Vulnerability exploitation now major origin of knowledge breaches
Roughly 31% – near a 3rd – of all information breaches now start with the exploitation of some type of software program vulnerability by a malicious actor, surpassing credential theft because the primary community entry level for the primary time.
That is in accordance with the 19th annual Information Breach Investigations Report (DBIR) from US telecoms large Verizon, and though the info had been gathered and the report largely compiled previous to the industry-wide shakeup prompted by the discharge of Anthropic’s Claude Mythos frontier mannequin, the agency’s analysts mentioned the sign was clear – synthetic intelligence (AI) is essentially remodelling cyber safety earlier than the {industry}’s very eyes.
Verizon mentioned the speedy weaponisation of recognized vulnerabilities was making a capability disaster for cyber professionals, underscoring an “pressing want” to prioritise the basic tenets of cyber safety and danger administration.
“Whereas the rate of cyber threats – pushed by AI and sooner vulnerability exploitation – is rising, the foundational ideas of safety and robust danger administration stay the best defence,” mentioned Daniel Lawson, Verizon Enterprise senior vp of world options. “The DBIR reinforces that these fundamentals nonetheless maintain as organizations attempt for resilience.”
As such, the 2026 DBIR – which will be downloaded in its entirety right here – incorporates plenty of suggestions tailor-made with AI in thoughts. These embrace taking steps to organize for an inflow of patches, integrating AI into secure-by-design frameworks, and leveraging AI inside defence-in-depth methods.
Patrick Münch, chief safety officer at Mondoo – a provider of vulnerability administration companies – mentioned the DBIR confirmed ache factors defenders are already feeling.
“31% of breaches now begin with an unpatched vulnerability, overtaking stolen credentials because the primary approach in. Solely 26% of Cisa Kev vulnerabilities had been absolutely remediated final yr, and the median time to patch rose from 32 to 43 days,” he mentioned.
“The {industry} has spent a decade bettering at figuring out and analysing issues [but] admiring the findings does not assist anybody. The breach occurs within the hole between understanding and fixing, and that’s the place the work has to maneuver.
“Our personal analysis reveals why that hole is widening. 62% of groups nonetheless run remediation manually, solely 2% are absolutely automated, and simply 9% are assured they will repair what issues in time. Verizon discovered that 60 to 70% of Cisa Kev points stay open per week after detection, no matter workforce maturity. You do not shut that hole with one other scanner. You shut it with clear agentic AI: people within the loop on selections, AI automation on remediation and mitigation execution, and a transparent audit path from figuring out the problem to verifying it is mounted,” mentioned Münch.
AI as agent of chaos
But it surely was not merely within the space of vulnerability discovery and exploitation that AI fashions are making their presence recognized.
This yr’s version of the Verizon DBIT additionally shared perception into how shadow AI utilization within the office has surged, making unapproved AI instruments the third most typical non-malicious supply of knowledge leakage. Because the variety of staff who say they often use AI instruments additionally grows, this highlights the potential for unintended information loss to grow to be extra prevalent going ahead.
Verizon additionally fund that AI bots are additionally rising in quantity, with the variety of automated web crawlers rising by a fifth each month, in comparison with flat human-led visitors development, heralding the opportunity of extra bot-led threats sooner or later.
EMEA developments
Acknowledging that by the character of Verizon’s enterprise, its information skew in the direction of the North American theatre, the report’s authors mentioned that they had been making an attempt to rebalance their protection in areas equivalent to Europe, the Center East and Africa (EMEA), with some success. It analysed 8,245 incidents between October 2024 and November 2025, with 6,060 of these leading to confirmed information leakage, in comparison with 12,371 in North America and 5,229 in APAC.
Throughout EMEA, system intrusion accounted for 57% of breaches through the interval, up from 53% final yr. Breaches that arose from miscellaneous errors dropped from 19% to 14%, and social engineering held regular at 22%.
EMEA stood out for being the area that noticed the heaviest use of malware, which occurred in 66% of all instances, however on the similar time, 59% of all breaches concerned some factor of hacking, slightly decrease than the remainder of the world. Verizon mentioned neither of those stats had been particularly earth-shattering however identified that they’re shifting EMEA nearer to the worldwide common.
Probably the most substantive distinction vis-à-vis EMEA and the remainder of the world was the prevalence of phishing, which reveals up in 84% of social engineering intrusions. This may increasingly in flip replicate a barely increased prevalence of nation state-linked intrusions, 23% of all EMEA breaches noticed in comparison with 14% in the remainder of the world, one thing Verizon’s analysts linked to the “advanced present political panorama” in Europe and the Center East.
