May 20
/
Latest News
AI‑Driven Exploits Overtake Stolen Credentials in Verizon’s 2026 DBIR
Verizon’s 19th Data Breach Investigations Report reveals a dramatic shift in how attackers compromise corporate networks, driven largely by the accelerating influence of artificial intelligence.
The 2026 edition analyzed more than 31,000 security incidents and 22,000 confirmed breaches across 145 countries, covering activity from late 2024 through late 2025 and early indicators from 2026. For the first time in the report’s history, exploiting software vulnerabilities has surpassed stolen credentials as the leading method of initial access. This single technique accounted for 31 percent of all breaches, a change Verizon attributes to generative AI tools that allow attackers to weaponize newly discovered flaws in hours rather than months, shrinking defenders’ response windows to almost nothing.
The report also notes that social engineering has shifted away from email and toward mobile channels, where voice calls and text messages now show a 40 percent higher success rate. Once inside a system, attackers frequently escalate privileges through OS credential dumping, particularly by extracting data from LSASS memory. Internal behavior is compounding these risks. Employee use of unapproved shadow AI tools has tripled in a year, rising from 15 to 45 percent of the workforce, with staff routinely pasting sensitive data and source code into external models. At the same time, third‑party supply chain breaches have surged by 60 percent, and vendor‑origin vulnerabilities now account for nearly half of all breaches.
The dataset also uncovered a large identity fraud campaign linked to North Korean threat actors, who used roughly 15,000 stolen identities to pass remote technical interviews and secure full‑stack engineering and marketing roles. These operatives worked through regional laptop farms run by local accomplices, funneling earnings back to the state. Meanwhile, automated threat activity continues to rise sharply, with AI‑driven internet crawler traffic growing 21 percent month over month compared to just 0.3 percent for human traffic. Verizon concludes that while the threat landscape is evolving at machine speed, the fundamentals of security—patching, incident response, identity management, and organizational culture—remain the most important defenses.
Industry leaders echoed this urgency. Matthew Hartman of Merlin Group said the DBIR confirms that AI has collapsed the traditional timeline for defense and that periodic assessments can no longer keep pace. Trey Ford of Bugcrowd framed the shift as an economic transformation, arguing that attackers no longer need stolen credentials when AI makes vulnerability discovery faster and cheaper than credential theft. He also warned that shadow AI represents a massive internal blind spot. Mika Aalto of Hoxhunt emphasized that resilience still depends on executing the basics well, noting that while AI accelerates threats, organizations that maintain strong hygiene and security culture will remain the most prepared.
The 2026 edition analyzed more than 31,000 security incidents and 22,000 confirmed breaches across 145 countries, covering activity from late 2024 through late 2025 and early indicators from 2026. For the first time in the report’s history, exploiting software vulnerabilities has surpassed stolen credentials as the leading method of initial access. This single technique accounted for 31 percent of all breaches, a change Verizon attributes to generative AI tools that allow attackers to weaponize newly discovered flaws in hours rather than months, shrinking defenders’ response windows to almost nothing.
The report also notes that social engineering has shifted away from email and toward mobile channels, where voice calls and text messages now show a 40 percent higher success rate. Once inside a system, attackers frequently escalate privileges through OS credential dumping, particularly by extracting data from LSASS memory. Internal behavior is compounding these risks. Employee use of unapproved shadow AI tools has tripled in a year, rising from 15 to 45 percent of the workforce, with staff routinely pasting sensitive data and source code into external models. At the same time, third‑party supply chain breaches have surged by 60 percent, and vendor‑origin vulnerabilities now account for nearly half of all breaches.
The dataset also uncovered a large identity fraud campaign linked to North Korean threat actors, who used roughly 15,000 stolen identities to pass remote technical interviews and secure full‑stack engineering and marketing roles. These operatives worked through regional laptop farms run by local accomplices, funneling earnings back to the state. Meanwhile, automated threat activity continues to rise sharply, with AI‑driven internet crawler traffic growing 21 percent month over month compared to just 0.3 percent for human traffic. Verizon concludes that while the threat landscape is evolving at machine speed, the fundamentals of security—patching, incident response, identity management, and organizational culture—remain the most important defenses.
Industry leaders echoed this urgency. Matthew Hartman of Merlin Group said the DBIR confirms that AI has collapsed the traditional timeline for defense and that periodic assessments can no longer keep pace. Trey Ford of Bugcrowd framed the shift as an economic transformation, arguing that attackers no longer need stolen credentials when AI makes vulnerability discovery faster and cheaper than credential theft. He also warned that shadow AI represents a massive internal blind spot. Mika Aalto of Hoxhunt emphasized that resilience still depends on executing the basics well, noting that while AI accelerates threats, organizations that maintain strong hygiene and security culture will remain the most prepared.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.