Vulnerability Exploitation Surpasses Stolen Credentials in AI Attacks

DBIR: Vulnerability Exploitation Now Leads Breaches

Vulnerability Exploitation Surpasses Stolen Credentials

Vulnerability exploitation has overtaken stolen credentials as the top entry point for cyberattacks, according to the latest Verizon Data Breach Investigations Report. This shift is largely driven by the rise of artificial intelligence, which is making vulnerability exploitation more frequent and much faster. Organisations must now prioritise rapid responses to vulnerability exploitation to protect their digital assets.

Why Vulnerability Exploitation Is Growing

For nearly two decades, attackers relied on stolen usernames and passwords to breach systems. Today, the focus has shifted. AI-powered tools allow cybercriminals to scan for software vulnerabilities, automate reconnaissance and develop exploits far more quickly than before. As a result, once a vulnerability is disclosed, attackers can begin exploiting it within hours, rather than weeks or months.

This acceleration puts significant pressure on IT and security teams. Patch management, which was once a scheduled routine, now demands urgent action. Security professionals must prioritise internet-facing systems and ensure vulnerabilities are addressed as soon as possible.

  • AI tools scan for exposed systems rapidly
  • Automated exploit development shortens attack timelines
  • Organisations face increased risk if patching lags behind disclosure
  • Complex IT environments make prioritisation challenging

AI Reshaping the Cyber Threat Landscape

Artificial intelligence is fundamentally changing the nature of cyber threats. It enables attackers to scale their operations, identify targets more efficiently and launch attacks with minimal human intervention. Vulnerability exploitation is only one aspect of the evolving threat landscape influenced by AI.

Other AI-Driven Threats

The DBIR also highlights the rise of social engineering attacks, shadow AI usage and supply chain compromises. Mobile devices are increasingly targeted, and attackers use AI to craft convincing phishing messages or exploit overlooked systems.

  • AI-driven social engineering exploits human factors
  • Shadow AI introduces risks from unauthorised AI tools in organisations
  • Supply chain attacks leverage vulnerabilities in third-party software

These developments require organisations to rethink their security strategies. Traditional approaches centred on identity controls are no longer sufficient. A holistic view of the attack surface, including vulnerabilities in software and hardware, is crucial.

Protecting Against Vulnerability Exploitation in the Age of AI

With vulnerability exploitation now the top breach entry point, organisations must strengthen their defences. AI is making attacks faster and more sophisticated, shrinking the window for response. Cybersecurity fundamentals remain vital, but must be adapted to meet the new pace of threats.

Key Actions for Organisations

Rapid patching and robust vulnerability management are essential. Security teams should focus on internet-facing systems and prioritise fixes for critical vulnerabilities as soon as they are disclosed. Monitoring the external attack surface is equally important to detect potential weaknesses before attackers exploit them.

  • Accelerate patch management: Reduce the time between vulnerability disclosure and remediation. Automate patch deployment where possible and establish clear priorities for high-risk systems.
  • Strengthen vulnerability management: Maintain an up-to-date inventory of assets. Use vulnerability scanning tools to identify and track exposures. Keep abreast of threat intelligence feeds to understand which vulnerabilities are being targeted by attackers.
  • Enhance external attack surface monitoring: Regularly assess internet-facing systems for vulnerabilities. Employ tools that provide visibility across the entire organisation’s digital footprint.
  • Maintain robust identity controls: While vulnerability exploitation is now dominant, strong authentication and access management remain important to limit attacker movement if a breach occurs.
  • Educate staff: Raise awareness about the importance of timely patching and the risks posed by AI-driven attacks. Encourage reporting of suspicious activity and foster a culture of security.

Adapting to Faster Threats: Practical Recommendations

Organisations should review their incident response plans to ensure they can react quickly to new vulnerabilities. Consider implementing automated playbooks for critical patching and empower teams with the tools needed to respond in hours, not days. Collaboration between IT, security and business units is crucial to prioritise resources and minimise disruption.

SMBs: Facing Unique Challenges

Small and medium-sized businesses may lack dedicated resources for vulnerability management. However, they can still take practical steps:

  • Subscribe to vulnerability alerts and threat intelligence feeds
  • Use managed services or external partners for patching and monitoring
  • Focus efforts on the most critical systems, especially those exposed to the internet

By proactively addressing vulnerability exploitation, organisations of all sizes can significantly reduce their risk exposure.

Conclusion: Staying Ahead of AI-Driven Vulnerability Exploitation

The rise of vulnerability exploitation as the leading breach entry point signals a pivotal change in cyber risk. AI has accelerated the pace and reach of attacks, making rapid patching and comprehensive vulnerability management essential. By adapting security strategies and embracing new tools, organisations can stay ahead of emerging threats and safeguard their digital assets.

Originally reported by thecyberexpress.com.

Share this bulletin

About the Author

Headshot of Jonny Pelter, leading cyber security expert in the UK and CISO

Jonny Pelter

Partner

  • CIPM
  • CIPP/E
  • CISSP
  • CISM
  • CRISC
  • ISO27001
  • Prince2
  • MSc
  • BSc

Jonny Pelter

Jonny is a Founding Partner at CyPro and executive group level CISO who has worked closely with the British intelligence agencies NCSC and GCHQ.

An ex-professional rugby player and originating from KPMG and Deloitte, Jonny has a wealth of experience across numerous sectors including technology, critical national infrastructure, financial services, oil & gas, insurance, betting, pharmaceuticals and utilities.

Jonny is a leading cyber security expert in the UK, having featured on national media for his professional commentary such as BBC News, iPlayer, Telegraph and Times Radio.

View Profile
Back to Bulletins
Author
Headshot of Jonny Pelter, leading cyber security expert in the UK and CISO
Jonny Pelter
Category
Published
May 22 - 2026
Post Tags
  • ai-driven cyberattacks
  • patch management
  • threat landscape
  • vulnerability exploitation
Cypro firewall showing robust network security
Secure your business.
Elevate your security, accelerate your growth. We take care of cyber security for high-growth companies, at every stage of their journey.
Get in touch

Related News

KimWolf DDoS Botnet Operator Arrested for Hacking IoT Devices

Vulnerability Exploitation Surpasses Stolen Credentials in AI Attacks

Cyber attack impacts profits and bonuses at M&S

INJ3CTOR3 JOMANGY Webshell Threatens FreePBX Security

Starbucks data breach claims: what professionals should know

Operation Saffron: First VPN Takedown Disrupts Cybercrime

Fake Code-Signing Operation Disrupted by Microsoft

Cybercriminal VPN Dismantled in Europol Crackdown

South Staffordshire Water cyber-attack: ICO fine explained

P2PInfect Botnet Compromises Kubernetes Clusters via Redis

M&S cyber attack recovery boosts business resilience hopes

WantToCry Ransomware Abuses SMB Services for Remote Encryption

GitHub Hacked: Internal Repositories Offered for Sale

Verizon Data Breach Report Reveals Cyber Threat Trends

Retail cyber attack impact: Marks and Spencer case study

Cyber attack fails to dent M&S appeal: retail cyber threats

Malware-Signing Service Disrupted by Microsoft: Ransomware Risk

GitHub hack by TeamPCP: safeguarding software supply chains

Marks & Spencer Cyber Attack Highlights Retail Threats

GitHub hacked: source code auction and cyber threat risks

Arnold Clark 2022 cyber attack: lessons for car dealers

GitHub data breach: What UK SMBs need to know

GitHub breach exposes internal repositories via employee device

Marks and Spencer cyber attack: Impact on profit and retail

Marks & Spencer cyber attack disrupts fashion sales

GitHub Is Hacked: Protect Your Code from Cyber Threats

Exploited Vulnerabilities Overtake as Top Breach Entry Point

Shadow AI surge in the workplace: 4x increase in a year

GitHub Credential Leak Highlights Cybersecurity Risks

Fox Tempest Ransomware Signing Tool Takedown by Microsoft

Microsoft disrupts code-signing cybercrime service

Data breach compensation: PSNI staff paid £40m

Sophos: WantToCry ransomware uses SMB brute force and remote encryption

jlr cyber attack: sector risk and lessons for manufacturers

Zara Data Breach: Phishing Risks for 200,000 Customers

Foxconn Cyber Attack: Ransomware and Data Exfiltration Risks

TanStack supply chain attack exposes OpenAI API keys

Sandworm Hackers Pivot to Critical OT Assets

Chinese Spy Group Shadow-Earth-053 Exploits Exchange Flaws

UK business cyber breach rates: phishing leads the pack

Trellix data breach: source code repository compromised

cPanel 0-Day Authentication Bypass Vulnerability Explained

Cisco firewall vulnerabilities: persistent malware threat

AI-Assisted Credential Harvesting: React2Shell Server Exposed

APT28 DNS Hijacking: How Exploited Routers Enable Credential Theft

Microsoft Defender 0-Day Vulnerability: Privilege Escalation Risk

Fortinet SQL Injection Vulnerability: CISA Warning

New Research Shows the Vulnerability Exploitation Window is Shrinking Fast

BlueHammer Windows Defender Exploit: Understanding the Threat

AI Phishing Attacks: Unravelling the New Age of Deceit

Axios NPM Supply Chain Attack: What Happened and How to Respond

Cisco Firewall 0-Day: What You Need to Know About This Ransomware Threat

Citrix NetScaler Vulnerability: What You Need to Know

Chrome Remote Code Execution: What the Latest Security Update Fixes

Cisco SD-WAN Vulnerabilities: What Professionals Need to Know

Understanding the Microsoft SharePoint Vulnerability and Its Risks

Chrome Remote Code Execution: 8 Vulnerabilities Fixed in Urgent Update

CyPro Cookie Consent

Hmmm cookies...

Our delicious cookies make your experience smooth and secure.

Privacy PolicyOkay, got it!

We use cookies to enhance your experience, analyse site traffic, and for marketing purposes. For more information on how we handle your personal data, please see our Privacy Policy.

Schedule a Call