IBM has released the 2026 X-Force Threat Intelligence Index, highlighting how cybercriminals are exploiting fundamental security gaps at unprecedented speeds, now supercharged by AI tools that enable faster vulnerability discovery and attack execution. The report notes a 44% rise in attacks originating from public-facing application exploits, primarily due to absent authentication controls.
Quick Intel
The report underscores that while attackers are not creating new tactics, they are dramatically accelerating existing ones with AI. Basic weaknesses—such as missing credentials and misconfigurations—remain the primary entry points, but AI tools now allow rapid scanning, analysis, and exploitation without human bottlenecks.
"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM. "The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate."
AI's Mounting Identity Problem Infostealer campaigns exposed more than 300,000 ChatGPT credentials in 2025, placing AI platforms on par with traditional SaaS solutions in credential risk. Compromised chatbot accounts enable attackers to manipulate AI outputs, steal sensitive inputs, or inject malicious prompts, highlighting the urgent need for enterprise-wide AI governance, strong authentication, and conditional access policies.
AI and Leaked Tooling Lower Barriers to Ransomware The ransomware landscape saw a 49% surge in active groups, driven by transient operators using leaked tools, standardized playbooks, and AI to automate tasks. As multimodal AI advances, X-Force anticipates faster, more adaptive attacks with automated reconnaissance and execution.
Pressure on Supply Chains Set to Intensify Supply chain compromises grew nearly fourfold since 2020, exploiting trust in software build/deploy environments and SaaS connections. AI-powered coding tools, while accelerating development, risk introducing unvetted code, amplifying future pipeline vulnerabilities. The convergence of nation-state and financially motivated tactics further blurs lines, with AI democratizing advanced techniques.
Additional insights from the report include persistent weaknesses in credential hygiene and access controls identified in X-Force Red penetration tests, AI-driven scaling of operations like North Korean IT worker schemes, and regional shifts with North America overtaking others in attack volume.
IBM recommends proactive measures: agentic threat detection, rigorous vulnerability management, enhanced identity controls for AI tools, and supply chain security reviews.
Additional resources:
About IBM
IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.