Vulnerability Exploitation Overtakes Stolen Credentials in AI-Driven Cyberattacks

The latest DBIR underscores a fundamental change in the cyber threat landscape: attackers are now favoring direct exploitation of software flaws over credential theft. AI‑driven tools can scan public vulnerability databases, generate proof‑of‑concept code, and launch attacks within hours, turning what used to be a lengthy, manual process into a rapid, automated pipeline. This acceleration has pushed vulnerability exploitation to 31% of all recorded breaches, making it the dominant entry point and signaling that traditional defenses built around password hygiene are no longer sufficient.

For security operations teams, the report’s findings translate into a capacity crisis. Patch management programs must shift from quarterly cycles to near‑real‑time workflows, leveraging automated testing and deployment to keep pace with AI‑accelerated exploits. At the same time, attackers are diversifying tactics, with mobile‑centric social engineering delivering success rates 40% higher than classic email phishing, and shadow AI—unauthorized employee use of generative tools—fueling a third‑largest source of data leakage. These trends expose gaps in endpoint visibility and governance, demanding tighter controls over mobile device management and AI usage policies.

Industry response will hinge on integrating AI defensively while reinforcing basic cyber hygiene. Recommendations include expanding attack‑surface reduction, embedding AI into secure‑by‑design development, and enhancing visibility of internet‑facing assets. Supply‑chain risk also demands stricter vendor assessments, as third‑party breaches now comprise nearly half of incidents. Organizations that combine rapid, automated patching with robust governance and layered defenses will be best positioned to mitigate the heightened speed and scale of AI‑powered threats.