IBM X-Force has reported a significant 44% rise in cyber-attacks targeting public-facing applications.
The latest 2026 IBM X-Force Threat Intelligence Index identifies the lack of authentication controls and AI-driven vulnerability scanning as key factors contributing to this increase.
In 2025, the exploitation of vulnerabilities was the predominant cause of security incidents, representing 40% of the cases tracked by IBM X-Force. Concurrently, the number of active ransomware and extortion groups surged by 49% year on year, indicating a more fragmented threat landscape. The number of publicly disclosed victims saw an increase of approximately 12%.
"Attackers are not changing their strategies; they are simply accelerating them with AI," stated Mark Hughes, the global managing partner for cybersecurity services at IBM. "The fundamental problem remains the same: companies are inundated with software vulnerabilities. The distinction now is the increased speed."
IBM's findings indicate that significant compromises in supply chains and third-party systems have nearly quadrupled since 2020. Attackers are increasingly focusing on software build and deployment environments, as well as SaaS integrations, taking advantage of trusted relationships and CI/CD automation within development processes.
The report also highlighted that the lines are becoming increasingly blurred between nation-state actors and those motivated by financial gain, as tactics disseminate through underground forums and AI enhances the processes of reconnaissance and exploitation.
Some of the key insights from the report include:
-
Infostealer malware compromised over 300,000 ChatGPT credentials in 2025
-
The manufacturing sector accounted for 27.7% of incidents, marking its fifth consecutive year as the most targeted industry
-
North America constituted 29% of the recorded incidents, rising from 24% in 2024, making it the most attacked region for the first time in six years
AI Lowers Barriers And Expands Risk
The research further illustrates how leaked tools and AI capabilities are making it easier for ransomware groups to enter the fray.
Further insights into AI in cyber-attacks can be found in reports on the significant rise of AI-powered cyber-attacks over the past year, as highlighted by CrowdStrike.
Smaller, transient groups are increasingly repurposing established tactics and automating aspects of their operations. As multimodal AI models become more sophisticated, IBM anticipates that adversaries will automate more intricate tasks, including reconnaissance and advanced ransomware operations.
AI is also expediting the lifecycle of attackers more broadly. IBM has noted that threat actors are leveraging AI for research, analyzing vast datasets, and fine-tuning attack strategies in real-time. For instance, schemes attributed to North Korean IT personnel utilized AI-driven image manipulation to forge synthetic identities and employed translation tools to engage in global online markets.
The findings indicate that while the techniques may remain consistent, the speed and scale of exploitation are evolving rapidly as AI becomes increasingly integrated into the cybercrime landscape.
