IBM report reveals AI helping cybercriminals exploit security gaps faster

IBM's 2026 threat report shows cybercriminals using AI to find vulnerabilities faster, driving more attacks on exposed systems.

Cyber security technology concept , Shield With Keyhole icon , personal data , vector illustration

Cyberattacks are rising as criminals take advantage of weak security controls, and new data suggests artificial intelligence is making that process faster. The 2026 X-Force Threat Intelligence Index from IBM reports that attackers are increasingly targeting basic vulnerabilities, especially in systems exposed to the internet.

According to the report, attacks that began with the exploitation of public-facing applications rose 44% worldwide. Many of these incidents involved systems with missing authentication controls. AI tools are also helping attackers scan for weaknesses at a much faster rate.

Ransomware activity also grew during the past year. IBM recorded a 49% increase in active ransomware and extortion groups compared with the year before. While the number of public victim disclosures rose by about 12%, the rise in smaller and short-lived groups suggests a more fragmented ransomware ecosystem.

At the same time, supply-chain attacks have expanded. Large compromises tied to suppliers or third-party services have almost quadrupled since 2020. Attackers are focusing on environments where software is developed and deployed, including CI/CD pipelines and SaaS integrations.

Across IBM's data, exploiting vulnerabilities has become the most common cause of cyber incidents. In 2025, this method accounted for about 40% of attacks tracked by X-Force.

Asia-Pacific faces growing cyber pressure

In the Asia-Pacific region, attackers used a mix of tools and techniques to reach their goals. Malware accounted for about 45% of activity, followed by spam at 15%, legitimate tools at 15%, and direct server access at 10%.

When gaining their first foothold, criminals most often exploited public-facing applications (50%) or used stolen credentials (30%). The report suggests these patterns point to gaps in security practices across parts of the region's growing digital infrastructure.

The consequences of these attacks varied. Data theft and damage to brand reputation each made up about 14% of reported outcomes, while credential harvesting accounted for roughly 7%. Manufacturing companies were hit the most, representing 65% of cases in the region. Finance and insurance followed at 17%, and transportation at 7%.

"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM. "The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate."

AI tools bring new identity risks

IBM also highlighted risks linked to AI platforms themselves. In 2025, infostealer malware exposed more than 300,000 ChatGPT credentials. The finding suggests AI tools are now facing the same type of account security risks as other enterprise software.

Compromised chatbot accounts could give attackers more than simple access. They may use them to influence outputs, steal sensitive data, or insert harmful prompts. The report says companies should review how AI tools are used across their systems and apply strong authentication and access controls.

"Asia-Pacific continues to face a sharp increase in cyber threats, with attackers increasingly leveraging AI and exploiting gaps in basic security. This underscores the scale and sophistication of risks facing critical infrastructure, and highlights the need for organizations to prioritize identity protection, secure configurations, and visibility across cloud and application environments to stay ahead of increasingly automated and adaptive threats," said Catherine Lian, General Manager and Technology Leader, IBM ASEAN.

Ransomware groups grow as barriers fall

The report also links the growth of ransomware groups to easier access to attack tools. Leaked software, shared tactics on underground forums, and AI automation are lowering the barriers for new groups entering the cybercrime ecosystem.

Another concern is the spread of techniques once tied to nation-state hackers. As these tactics circulate more widely, financially motivated groups are adopting them for profit-driven attacks.

IBM's analysis also shows Asia-Pacific has become the second most targeted region, accounting for 27% of incidents observed by X-Force. The report suggests rapid digital growth and geopolitical tensions may make the region an attractive target.

Manufacturing remains the most targeted sector globally for the fifth straight year. It accounted for about 27.7% of all incidents tracked by X-Force, with data theft the most common outcome. Within that sector, Asia-Pacific represented roughly 68% of manufacturing-related cases.