AI-related data breaches surging, Verizon report says

Verizon’s 2026 Data Breach Investigations Report highlights a sharp rise in AI-fueled cyberattacks, marking a shift in how hackers exploit vulnerabilities. For the first time, 31% of breaches began with vulnerability exploitation—surpassing stolen credentials—after threat actors adopted AI to identify and exploit flaws faster, reducing defense windows from months to hours. The report analyzed over 31,000 incidents and found generative AI used across attack stages, including targeting, initial access, and malware development. Shadow AI, or unauthorized AI tools used by employees, now ranks as the third most common non-malicious insider risk, with workers inadvertently exposing source code and structured data. Verizon’s Chief Information Security Officer, Nasrin Rezai, emphasized the need for AI-driven defenses, stating that organizations must integrate AI into software development, testing, and cybersecurity processes at an unprecedented scale. The report aligns with earlier warnings from CrowdStrike, which noted an 89% year-over-year increase in AI-enabled attacks in 2025, empowering both novice and advanced threat actors. While Verizon acknowledges AI’s current impact is operational—automating known attack methods—it cautions that rapid AI advancements may soon unlock novel threats. Separately, Anthropic’s unreleased Mythos model, part of Project Glasswing (a collaboration with Apple and Google), has raised concerns due to its advanced coding capabilities, potentially enabling unprecedented vulnerability discovery and exploitation. Verizon is among select organizations testing Mythos for defensive purposes, though its full deployment remains restricted. The report underscores the urgent need for proactive AI adoption in cybersecurity to mitigate evolving risks, as traditional defenses struggle to keep pace with AI-driven threats.