| Unauthorized Cloud & Infrastructure Access | 144 | 60 | 71 | 13 | 0 |
| Operational Security | 127 | 40 | 69 | 14 | 4 |
| Supply Chain Integrity | 121 | 35 | 71 | 13 | 2 |
| Hardcoded Credentials | 87 | 44 | 37 | 5 | 1 |
| Malicious Activity | 62 | 42 | 16 | 4 | 0 |
| Insecure Communication | 61 | 12 | 44 | 5 | 0 |
| System Compromise | 56 | 27 | 22 | 7 | 0 |
| Offensive Security Tools | 49 | 39 | 10 | 0 | 0 |
| Unsafe Permissions | 49 | 5 | 25 | 12 | 6 |
| Kubernetes Insecure Pod/Workload Spec | 37 | 5 | 18 | 11 | 3 |
| AI / ML Security | 34 | 15 | 17 | 2 | 0 |
| Ansible-Specific Security | 30 | 13 | 16 | 1 | 0 |
| Command Injection | 27 | 2 | 19 | 6 | 0 |
| Reverse Shell Detection | 19 | 19 | 0 | 0 | 0 |
| Template Injection | 19 | 3 | 11 | 4 | 1 |
| Data Exfiltration | 18 | 2 | 10 | 6 | 0 |
| Tunneling, Proxying & Network Exposure | 18 | 8 | 10 | 0 | 0 |
| Privilege Escalation | 16 | 5 | 9 | 2 | 0 |
| Ansible Lateral Movement & Abuse | 15 | 3 | 10 | 2 | 0 |
| Ansible Best Practice Hygiene | 14 | 1 | 7 | 4 | 2 |
| Anti-Forensics & Evidence Tampering | 14 | 7 | 6 | 1 | 0 |
| Webshell Deployment | 14 | 11 | 3 | 0 | 0 |
| External URL | 11 | 0 | 2 | 9 | 0 |
| Jinja2 / Lookup RCE | 10 | 2 | 6 | 2 | 0 |
| Environment Hijacking | 9 | 1 | 6 | 2 | 0 |
| Encoding, Obfuscation & Evasion | 9 | 0 | 8 | 1 | 0 |
| Data Destruction & Ransomware | 8 | 8 | 0 | 0 | 0 |
| Binary Planting & Execution Hijacking | 7 | 2 | 5 | 0 | 0 |
| Dangerous Module | 5 | 0 | 1 | 4 | 0 |
| Variable Injection | 5 | 0 | 4 | 1 | 0 |
| Webhook Exposure | 5 | 1 | 3 | 1 | 0 |