- AI-powered hackers are now exploiting software bugs faster than companies can patch systems
- Mobile phishing scams are now outpacing traditional email attacks across enterprise environments worldwide
- Unauthorized AI tools are quietly leaking sensitive corporate information across global workplaces
For the first time in nearly two decades, exploiting software vulnerabilities has overtaken stolen passwords as the primary way hackers breach corporate networks.
Verizon’s 2026 Data Breach Investigations Report claims that the exploitation of vulnerabilities now accounts for 31% of all confirmed data breaches.
Stolen credentials, once the dominant entry point, have dropped to just 13% of reported incidents this year.
Vulnerability exploitation has become the biggest threat
The report analyzed over 31,000 security incidents across 145 countries and revealed how the threat landscape has fundamentally changed.
Attackers are leveraging artificial intelligence to accelerate the discovery and weaponization of known software flaws, dramatically shrinking the window available for defenders to patch their systems, reducing response time from months to mere hours.
Despite this growing risk, the report found that only 26% of critical vulnerabilities were fully patched throughout 2025.
The average time it took organizations to apply patches increased to 43 days, leaving networks exposed for weeks or even months.
“While the speed of AI-driven cyberthreats is increasing, basic security principles are still the most effective defense,” said Daniel Lawson, SVP of Global Solutions at Verizon Business.
Ransomware was present in nearly half of all breaches, at 48%, up from 44% the year before.
However, the report noted that ransom payments have decreased, with 69% of victims refusing to pay.
Mobile devices have become a more dangerous attack vector than email, with phishing simulations showing that text messages and voice calls achieve 40% higher click-through rates than traditional email phishing.
The human element was still involved in 62% of all breaches, as attackers increasingly target mobile-centric communication channels where users are less suspicious.
Nearly half of all employees, or 45%, now use AI tools at work, representing a significant increase from just 15% the year before.
But 67% of these workers access AI platforms through unauthorized personal accounts rather than approved corporate channels.
Shadow AI has become the third most common cause of non-malicious data leakage, putting company secrets at significant risk of inadvertent exposure.
Supply chain attacks have also grown significantly, with third-party involvement in breaches up 60% year-on-year.
DBIR makes it clear that attackers have changed their tactics and most organizations have not kept up with the speed of modern threat actors.
The basics of security and the use of firewalls or malware removal tools still work, but they only work when organizations actually practice them consistently.
Organizations are advised to patch faster, monitor mobile channels, control AI usage and assume that third parties will eventually be compromised.
The attackers are already acting on that assumption, and the DBIR numbers prove that they are right more often than they are wrong.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
