Wireless CVEs surge, exposing hidden risks for AI centres

Bastille Networks has published a new annual report tracking a sharp rise in disclosed wireless vulnerabilities. It argues that many organisations face growing exposure because wireless risks often fall outside standard vulnerability management programmes.

The inaugural State of Wireless Security in 2026 report covers Wi‑Fi, Bluetooth, Zigbee, and cellular technologies such as LTE and 5G. These systems underpin routine business and government operations, but weaknesses in underlying protocols and components can persist for years.

Rapid growth

The report says researchers disclosed 937 new wireless Common Vulnerabilities and Exposures (CVEs) in 2025-an average of 2.5 per day.

It also describes a longer-term trend, from four wireless CVEs in 2010 to 937 in 2025-more than 230-fold growth over 15 years. Over the past 12 years, cumulative totals have doubled every two to four years.

The past two years, it adds, show sustained acceleration: cumulative growth exceeded 25% in both 2024 and 2025, for a combined 60% increase since the start of 2024.

Wi‑Fi accounted for more than 60% of disclosed wireless CVEs in the period analysed. Bluetooth came next, followed by cellular and Zigbee.

Visibility gap

Bastille argues that many organisations underestimate wireless risk because standard security practices focus on internet-connected assets and known device inventories. Wireless devices can sit outside those controls, particularly when unmanaged, intermittently connected, or embedded in operational systems.

Traditional approaches often rely on asset inventories, patch tracking, and IP-based scanning. Bastille argues these methods miss exposures at the radio layer or within device components such as chipsets, firmware, and protocol stacks.

The report highlights wireless as a route for data loss and surveillance that does not require attackers to traverse a corporate network. Examples include data exfiltration via covert devices with cellular modems and unauthorised Bluetooth connections that bypass perimeter controls.

It also notes that wireless vulnerabilities can affect shared chipsets and embedded stacks used across multiple vendors, making patching uneven across product lines. In some cases, patches may not be available for older devices or systems that cannot be easily updated.

"We've long said that wireless threats are proliferating, and this report illustrates the alarming extent to which that is the case as well as highlights the theft and espionage risks companies and governments face," said Chris Risley, CEO of Bastille Networks. "Anything that can be controlled wirelessly is vulnerable. With the explosion of new AI data centers and other high-value targets worth billions of dollars in intellectual property or trade secrets, now is the time for enterprises to start treating wireless visibility and vulnerability management as foundational security infrastructure."

Targets and environments

The report links the trend to expanding wireless adoption across workplaces and critical systems, including building automation, industrial sensors, access control, logistics tracking, and embedded devices used in medical, manufacturing, and operational environments.

It also points to heightened interest from sophisticated threat actors, saying nation-state actors and foreign government-backed criminal organisations are finding new ways to exploit wireless vulnerabilities, including against critical infrastructure and AI data centres.

AI data centres are a recurring theme in Bastille's framing of risk. The report describes them as high-value environments because of sensitive workloads and the value of the information processed, echoing broader industry focus on the physical and operational security of large-scale compute infrastructure.

Dr. Brett Walkenhorst, principal researcher and CTO at Bastille Networks, said the data suggests a lasting shift rather than a temporary fluctuation.

"What we're seeing in the data is not a short-term spike but a structural shift in the threat landscape," Walkenhorst said. "Wireless vulnerabilities have grown more than 230-fold since 2010 and are accelerating far faster than the overall CVE ecosystem. Because many of these vulnerabilities affect shared chipsets, protocol stacks, and embedded systems that remain in service for years, each year's disclosures compound a growing base of persistent exposure for enterprises."

Monitoring approach

Bastille recommends continuous, passive radio-frequency spectrum monitoring to complement existing controls. The report positions direct observation of the airspace as a way to detect anomalous behaviour such as unauthorised Bluetooth pairing attempts and rogue access points.

Bastille says it has deployed systems that scan the airspace in sensitive environments such as SCIFs, research and development facilities, data centres, and corporate headquarters. It describes an always-on approach that detects, classifies, and locates wireless transmitters, including authorised infrastructure, unmanaged personal peripherals, and rogue devices.

The product relies on software-defined radio and RF sensors placed around facilities. Bastille says its system classifies transmissions by type and activity, flags whether a device is authorised and compliant with site policies, and does not examine transmission payloads.

The report concludes that wireless vulnerabilities are likely to continue rising as wireless technologies spread into more enterprise and infrastructure use cases and as sophisticated adversaries pay greater attention to wireless attack surfaces.