Vulnerability exploitation top breach entry point, 2026 industry-wide DBIR finds
Published May 19, 2026
Media contact: Carlos Arcila
Published May 19, 2026
?resMode=sharp2&scl=1&fmt=webp)
At a glance
- Vulnerabilities top entry point: Using software flaws (31%) has surpassed stolen credentials for the first time, with AI accelerating attacks from months to hours.
- New human & AI risks: Mobile social engineering success is up 40%, while employee use of unapproved “shadow AI” tripled to 45%, spiking data leakage.
- Expanding attack surfaces: Third-party supply chain breaches jumped 60% (now 48% of total), while AI bot traffic is growing 21% month-over-month.
NEW YORK, NY—Verizon published the annual Data Breach Investigations Report (DBIR) today, which shows how Artificial Intelligence (AI) is impacting the cyber threat landscape as a whole. Although this report uses 2025 data—predating the latest frontier model advancements—the trends are clear: AI is fundamentally reshaping the cybersecurity industry. And at the same time that AI-detected vulnerabilities are in the news, for the first time in 19 years of the DBIR being published, exploiting vulnerabilities has surpassed stolen credentials to become the number one breach entry point.
Key findings:
- Nearly a third (31%) of all breaches start with vulnerability exploitation in an AI world: This is the first time in 19 years that it has surpassed stolen credentials as the biggest point of entry. Further, AI is being leveraged by threat actors to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours.
- Interactive, conversational attacks on mobile are on the rise: In terms of the “Human Element” risk of cybersecurity, as people get more savvy about traditional email phishing, threat actors are pivoting to mobile-centric social engineering (fake text messages and voice calls) with a success rate 40% higher than traditional email phishing.
- More employees now use ‘shadow AI’ at work, risking company secrets: Shadow AI, referring to employees using unapproved AI tools at work, is now the third most common non-malicious data leakage related activity. Frequent usage of AI tools by employees has surged from 15% to 45% of employees in a single year, highlighting an elevated risk of data exfiltration associated with unapproved platforms.
- Supply chains get riskier as third-party involvement in breaches is up 60%: As companies rely more heavily on external vendors, threat actors are exploiting those vulnerabilities, with breaches involving a third party now accounting for 48% of all breaches.
- AI Bots are the next frontier: AI Bot Internet Crawlers are experiencing a massive 21% month-over-month growth compared to entirely flat (0.3%) human-led traffic growth, showing where the next set of threats could come from.
What it means:
The rapid weaponization of known vulnerabilities by AI can create a capacity crisis for security teams, underscoring the urgent need to prioritize fundamental security and risk management practices. In response, the DBIR is providing Chief Information Security Officers (CISOs) and cybersecurity professionals with actionable, resilient recommendations tailored with today’s AI environment in mind throughout the report. These include preparing for an influx of patches as AI identifies software flaws at an accelerating rate, integrating AI into ’secure by design’ frameworks, and leveraging AI within defense-in-depth strategies to minimize the total attack surface.
“While the velocity of cyber threats—driven by AI and faster vulnerability exploitation—is increasing, the foundational principles of security and strong risk management remain the most effective defense,” said Daniel Lawson, SVP Global Solutions, Verizon Business. “The DBIR reinforces that these fundamentals still hold as organizations strive for resilience.”
Download the full 2026 DBIR and review industry specific information on Verizon’s website