Across the engagements our offensive team ran in Q1, the volume of classic injection findings is down meaningfully. The volume of misconfigured service accounts, overscoped API tokens, and AI-prompt-handling bugs is up.
The pattern matches what we see in code review: AI assistants ship working code quickly, and they default to broad permissions to avoid friction. That tradeoff lands in production.
Defensive teams should be updating their threat models. The OWASP Top 10 still applies. It's just no longer the only list that matters.