Rapid7 Releases 2026 Global Threat Landscape Report Highlighting Accelerated Cyber Attack Trends and AI Integration

Rapid7's report reveals rapidly shrinking vulnerability exploitation timelines, highlighting urgent need for proactive cybersecurity measures.

Quiver AI Summary

Rapid7 has released its 2026 Global Threat Landscape Report, highlighting the rapid acceleration of cyber attack patterns where the time between a vulnerability being disclosed and its exploitation is shrinking dramatically. The report indicates that high and critical severity vulnerabilities that were exploited more than doubled from 2024 to 2025, as attackers increasingly operationalize these vulnerabilities within days of their disclosure. Key findings reveal that identity exposure, particularly lacking multi-factor authentication, remains the main access route for breaches, and ransomware continues to be a prevalent threat, involved in 42% of incident responses in 2025. The report emphasizes the need for organizations to adapt their security operations to respond more quickly and strategically to threats, as traditional predictive timelines have disappeared. In this evolving landscape, integrating exposure management with detection and response is essential for enhancing cybersecurity resilience.

Potential Positives

Rapid7 released a significant report, showcasing its leadership in AI-powered managed cybersecurity operations by providing critical insights into the rapidly evolving cyber threat landscape.
The findings highlight a dramatic increase in the number of exploited vulnerabilities, underscoring the urgency for organizations to prioritize and accelerate remediation efforts, positioning Rapid7 as a crucial partner for enterprises seeking to enhance their cyber resilience.
The report emphasizes the integration of AI in both attacker and defender strategies, reinforcing Rapid7's innovative use of technology and predictive insights in cybersecurity, which may attract businesses looking for advanced solutions.
The documentation of ransomware's industrialization and advanced persistent threats illustrates the depth of Rapid7's research and expertise, further establishing the company as a thought leader in effective security operations against modern threats.

Potential Negatives

The report highlights a dramatic increase in exploited vulnerabilities, rising 105% from 71 in 2024 to 146 in 2025, indicating a significant escalation in cyber threats that could undermine the company's credibility as a cybersecurity leader.
The shrinking window between vulnerability disclosure and confirmed exploitation suggests that organizations may struggle to keep up with threats, potentially affecting customer trust in Rapid7's ability to provide effective cybersecurity solutions.
The report's emphasis on the inadequacy of current remediation efforts raises concerns about the overall effectiveness of the company's managed detection and response services, which could lead to dissatisfaction among clients.

FAQ

What is the main finding of the 2026 Global Threat Landscape Report?

The report reveals that the time between vulnerability disclosure and exploitation has significantly decreased, endangering organizations' cybersecurity measures.

How much did exploited vulnerabilities increase from 2024 to 2025?

Exploited high and critical severity vulnerabilities increased by 105%, from 71 in 2024 to 146 in 2025.

What role does AI play in cyber attacks according to the report?

AI is being rapidly integrated into attacker tactics, accelerating the operationalization of vulnerabilities and enhancing phishing and evasion techniques.

What are the implications for organizations' cybersecurity strategies?

Organizations must prioritize earlier remediation and integrate exposure management with detection to align with the faster exploitation timelines.

How is identity exposure impacting cybersecurity incidents?

Valid accounts lacking multi-factor authentication accounted for 43.9% of Rapid7's incident response investigations, highlighting a common path for intrusions.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$RPD Insider Trading Activity

$RPD insiders have traded $RPD stock on the open market 9 times in the past 6 months. Of those trades, 5 have been purchases and 4 have been sales.

Here’s a breakdown of recent trading of $RPD stock by insiders over the last 6 months:

PARTNERS MANAGEMENT, LP JANA purchased 41,545 shares for an estimated $652,671
COREY E. THOMAS (CEO) purchased 14,500 shares for an estimated $200,390
THOMAS E SCHODORF purchased 6,300 shares for an estimated $98,910
SCOTT M MURPHY (Chief Accounting Officer) has made 0 purchases and 4 sales selling 4,227 shares for an estimated $52,866.
MARC EVAN BROWN purchased 3,000 shares for an estimated $45,630
MIKE BURNS purchased 2,000 shares for an estimated $27,600

To track insider transactions, check out Quiver Quantitative's insider trading dashboard.

$RPD Revenue

$RPD had revenues of $217.4M in Q4 2025. This is an increase of 0.52% from the same period in the prior year.

You can track RPD financials on Quiver Quantitative's RPD stock page.

$RPD Hedge Fund Activity

We have seen 135 institutional investors add shares of $RPD stock to their portfolio, and 154 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

UBS AM, A DISTINCT BUSINESS UNIT OF UBS ASSET MANAGEMENT AMERICAS LLC removed 4,516,032 shares (-76.2%) from their portfolio in Q4 2025, for an estimated $68,643,686
PENSERRA CAPITAL MANAGEMENT LLC added 1,357,794 shares (+50.6%) to their portfolio in Q4 2025, for an estimated $20,638,468
MIRAE ASSET GLOBAL ETFS HOLDINGS LTD. removed 863,489 shares (-39.8%) from their portfolio in Q4 2025, for an estimated $13,125,032
HAWK RIDGE CAPITAL MANAGEMENT LP removed 835,618 shares (-100.0%) from their portfolio in Q4 2025, for an estimated $12,701,393
FIRST TRUST ADVISORS LP added 758,009 shares (+48.3%) to their portfolio in Q4 2025, for an estimated $11,521,736
VANGUARD GROUP INC added 653,498 shares (+7.6%) to their portfolio in Q4 2025, for an estimated $9,933,169
SG AMERICAS SECURITIES, LLC added 573,069 shares (+1788.2%) to their portfolio in Q4 2025, for an estimated $8,710,648

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard.

$RPD Analyst Ratings

Wall Street analysts have issued reports on $RPD in the last several months. We have seen 1 firms issue buy ratings on the stock, and 0 firms issue sell ratings.

Here are some recent analyst ratings:

UBS issued a "Buy" rating on 10/21/2025

To track analyst ratings and price targets for $RPD, check out Quiver Quantitative's $RPD forecast page.

$RPD Price Targets

Multiple analysts have issued price targets for $RPD recently. We have seen 15 analysts offer price targets for $RPD in the last 6 months, with a median target of $11.5.

Here are some recent targets:

Fatima Boolani from Citigroup set a target price of $11.5 on 02/12/2026
Saket Kalia from Barclays set a target price of $8.0 on 02/12/2026
Junaid Siddiqui from Truist Securities set a target price of $8.0 on 02/11/2026
Patrick Colville from Scotiabank set a target price of $9.0 on 02/11/2026
Adam Borg from Stifel set a target price of $9.0 on 02/11/2026
Matthew Hedberg from RBC Capital set a target price of $12.0 on 02/11/2026
Rob Owens from Piper Sandler set a target price of $10.0 on 02/11/2026

Full Release

BOSTON, March 18, 2026 (GLOBE NEWSWIRE) -- Rapid7 (NASDAQ: RPD), a global leader in AI-powered managed cybersecurity operations, today released The 2026 Global Threat Landscape Report: Decoding the Accelerated Cyber Attack Cycle . The report finds that the window between vulnerability disclosure and confirmed exploitation continues to collapse, leaving organizations with dramatically less time to assess risk, prioritize remediation, and contain threats before impact. The predictive lead time defenders once relied on between disclosure and exploitation has largely disappeared.

The report found that exploited high and critical severity vulnerabilities more than doubled year over year, increasing 105% from 71 in 2024 to 146 in 2025, while the window between vulnerability publication and confirmed exploitation continues to shrink, with attackers increasingly operationalizing vulnerabilities within days of disclosure.

“Exploitation timelines are increasingly measured in days rather than weeks,” said Raj Samani, chief scientist at Rapid7. “AI is being integrated rapidly into attacker playbooks, accelerating how quickly exposure is operationalized. Many of the incidents we investigate still originate from known, unaddressed exposure. In those cases, attackers don’t need sophistication, they need opportunity. As remediation windows shrink, reducing that opportunity becomes essential to limiting compromise.”

Key findings from the 2026 report

This report correlates vulnerability publication data, confirmed exploitation trends, frontline MDR incident response telemetry, and dark web, cybercrime, and nation-state intelligence to provide a unified view of how exposure evolves into compromise.

Key findings include:

Exploitation is accelerating faster than defenders can remediate: The number of “high-risk but not yet exploited” vulnerabilities (CVSS 7-10) fell dramatically, while the number of exploited vulnerabilities increased sharply from 71 in 2024 to 146 in 2025. This indicates that high-probability vulnerabilities (CVSS 7-10) are being operationalized almost immediately.
Weaponization timelines continue to shrink: The median time from a vulnerability's publication to its inclusion in the CISA KEV catalog dropped from 8.5 days to 5.0 days, and the mean time dropped from 61.0 days to 28.5 days, a trend measured specifically among high- and critical-severity vulnerabilities.
Identity exposure remains the dominant intrusion path: Valid accounts with missing or lax multi-factor authentication (MFA) accounted for 43.9% of all incident response investigations by Rapid7 in 2025, making it the single most common initial access vector.
Ransomware is an industrialized monetization engine: Ransomware was involved in 42% of Rapid7 MDR incident response investigations last year. Additionally, total ransomware leak posts increased 46.4% year over year, rising to 8,835 in 2025.
AI is accelerating attacker operations: Generative AI has evolved into a legitimate force multiplier, enabling adversaries to accelerate phishing content creation, scripting, and iterative problem solving.
Advanced persistent threat (APT) campaigns adopt refined evasion techniques: Rapid7 has observed APT groups significantly evolving their techniques for staying off defenders’ radar. For example, Earth Kurma pioneered a “Living Off the App” strategy that covertly uses Cisco Webex for command-and-control, while Volt Typhoon now utilizes Living Off the Land techniques to maintain long-term persistence.

What this means for security operations

The report underscores that delayed remediation and misaligned prioritization are increasingly central to breach outcomes. As exploitation timelines compress, organizations must address exposure earlier and integrate more closely with detection and response. Attack surface exposure must now be triaged in the context of active attacker behavior, aligning remediation timelines with exploitation velocity to sustain durable cyber resilience.

"The challenge moving forward is less about identifying every vulnerability and more about understanding exposure, prioritizing realistically, and responding within increasingly compressed timelines," said Christiaan Beek, vice president of cyber intelligence at Rapid7. "Predictive lead time is a thing of the past. Now, it’s about your ability to move smarter, not just faster. Organizations that reduce the preventable conditions attackers monetize before exploitation occurs, can regain a measure of control."

The 2026 report reinforces that operating preemptively is no longer optional. As adversaries embed AI into reconnaissance and exploitation workflows, defensive operations must evolve with the same discipline. Organizations that manage exposure, and integrate it into detection and response, will be better equipped to limit compromise and sustain durable cyber resilience.

To read a full copy of the report, visit https://www.rapid7.com/research/report/global-threat-landscape-report-2026/ .

About the Rapid7 2026 Global Threat Landscape Report

The Rapid7 2026 Global Threat Landscape Report, Decoding the Accelerated Cyber Attack Cycle , is an in-depth global adversary behavior analysis from Rapid7 Labs. Drawing on telemetry from the company’s managed detection and response (MDR) investigations, vulnerability intelligence, and frontline incident response, the report examines the collapse of the window between disclosure and exploitation, the industrialization of ransomware, and the role of AI as an acceleration layer in modern attack campaigns. This report provides a data-driven view of how exploitation speed, identity exposure, and strategic pre-positioning are reshaping enterprise cyber risk.

About Rapid7

Rapid7, Inc. (NASDAQ: RPD) is a global leader in AI-powered managed cybersecurity operations, trusted to advance organizations’ cyber resilience. Open and extensible, the Rapid7 Command Platform integrates security data, enriching it with AI, threat intelligence, and 25 years of expertise and innovation to reduce risk and disrupt attackers. As a recognized leader in preemptive managed detection and response (MDR), Rapid7 unifies exposure and detection to transform the cybersecurity operations of more than 11,500 customers worldwide. For more information, visit our website , check out our blog , or follow us on LinkedIn or X .

Rapid7 Media Relations
Stacey Holleran
Sr. Manager, Global Communications
[email protected]
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
[email protected]
(617) 865-4277