// Annual Research
Each year the ctfwithai team publishes research drawn from live engagements, threat intelligence operations, and incident response cases, covering the shifts that matter most to defenders and decision-makers. Reports synthesise findings from the major industry publications alongside our own practitioner observations.
Ransomware groups pivot to data extortion without encryption. AI-generated phishing reaches near-undetectable quality. Supply chain attacks against CI/CD pipelines triple year-on-year. Our annual breakdown of what changed and what it means for defenders.
Read report →
Enterprise adoption of GenAI outpaced security reviews by a wide margin this year. We document the most common LLM misconfigurations, RAG pipeline exposures, and AI agent privilege escalation patterns observed across engagements.
Read report →
Three major regulatory frameworks came into force or matured significantly in 2025. We break down the practical impact on security teams, what actually changed, what the auditors are checking, and where organisations are still falling short.
Read report →We publish once a year. No newsletters, no marketing. Just the annual report.