Shashi Bellamkonda · May 19, 2026 · shashi.co

Vulnerability exploitation just became the number one way attackers get in, according to Verizon's 2026 Data Breach Investigations Report. For years, stolen credentials held that position. The crossover happened because exploitation grew while organizations simultaneously lost ground on patching speed and coverage.

The 19th annual DBIR analyzed more than 31,000 security incidents and 22,000 confirmed breaches across 145 countries. The dataset is large enough to be directional on global enterprise risk, and what it shows is a widening gap between attack velocity and defense tempo.

Patching Is Losing Ground Against Exploitation at Scale

Exploitation of vulnerabilities now appears as an initial access vector in 31% of breaches, up from roughly 20% in recent years and displacing credential abuse, which has fallen to 13%. The headline figure matters less than what sits behind it: remediation performance is deteriorating at exactly the wrong time.

Only 26% of critical vulnerabilities in the CISA Known Exploited Vulnerabilities catalog were fully remediated in 2025, down from 38% the year before. The median time to full remediation stretched to 43 days, up from 32 days. Organizations also faced a 50% increase in the sheer volume of critical vulnerabilities requiring attention compared to the prior year. The survival analysis presented at the analyst briefing makes the structural problem visible: the percentage of open vulnerabilities at day 28 improved from 2022 through 2024, then reversed in 2025, not because patching discipline weakened, but because the total number of vulnerable instances ballooned to 527 million, up from 120 million in 2023 (per CISA KEV survival analysis, analyst briefing).

The attacker side of this equation is equally clear. Among the same set of vulnerabilities, 48% showed persistent exploitation patterns, meaning active attack attempts were detectable on an average of 96% of monitored days (per analyst briefing exploitation cluster analysis). Organizations are not racing against a one-time threat window. They are managing a continuous siege on a growing attack surface, with fewer patches landing before attackers arrive.

Generative AI Is Accelerating Known Techniques, Not Inventing New Ones

This year's report includes a joint analysis with Anthropic examining how threat actors are actually using large language models in cyberattack workflows. The findings complicate the narrative of AI as a force-multiplier for novel threats.

The median threat actor researched approximately 15 MITRE ATT&CK techniques using AI platforms, with high-end actors exploring up to 40. Against a framework that contains techniques in the 800-to-1,000 range, that is a narrow focus. More telling: the majority of techniques being researched already had at least 55 known malware samples implementing the same function. Process injection, the kind of thing defenders have been detecting and mitigating for years, is a representative example. Fewer than 2.5% of the AI-assisted malware observations involved techniques with one or fewer known malware examples.

Among the initial access vectors, AI-assisted techniques skewed heavily toward phishing, which appeared in 44% of cases. Exploit development came second at 32%, credential abuse at 21%. The practical implication is that generative AI is making well-documented attacks faster and easier to execute, not opening fundamentally new attack categories. The exception worth watching: a small cluster of obscure techniques being researched with minimal prior malware implementation. Those are early signals, not current risk, but they are worth tracking.

Ransomware Keeps Growing Even as Payments Shrink

Ransomware appeared in 48% of all breaches, up from 44% the prior year. That consistent upward trend has run through every edition of this report for years. The interesting counterweight is that payment behavior is moving in the opposite direction. Sixty-nine percent of ransomware victims did not pay, up from roughly 51% in 2022. The median ransom paid dropped to approximately $139,000 from $150,000 the year before.

Why payments are falling while incidents rise is not fully answered by the data. The DBIR team notes possible reasons: improved backup posture, organizations that can absorb the disruption, or attackers demanding more than victims can justify paying. The smash-and-grab model, where ransomware operators buy pre-established network access from initial access brokers rather than doing their own intrusion work, keeps the economics viable even at lower payment rates. Small and midsize businesses remain heavily targeted precisely because they represent lower-effort access.

Third-Party Cloud Exposure: The Faster-Growing Problem

Third-party involvement in breaches reached 48% of the total dataset, a 60% increase year over year. The specific lens on cloud authentication exposure reveals a foundational gap. Only 23% of third-party cloud platforms fully remediated missing or misconfigured multifactor authentication. The survival analysis on password weaknesses and privilege misconfigurations shows the median resolution time approaching eight months.

The comparison Philippe Langlois, the DBIR's lead data scientist, made during the analyst briefing lands sharply: a PlayStation account is secured by multifactor authentication by default. Corporate infrastructure, at scale, still is not.

The credential economy around these gaps is documented in the initial access broker data. In underground forums, virtual private network access credentials represented 44% of offerings, remote desktop access 35%. Administrator credentials commanded a median price of $1,300, versus $700 for regular user accounts. The near-doubling in price for elevated privileges reflects how much friction privilege escalation presents for attackers who prefer to buy their way around it.

Shadow AI Is Now a Measurable Data Loss Category

Sixty-seven percent of employees are accessing AI services on corporate devices through personal, non-corporate accounts. Shadow AI has become the third most common non-malicious insider action detected in data loss prevention platforms, a fourfold increase from the prior year.

The data type breakdown inside those DLP violations matters for any organization with intellectual property concerns. Source code represented 28% of content uploaded to unauthorized AI platforms. Images came second at 16%, structured data at 14%, and research and technical documents appeared in 3.2% of violations. For enterprises doing proprietary research, that last category is the one to watch: content potentially ingested by external models with opaque data retention practices.

DDoS Attack Magnitude Is Accelerating at the Extremes

Distributed denial of service attack sizes grew 198% in bits per second and 156% in packets per second compared to the prior year when measured at the extreme end of the distribution. Forty percent of targeted organizations experienced burst attacks, with a median interval between attacks of about 1.4 days. The other 57% faced random-interval attacks with a median gap of 14 days.

Separately, AI bot traffic grew at a 21% month-over-month rate from May to December 2025 across all observed industries. Human-led traffic grew at 0.3% over the same period. Online gambling saw the steepest concentration of AI bot activity, followed by digital media publishing and retail.

What the CIO and CISO Actually Take Away From This

The vulnerability data is the hard one to absorb. Organizations improved their patching performance for three consecutive years. The 2025 reversal is not a failure of process; it reflects a structural increase in the volume of critical vulnerabilities that has outrun capacity. The implication is that prioritization frameworks need to account for scale, not just severity. A 43-day median remediation time against persistent exploitation activity on 96% of monitored days is not a patch management problem alone. It is an architecture and segmentation problem.

The shadow AI finding connects to a broader governance gap. Seventy-nine percent of employees using AI services at work are doing it outside sanctioned channels. Policies written for an era of limited AI access do not match current employee behavior. The source code exposure figure is particularly relevant for technology companies: 28% of what employees uploaded to unauthorized AI platforms was source code.

The Verizon-Anthropic research on AI-assisted attack techniques offers a useful calibration. Most of what attackers are using AI to build is already documented, detectable, and mitigable. Security awareness programs and detection investments built around well-known attack patterns remain relevant. The edge case of novel, low-prior-sample techniques deserves watch-and-track status, not panic. The current risk is speed and scale, not novelty.