“AI is creating a divide between teams that can operationalize it and those that can’t, and that divide directly translates into risk,” said Haris Pylarinos, founder and CEO of Hack The Box, in a statement. “For CISOs, the challenge is ensuring their teams can operate effectively with AI, and without it when needed.”
The Hack The Box report is based on anonymized data from more than 702,000 cybersecurity professionals across 251 countries, and it revealed that prompt injection attacks accounted for 29% of solved AI-related security challenges on its platform, followed by machine learning model exploitation at 24%, and agentic AI hijacking at 12%. According to Hack The Box, those attack categories reflect growing concern over threats targeting AI models and autonomous systems directly.
“Training data signals a clear shift toward AI-driven attack vectors, highlighting where the next generation of cybersecurity risks is emerging,” the report states.
The Hack The Box report also found that AI penetration testing ranked No. 4 globally among cybersecurity training interests and that enterprise-led AI security training completion rates reached 64% in late 2025. “Cybersecurity skill development is shifting toward a continuous, integrated model where offensive insights and defensive capabilities evolve together,” the report states. “Cybersecurity training participation reflects an increasingly global workforce.”
