Surge in Cyber Attacks on Customer-Facing Mobile Apps Linked to AI Advancements
In recent years, the frequency of cyber-attacks on customer-facing mobile applications has seen a dramatic increase. This trend is largely attributed to advancements in artificial intelligence (AI) that have lowered the barriers of skill, time, and cost for potential threat actors. This alarming conclusion was drawn from findings in the 2026 Application Security Threat Report released by Digital.ai on May 19.
Digital.ai, a specialist in DevOps, gathered extensive telemetry from billions of application instances spanning diverse sectors, including financial services, healthcare, automotive, telecommunications, and more. According to the report, a staggering 87% of the monitored mobile apps were subjected to attacks in 2026, a considerable rise from the 55% reported in 2022. This upward trajectory coincides with an increase in the usage of AI models, particularly following the launch of ChatGPT in November 2022, which reshaped the landscape of cybersecurity threats.
Certain sectors are proving to be particularly vulnerable. The financial services, automotive, and medical device app categories emerged as the most frequently targeted, each showing an attack rate of 91%, 91%, and 86%, respectively. This reality raises serious concerns about the potential risks to sensitive personal information, including financial data, vehicle control systems, and health-related information, which are all at significant risk of unauthorized access.
The report further emphasizes that the advent of "agentic AI" has enabled less experienced threat actors to exploit mobile apps effectively. Tasks that previously took skilled teams weeks to accomplish can now be completed in just a few hours thanks to AI’s capacity for rapid code inspection, exploit generation, and malware adaptation. The implications for mobile applications in the real world are profound and troubling.
The State of Android and iOS Security
In a noteworthy trend, the gap between attacks on iOS and Android applications has narrowed significantly. In 2023, iOS applications experienced approximately half the volume of attacks that Android applications endured, with 86% of iOS apps falling victim to attacks by 2026, compared to 89% for Android apps. A particularly alarming observation is that iOS instrumentation attacks surged by 10 percentage points annually, suggesting that attackers are increasingly targeting Apple’s platform.
Digital.ai posits that the rise of AI-assisted reverse engineering is making iOS a more attractive target for cybercriminals. The previously significant disparity that justified lower security investments in Apple’s ecosystem is reportedly diminishing, urging developers to rethink their security strategies. The implication is clear: apps are now being subjected to attacks just hours after their release on digital marketplaces, complicating the landscape for security teams tasked with protecting user data and application integrity.
The report highlights the challenges that security teams face, particularly when software operates on employee devices that may be outside institutional control. This reality underlines the importance of proactive security measures.
Derek Holt, CEO of Digital.ai, underscores the pressing need for application security teams to reevaluate their strategies. He notes that the same AI tools used to develop applications are now being employed to attack them. “This raises a critical question for every application security team: Is the app designed to defend itself from the moment it is available in the store, or is it merely waiting for security teams to identify vulnerabilities after an attack occurs?” Holt elaborated on the urgency of the situation, stating that “the gap between where the attacks are and where security investments are being made is no longer sustainable."
In summary, the accelerating rate of cyber-attacks on mobile applications is causing alarm across multiple industries. The intersection of AI advancements and increasingly sophisticated threats calls for heightened vigilance and innovation in application security practices. As the landscape evolves, organizations must adapt their strategies to safeguard against new types of vulnerabilities that risk compromising user data and institutional integrity.