Cyberattacks are escalating at an alarming rate, fueled by the increasing accessibility of artificial intelligence tools that allow malicious actors to identify and exploit security vulnerabilities with unprecedented speed. A new report from IBM X-Force reveals a 44% surge in attacks targeting public-facing applications, largely due to missing authentication controls and AI-enabled vulnerability discovery. This shift isn’t about attackers inventing new methods, but rather accelerating existing ones, creating a more dangerous landscape for businesses and individuals alike.
The IBM 2026 X-Force Threat Intelligence Index, released February 25, 2026, paints a stark picture of a cybersecurity environment where basic security gaps are being exploited at a dramatically higher rate. Even as the global average cost of a data breach saw a slight decrease – falling 9% to USD 4.44 million – the United States experienced a record high of USD 10.22 million, highlighting the disproportionate impact of these attacks on American organizations. This underscores the critical need for proactive security measures and a shift in mindset from reactive defense to preventative strategies.
AI Amplifies Existing Threats
The report emphasizes that AI isn’t creating entirely new attack vectors, but rather amplifying the effectiveness of existing ones. Attackers are leveraging AI to speed up research, analyze vast datasets, and iterate on attack paths in real time. For example, the report notes that North Korean IT worker schemes are utilizing AI for tasks like AI-driven image manipulation to create synthetic identities and translation tools to facilitate interactions across global marketplaces. This automation allows attackers to bypass traditional security measures and move from identifying a vulnerability to exploiting it with greater efficiency.
Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM, succinctly captured the essence of the problem: “Attackers aren’t reinventing playbooks, they’re speeding them up with AI.” He explained that the core issue remains the same – businesses are overwhelmed by software vulnerabilities – but the speed at which those vulnerabilities are exploited has increased exponentially. With many vulnerabilities requiring no credentials, attackers can bypass human intervention and directly impact systems.
The Growing Risk to AI Platforms Themselves
Interestingly, AI platforms are also becoming targets. In 2025, infostealer malware led to the exposure of over 300,000 ChatGPT credentials, signaling that AI platforms are now facing the same credential risks as other core enterprise SaaS solutions. Compromised chatbot credentials aren’t just about account access; they can be used to manipulate outputs, exfiltrate sensitive data, or inject malicious prompts, creating a unique set of security challenges. This highlights the need for robust authentication and conditional access controls across all AI deployments.
Supply Chain Vulnerabilities and Ransomware Surge
The report also reveals a concerning trend: a nearly fourfold increase in large supply chain and third-party compromises since 2020. Attackers are increasingly exploiting trust relationships and CI/CD automation within development workflows and SaaS integrations. The rise of AI-powered coding tools, while accelerating software creation, also introduces the risk of unvetted code entering the pipeline, further exacerbating these vulnerabilities. This trend is compounded by a blurring line between nation-state actors and financially motivated groups, with tactics and techniques spreading rapidly through underground forums.
Adding to the complexity, active ransomware and extortion groups surged by 49% in the past year, marking a fragmentation of the ransomware ecosystem. While publicly disclosed victim counts rose roughly 12%, the increase in smaller, transient operators complicates attribution efforts. The accessibility of leaked tooling and the increasing use of AI to automate operations are lowering the barriers to entry for ransomware attackers, leading to a more diverse and adaptable threat landscape.
Manufacturing Remains a Prime Target
The manufacturing sector continues to be a primary target for cyberattacks, accounting for 27.7% of incidents observed by IBM X-Force in 2025, with data theft being the most common objective. North America has emerged as the most-attacked region, representing 29% of total cases observed by X-Force, up from 24% in 2024 – marking the first time in six years the region has held this position.
The IBM X-Force report underscores the need for organizations to adopt a more proactive and integrated approach to cybersecurity. Security leaders must prioritize agentic-powered threat detection and response to identify gaps and catch threats before they escalate. Strong authentication, robust access controls, and a focus on security fundamentals remain critical components of a comprehensive cybersecurity strategy.
IBM is hosting a webinar on March 17 at 11 am ET to discuss the findings of the 2026 X-Force Threat Intelligence Index in greater detail. Sign up for the webinar here. Organizations can also connect with the IBM X-Force team for a tailored review of the findings.
As AI continues to evolve, so too will the tactics of cybercriminals. Staying ahead of these threats requires a continuous commitment to innovation, collaboration, and a proactive security posture. The challenges are significant, but understanding the evolving landscape is the first step towards building a more resilient and secure future.
Have thoughts on this evolving threat landscape? Share your comments below and join the conversation.
