Vulnerability exploitation has officially become the leading cause of cybersecurity breaches for the first time in nearly two decades, according to the latest Data Breach Investigations Report (DBIR) released by Verizon. The findings highlight how artificial intelligence is rapidly reshaping the threat landscape, enabling attackers to weaponize software flaws faster than security teams can respond.
The 19th edition of the DBIR revealed that 31% of all recorded breaches now begin with vulnerability exploitation, surpassing stolen credentials as the most common attack entry point. Researchers warned that AI-driven automation is dramatically reducing the time between vulnerability disclosure and active exploitation, shrinking defensive response windows from months to just hours.
The report paints a broader picture of an evolving cybersecurity environment where AI-powered attacks, mobile-focused social engineering, shadow AI usage, and supply chain compromises are all expanding organizational risk.
Vulnerability Exploitation Surpasses Stolen Credentials
For years, stolen usernames and passwords remained the primary method used by cybercriminals to breach corporate systems. However, the latest DBIR findings show a major shift in attacker behavior.
Researchers found that threat actors are increasingly prioritizing vulnerability exploitation because AI tools can quickly identify weak systems, automate reconnaissance, and accelerate exploit development.
According to the report, attackers are now moving much faster after vulnerabilities become public. Organizations that previously had weeks or months to deploy security patches are now facing exploitation attempts within hours of disclosure.
Security experts said this trend is creating significant pressure on security operations teams already struggling to manage patching priorities across complex environments.
Daniel Lawson, Senior Vice President of Global Solutions at Verizon Business, said the growing speed of cyberattacks reinforces the importance of strong cybersecurity fundamentals.
“While the velocity of cyber threats driven by AI and faster vulnerability exploitation is increasing, the foundational principles of security and strong risk management remain the most effective defense,” Lawson said.
AI Reshaping the Cyber Threat Landscape
The report repeatedly emphasized the growing influence of artificial intelligence on cybercrime operations.
Researchers noted that AI is not only helping defenders identify vulnerabilities more efficiently, but also allowing attackers to automate exploitation at unprecedented scale and speed.
The DBIR warned that AI-assisted attack workflows are creating what researchers described as a “capacity crisis” for many security teams. Organizations are being forced to process increasing numbers of vulnerabilities while facing shorter remediation timelines.
The report recommended that enterprises:
- Strengthen patch management programs
- Reduce overall attack surface exposure
- Integrate AI into secure-by-design frameworks
- Expand defense-in-depth strategies
- Improve visibility into internet-facing assets
Researchers also highlighted rapid growth in AI bot activity across the internet.
According to the report, AI bot crawler traffic is increasing by 21% month over month, while human-driven traffic growth remains almost flat at just 0.3%.
Mobile Social Engineering Attacks Rising
Beyond vulnerability exploitation, the DBIR identified major changes in social engineering tactics.
As users become more cautious about traditional phishing emails, attackers are increasingly shifting toward mobile-based scams involving text messages and voice calls.
The report found that conversational and interactive mobile attacks now achieve success rates roughly 40% higher than traditional email phishing campaigns.
Researchers said attackers are leveraging:
- Fake SMS messages
- Voice phishing calls
- Messaging app impersonation
- Mobile account verification scams
Cybersecurity analysts warned that mobile devices continue to represent a major blind spot for many organizations because security monitoring on smartphones often remains less mature than on corporate desktops and servers.
Shadow AI Creates New Data Leakage Risks
Another major concern highlighted in the DBIR involves the rapid rise of “shadow AI” usage inside organizations.
The term refers to employees using unapproved artificial intelligence tools without formal oversight from security or compliance teams.
According to Verizon’s findings, frequent use of AI platforms by employees surged from 15% to 45% within a single year.
Researchers said shadow AI has now become the third most common cause of non-malicious data leakage incidents.
Security experts warned that employees may unknowingly expose:
- Confidential corporate data
- Customer information
- Source code
- Internal business documents
- Sensitive communications
The report stressed that organizations need clearer governance policies around AI usage as adoption continues accelerating across workplaces.
Supply Chain Breaches Continue to Grow
The DBIR also documented a significant rise in third-party and supply chain compromises.
Researchers found that breaches involving external vendors increased by 60% compared to previous reporting periods. Third-party involvement now accounts for 48% of all recorded breaches.
As organizations rely more heavily on cloud providers, software vendors, and outsourced services, attackers are increasingly targeting weaker links within interconnected supply chains.
The report concluded that the cybersecurity industry is entering a period where resilience, rapid response capabilities, and basic security hygiene remain critical despite rapid advances in AI-powered attack techniques.
While artificial intelligence is changing the speed and scale of cyber threats, researchers stressed that organizations must continue focusing on foundational cybersecurity practices to defend against the growing wave of vulnerability exploitation and AI-driven attacks.
