For the first time in 19 years, exploiting vulnerabilities has become the primary entry point for data breaches, surpassing stolen login credentials.
This is according to the Verizon Data Breach Investigations Report. For the first time in nineteen years, exploiting vulnerabilities is the most common starting point for attacks. Over 31 percent of all breaches now begin with the exploitation of vulnerabilities.
Malicious actors are using AI to drastically reduce the time required to exploit known vulnerabilities from months to hours. The report is based on 2025 data, though Verizon emphasizes that recent developments in AI will further accelerate this pace.
Shadow AI and the supply chain as new risk factors
Meanwhile, another risk is growing within organizations. Shadow AI—employees using unapproved AI tools—is now the third-most-common cause of non-malicious data breaches. The percentage of employees who frequently use AI tools rose from 15% to 45% in just one year. As a result, uncontrolled AI adoption is becoming a serious data security risk, according to the report.
The supply chain also poses growing risks. The proportion of data breaches involving an external party rose by 60 percent. A supplier or another third party is now involved in 48 percent of all breaches.
Mobile attacks and AI bots on the rise
As users become more savvy about email phishing, attackers are shifting to mobile channels. Fake text messages and fake phone calls are now 40 percent more effective than traditional email phishing. Meanwhile, traffic from AI bots is growing by 21 percent per month, while human web traffic has virtually stalled at 0.3 percent.
The report offers concrete recommendations for CISOs: anticipate a wave of patches now that AI identifies vulnerabilities faster, integrate AI into “secure by design” frameworks, and deploy AI within defense-in-depth strategies to reduce the total attack surface.