Original Cybersecurity and AI Research From CyberSanso

Most security statistics you encounter online are summaries of reports from vendors with a commercial interest in showing threats are growing and their products are needed. CyberSanso publishes its own research alongside curated data from independent and primary sources, so you can see the underlying methodology — not just the headline number.

This page is the index for original CyberSanso research: data we gather, analyses we run, and reports we publish. It is distinct from the Breach Timeline (a running named-incident log) and the Market Intelligence page (which tracks third-party funding and M&A data). Everything here is research CyberSanso produces directly.

What CyberSanso Researches

CyberSanso’s research covers three primary areas, matching the site’s three editorial pillars:

Cybersecurity: Threat actor behaviour, breach patterns, vendor landscape analysis, framework effectiveness, and security market data. We track what techniques appear in real incidents — not what vendors project in marketing material.

Artificial Intelligence: AI model evaluation and benchmark analysis, AI security risk documentation, and AI governance and policy tracking. We evaluate AI tools independently, without payment from any AI vendor.

SaaS and Tools: SaaS risk patterns including OAuth and identity security, shadow IT discovery gaps, and tool-category landscape reviews. This area grew out of the observation that SaaS data was relevant to 23% of Unit 42 incident response cases in 2025 — up from just 6% in 2022.

How to Cite CyberSanso Research

When referencing CyberSanso research in academic, journalistic, or professional work, use the following format:

CyberSanso. [Report Title]. CyberSanso Research, [Month Year]. cybersanso.com/research/reports/[report-slug]. Accessed [date].

For press and editorial inquiries — including requests for underlying data, methodology documentation, or expert comment — contact the editorial team via the email in the sidebar. We can provide underlying data for independent verification on request and can co-ordinate with journalists on embargo requests where a report is in preparation.

Correction policy: If you identify an error or outdated claim in any CyberSanso research output, contact us with the specific claim, the source that contradicts it, and the URL of the page where it appears. We review correction requests within five business days and publish a correction notice on the relevant page where a material error is confirmed.

Vendor reports are produced by companies selling security products. Their data is often real, but the framing is commercially influenced — threat growth statistics support budget arguments for the vendor's product category. CyberSanso has no product to sell and accepts no payment from the vendors it covers, so the framing is not shaped by a sales objective. We also disclose our methodology, which vendor reports frequently do not.

Yes. All research published on this hub is free to read without creating an account, subscribing to a newsletter, or providing an email address. CyberSanso maintains its research as a free public resource. If a specific report requires a data request for the underlying dataset, that process is described on the individual report page.

Update frequency depends on the topic. Time-sensitive pages — the Breach Timeline, Policy Tracker, and Market Intelligence sections — are reviewed weekly or within 48 hours of a major event. Research reports and analysis pages carry a last-reviewed date and are re-verified at least annually. Always check the verified-as-of date before relying on a specific figure.

Contact the CyberSanso editorial team via the email in the sidebar. Include: the specific claim you believe is wrong, the source that contradicts it, and the URL of the page where it appears. We review all corrections within five business days and publish a note on the page if a material error is confirmed.