AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed

• 25 Feb 2026
• TM Team
• 0 Comments

IBM released the 2026 X-Force Threat Intelligence Index, revealing that cybercriminals are exploiting basic security gaps at dramatically higher rates, now accelerated by AI tools that help attackers identify weaknesses faster than ever. IBM X-Force observed a 44% increase in attacks that began with exploiting public-facing applications, largely driven by missing authentication controls and AI-enabled vulnerability discovery. 

Some of the key highlights include:

• Active ransomware and extortion groups surged (49%) year over year, marking ecosystem fragmentation, while publicly disclosed victim counts rose roughly 12%.
• Large supply chain and third-party compromises nearly quadrupled since 2020, as attackers increasingly exploit environments where software is built and deployed or SaaS integrations.
• Vulnerability exploitation became the leading cause of attacks, accounting for 40% of incidents observed by X-Force in 2025.

"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM. "The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate."

Infostealer malware exposed over 300,000 ChatGPT credentials in 2025, signalling that AI platforms face the same credential risk as other core enterprise SaaS solutions.

Compromised chatbot credentials create AI-specific risks beyond simple account access. Attackers can manipulate outputs, exfiltrate sensitive data or inject malicious prompts. This underscores the need to assess enterprise-wide AI adoption and enforce strong authentication and conditional access controls.

In 2025, X-Force observed a 49% increase in active ransomware groups compared to the prior year, as smaller, transient operators whose low volume campaigns complicate attribution. This trend is accelerated by collapsing barriers to entry as threat actors reuse leaked tooling, rely on established playbooks and increasingly tap AI to automate operations. As multimodal AI models mature, X-Force expects adversaries to automate complex tasks like reconnaissance and advanced ransomware attacks, driving faster-moving, more adaptive threats.