IBM Report Reveals AI Accelerating Cyberattacks, Exploiting Basic Security Gaps

IBM's latest report finds that AI is not creating new types of attacks, but rather accelerating existing ones by exploiting basic security flaws like missing authentication.

The main entry points for attackers are public-facing applications and vulnerabilities, with the average time for a hacker to break into a network shrinking to just 29 minutes.

Attacks on software supply chains are surging, as compromised access tokens from one service are used to infiltrate connected platforms, significantly increasing the damage.

IBM's 2026 X-Force Threat Intelligence Index delivers a critical message about the state of cybersecurity.

The report makes it clear that artificial intelligence isn't inventing brand-new cyber threats; instead, it's acting as a powerful accelerator for familiar attack methods. Attackers are using AI to exploit long-standing, basic security weaknesses at an alarming new speed. This shift is compressing the time defenders have to respond and putting immense pressure on fundamental security controls.

Let's break down the causal chain. First, the primary entry point for attackers has become public-facing applications. The report highlights a 44% year-over-year increase in intrusions through this vector. Why? Many of these applications lack basic authentication, making them easy targets for automated, AI-driven scanning and exploitation. This is validated by CrowdStrike's finding that the average attacker 'breakout time'—the time from initial compromise to lateral movement—has plummeted to just 29 minutes.

Second, the risk has expanded deep into the SaaS supply chain. In the past, a password might grant access to one system. Today, an OAuth token from a single compromised application can act as a skeleton key, unlocking data across multiple connected services. The 2025 Salesloft-Drift incident, which cascaded into Salesforce and Google Workspace, is a prime example. This explains why IBM observed that major third-party compromises have nearly quadrupled since 2020.

Finally, this entire ecosystem is fueled by a massive underground market for stolen credentials. With over 300,000 ChatGPT credentials exposed by infostealers in 2025 alone, attackers have a ready supply of valid logins. They no longer always need to trick a human with a phishing email; they can simply log in. This abundance of compromised identities, combined with AI-powered tools, allows attackers to operate with unprecedented efficiency and scale.

The bottom line is that the speed of attacks has fundamentally changed the game. The defensive strategy must pivot towards mastering the basics: enforcing strong authentication on all public-facing services, rapidly patching known exploited vulnerabilities, and tightly controlling access tokens across the software supply chain.

Glossary
OAuth: An open standard for access delegation, commonly used by internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
KEV (Known Exploited Vulnerabilities Catalog): A list maintained by CISA that contains vulnerabilities that are being actively exploited by malicious actors.
Infostealer: A type of malware designed to secretly gather sensitive information from a victim's computer, such as login credentials, financial data, and browsing history.

IBM Report Reveals AI Accelerating Cyberattacks, Exploiting Basic Security Gaps

IBM's latest report finds that AI is not creating new types of attacks, but rather accelerating existing ones by exploiting basic security flaws like missing authentication.

The main entry points for attackers are public-facing applications and vulnerabilities, with the average time for a hacker to break into a network shrinking to just 29 minutes.

Attacks on software supply chains are surging, as compromised access tokens from one service are used to infiltrate connected platforms, significantly increasing the damage.

IBM's 2026 X-Force Threat Intelligence Index delivers a critical message about the state of cybersecurity.

Glossary
OAuth: An open standard for access delegation, commonly used by internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
KEV (Known Exploited Vulnerabilities Catalog): A list maintained by CISA that contains vulnerabilities that are being actively exploited by malicious actors.
Infostealer: A type of malware designed to secretly gather sensitive information from a victim's computer, such as login credentials, financial data, and browsing history.