report also reveals that organisations face growing challenges as applications go through multiple development cycles under pressure to release features quickly, often aided by AI-assisted coding. This opens new attack vectors that should be a key focus for CISOs today.
Bugcrowd’s report analyses hundreds of thousands of vulnerability data points from thousands of public and private vulnerability disclosure and bug bounty engagements. Its aim is to empower chief information security officers (CISOs) with critical intelligence, enabling them to make data-driven decisions about risk profiles, resource allocation and security investments. It emphasises the role of collective intelligence and continuous offensive security testing as the foundation of organisational resilience against increasingly complex threats.
“We are in a high-stakes innovation race, but with every AI advance, the security landscape becomes exponentially more complex,” said Nick McKenzie, the CISO at Bugcrowd. “Attackers are exploiting this complexity, but still targeting foundational layers like hardware and APIs. No single CISO can win this race alone. To thrive, we must move beyond isolated efforts and cultivate a collective resilience of collaboration — pooling our knowledge of the hacker community to outpace emerging threats together. This community-driven approach is the only way to stay ahead.”
The author is Guy Matthews, editor of NetReporter.
Comment on this article via X: @IoTNow_ and visit our homepage IoT Now
