Breaking News
IBM said cybercriminals are increasingly exploiting basic security weaknesses at scale, with artificial intelligence dramatically accelerating the pace of attacks, according to its 2026 X-Force Threat Intelligence Index released on Tuesday.
IBM X-Force recorded a 44% year-on-year increase in attacks starting with public-facing application exploits, largely driven by missing authentication controls and AI-enabled vulnerability discovery. Vulnerability exploitation emerged as the leading initial attack vector, accounting for 40% of incidents observed in 2025.
“Attackers aren’t reinventing playbooks — they’re speeding them up with AI,” said Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM. “With so many vulnerabilities requiring no credentials, attackers can move straight from scanning to impact. Security leaders must shift to proactive, agentic-powered detection and response.”
The report shows the ransomware ecosystem fragmenting rapidly, with the number of active ransomware and extortion groups surging 49% year over year, while publicly disclosed victim counts rose about 12%. IBM attributed the growth to lower barriers to entry, as attackers reuse leaked tools, follow established playbooks and increasingly rely on AI to automate operations.
Supply chain and third-party compromises have also accelerated sharply. IBM found that large supply-chain attacks have nearly quadrupled since 2020, driven by exploitation of software build environments, CI/CD pipelines and SaaS integrations. As AI coding tools speed up software development — sometimes introducing unvetted code — pressure on development pipelines and open-source ecosystems is expected to intensify in 2026.
The report also flagged a growing identity risk tied to AI adoption. Infostealer malware exposed more than 300,000 ChatGPT credentials in 2025, highlighting that AI platforms now face the same credential risks as core enterprise SaaS systems. Compromised chatbot accounts can enable attackers to manipulate outputs, exfiltrate sensitive data or inject malicious prompts, amplifying downstream risk.
IBM noted that AI is compressing the attacker lifecycle by accelerating research, data analysis and real-time attack iteration. The company cited examples such as North Korean IT worker schemes, which are using AI-driven image manipulation and translation tools to scale synthetic identities and operate across global marketplaces.
Despite rising sophistication, IBM said basic security failures remain widespread. X-Force Red penetration tests continue to uncover weak credential hygiene and misconfigured access controls as the most common entry points for attackers.
Manufacturing remained the most targeted sector for the fifth consecutive year, accounting for 27.7% of incidents, with data theft the dominant objective. North America emerged as the most attacked region, representing 29% of observed cases, up from 24% in 2024 — the first time in six years it has led globally.
IBM warned that as AI further lowers the cost and complexity of cybercrime, organizations that fail to close fundamental security gaps risk facing faster, broader and more disruptive attacks in the year ahead.
IBM X-Force recorded a 44% year-on-year increase in attacks starting with public-facing application exploits, largely driven by missing authentication controls and AI-enabled vulnerability discovery. Vulnerability exploitation emerged as the leading initial attack vector, accounting for 40% of incidents observed in 2025.
“Attackers aren’t reinventing playbooks — they’re speeding them up with AI,” said Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM. “With so many vulnerabilities requiring no credentials, attackers can move straight from scanning to impact. Security leaders must shift to proactive, agentic-powered detection and response.”
The report shows the ransomware ecosystem fragmenting rapidly, with the number of active ransomware and extortion groups surging 49% year over year, while publicly disclosed victim counts rose about 12%. IBM attributed the growth to lower barriers to entry, as attackers reuse leaked tools, follow established playbooks and increasingly rely on AI to automate operations.
Supply chain and third-party compromises have also accelerated sharply. IBM found that large supply-chain attacks have nearly quadrupled since 2020, driven by exploitation of software build environments, CI/CD pipelines and SaaS integrations. As AI coding tools speed up software development — sometimes introducing unvetted code — pressure on development pipelines and open-source ecosystems is expected to intensify in 2026.
The report also flagged a growing identity risk tied to AI adoption. Infostealer malware exposed more than 300,000 ChatGPT credentials in 2025, highlighting that AI platforms now face the same credential risks as core enterprise SaaS systems. Compromised chatbot accounts can enable attackers to manipulate outputs, exfiltrate sensitive data or inject malicious prompts, amplifying downstream risk.
IBM noted that AI is compressing the attacker lifecycle by accelerating research, data analysis and real-time attack iteration. The company cited examples such as North Korean IT worker schemes, which are using AI-driven image manipulation and translation tools to scale synthetic identities and operate across global marketplaces.
Despite rising sophistication, IBM said basic security failures remain widespread. X-Force Red penetration tests continue to uncover weak credential hygiene and misconfigured access controls as the most common entry points for attackers.
Manufacturing remained the most targeted sector for the fifth consecutive year, accounting for 27.7% of incidents, with data theft the dominant objective. North America emerged as the most attacked region, representing 29% of observed cases, up from 24% in 2024 — the first time in six years it has led globally.
IBM warned that as AI further lowers the cost and complexity of cybercrime, organizations that fail to close fundamental security gaps risk facing faster, broader and more disruptive attacks in the year ahead.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
