Vulnerability Exploitation Overtakes Stolen Credentials as Top Breach Entry Point
Event summary
- Verizon's 2026 Data Breach Investigations Report (DBIR) reveals vulnerability exploitation has surpassed stolen credentials as the leading breach entry point for the first time in 19 years.
- AI-driven acceleration of vulnerability exploitation has shrunk the defense window from months to hours.
- Mobile-centric social engineering attacks now have a 40% higher success rate than traditional email phishing.
- Shadow AI usage by employees has surged from 15% to 45% in a year, becoming the third most common non-malicious data leakage activity.
- Third-party involvement in breaches has increased by 60%, with 48% of all breaches now involving external vendors.
The big picture
Verizon's 2026 DBIR highlights a fundamental shift in the cyber threat landscape, driven by AI's ability to accelerate vulnerability exploitation and the rising sophistication of mobile attacks. The report underscores the need for robust risk management practices as companies face increasing threats from both internal shadow AI usage and external supply chain vulnerabilities. With AI bots experiencing a 21% month-over-month growth in internet traffic, the next frontier of cyber threats is already emerging.
What we're watching
- AI-Driven Threats
- How the rapid weaponization of known vulnerabilities by AI will strain security teams and necessitate faster patch management.
- Mobile Security Risks
- Whether the shift to mobile-centric social engineering attacks will force companies to reallocate cybersecurity resources.
- Supply Chain Vulnerabilities
- The pace at which third-party breaches will escalate as companies increasingly rely on external vendors.
Related topics