Particle.news
Get it on Google Play
Download on the App Store
8 ARTICLES
·
2w ago

Verizon DBIR 2026: Exploited Software Flaws Now Lead Data Breaches

AI-fueled automation now shrinks patch windows to hours.

AI (Artificial Intelligence) letters are placed on computer motherboard in this illustration taken, June 23, 2023. REUTERS/Dado Ruvic/Illustration/File Photo/File Photo
Image
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon

Overview

  • Verizon’s 2026 Data Breach Investigations Report, released Tuesday, says 31% of breaches began with exploited software vulnerabilities, overtaking stolen credentials for the first time in 19 years.
  • The report finds attackers using generative AI to speed every stage of intrusions, from picking targets to building malware, which lets them turn known bugs into working exploits in hours.
  • Organizations are falling behind on fixes, with median full patching time rising to 43 days in 2025 and only 26% of issues in CISA’s Known Exploited Vulnerabilities catalog patched last year.
  • Breaches involving vendors or other outside providers rose about 60% to 48% of cases, which expands supply‑chain risk for companies that rely on third‑party software and services.
  • Unapproved use of AI tools at work jumped to 45% of employees, making “shadow AI” a leading non‑malicious source of data loss as staff paste source code, images, and other sensitive files into public models.