AI-Powered Exploitation Surge: Hackers Leverage Machine Learning in Nearly a Third of Recent Breaches, Verizon DBIR Warns
- May 21
- 3 min read
Key Findings
AI-assisted vulnerability exploitation caused 31% of all breaches, overtaking stolen credentials as the primary initial access method for the first time in DBIR's 19-year history
Generative AI has compressed the vulnerability exploitation window from months to just hours, collapsing traditional defense timelines
Mobile-based social engineering attacks via voice and text achieve 40% higher success rates than email phishing
Shadow AI tool usage among employees tripled from 15% to 45% in a single year, creating massive data exfiltration risks
Third-party supply chain breaches surged 60%, now accounting for 48% of all confirmed breaches
North Korean actors conducted large-scale identity fraud using approximately 15,000 stolen identities to infiltrate remote engineering positions
Automated AI bot traffic is growing 21% month-over-month compared to human web traffic growth of just 0.3%
Background
Verizon's 19th annual Data Breach Investigations Report analyzed over 31,000 real-world security incidents and 22,000 confirmed breaches across 145 countries. The dataset covers October 2024 through November 2025, with early trend data from 2026, providing the most current picture of how threat actors are evolving their tactics in an AI-enabled world.
The Death of the Stolen Password
For nearly two decades, stolen credentials have been hackers' go-to weapon for breaching corporate networks. That era has officially ended. Software vulnerability exploitation now leads all attack vectors at 31% of breaches, marking a fundamental shift in how attackers operate.
The change is directly tied to generative AI's ability to accelerate the vulnerability research and weaponization process. What previously took attackers months of work now happens in hours. This compression has fundamentally altered the defensive landscape, shrinking the window security teams have to patch systems from months down to just a few hours before exploitation begins in earnest.
The Mobile Social Engineering Pivot
While security teams have spent years training employees to spot phishing emails, attackers have already moved past that battleground. Voice calls and text-based social engineering now represent the path of least resistance, boasting a 40% higher success rate than traditional email attacks.
Once inside an endpoint, attackers employ OS credential dumping techniques, particularly LSASS memory dumping, to escalate privileges and move laterally through networks with relative ease.
Shadow AI and Internal Data Risks
Corporate environments are creating their own vulnerabilities through unsanctioned AI tool usage. Employee adoption of unapproved shadow AI platforms has exploded from 15% to 45% of the workforce in just one year. Staff regularly upload sensitive corporate data and source code into external AI models without authorization or security controls, creating massive exposure for intellectual property and customer information.
This represents not just a security gap but a control and governance failure that most enterprises remain unaware of.
The Supply Chain Vulnerability Crisis
Third-party breaches have become a dominant attack vector, surging 60% and now responsible for 48% of all confirmed breaches. Enterprises have limited visibility into vendor security practices, making supply chain compromise an attractive target for sophisticated threat actors.
The North Korean Identity Farm Operation
Researchers uncovered a sophisticated identity fraud campaign attributed to North Korean actors involving approximately 15,000 stolen identities. The operation targeted remote engineering and marketing positions at major corporations, with operatives passing technical interviews and securing employment.
The scheme relied on regional laptop farms operated by local accomplices who managed the compromised accounts and funneled earned salaries back to North Korea to fund state operations. The operation represented both a financial fraud scheme and a supply chain infiltration strategy simultaneously.
The Rise of Automated Threats
AI-powered bot traffic continues to grow at 21% month-over-month, vastly outpacing organic human web traffic growth at just 0.3%. This explosion of automated threat activity strains detection systems and creates noise that can obscure genuine threats within network monitoring data.
Expert Perspective on the Shifting Landscape
Industry leaders agree that organizations must fundamentally rethink their security posture in response to machine-speed threats. Matthew Hartman, Chief Strategy Officer at Merlin Group, notes that periodic security assessments and siloed tools cannot keep pace with vulnerabilities being weaponized in hours rather than months.
Trey Ford, Chief Strategy and Trust Officer at Bugcrowd, frames the shift as an economic story rather than a technical one. AI has made vulnerability discovery and weaponization so efficient and cost-effective that attackers no longer need stolen passwords when unpatched flaws provide faster entry. He emphasizes that point-in-time testing cannot compete with machine-speed exploitation, and most enterprises remain blind to the coverage gaps created by shadow AI adoption.
Mika Aalto, Co-Founder and CEO at Hoxhunt, argues the path forward requires balancing technical execution with behavioral change. Organizations that maintain resilience will be those executing well on fundamentals: patching systems consistently, maintaining strong incident response capabilities, managing identities effectively, and building security culture that prevents employees from becoming the weakest link.
The underlying message is clear: while the threat landscape continues to evolve, the basics still matter most, only now they need to happen faster.
Sources
https://hackread.com/verizon-dbir-ai-hackers-exploit-vulnerabilities-breaches/
https://www.facebook.com/HackRead/posts/%EF%B8%8F-verizons-2026-dbir-reveals-ai-helped-hackers-exploit-software-vulnerabilities-/1555458209913084
https://x.com/VivekIntel/status/2057122931105538410
https://www.darkreading.com/threat-intelligence/verizon-dbir-enterprises-vulnerability-glut
https://www.reddit.com/r/InfoSecNews/comments/1tikf06/verizon_dbir_ai_helped_hackers_exploit

Comments