Software vulnerability exploitation has become the leading cause of data breaches for the first time, driven by cybercriminals' rapid adoption of artificial intelligence tools, according to Verizon’s latest survey via an extensive Data Breach Investigations Report (DBIR).
The survey report found that 31% of breaches now originate from attackers exploiting software flaws, overtaking stolen credentials as the most common entry point into corporate systems.
Verizon said attackers now use generative AI tools to scan systems, identify weaknesses, and launch attacks at a much faster pace than before. The company warned that AI has significantly reduced the time available to companies to detect and fix vulnerabilities before they are exploited.
The report analyzed more than 31,000 security incidents and over 22,000 confirmed breaches globally. Researchers observed a sharp rise in attacks targeting internet-facing devices, virtual private networks (VPNs), and third-party vendors.
Cybersecurity experts said AI tools allow attackers to automate reconnaissance, phishing campaigns, and malware creation, making attacks cheaper and more scalable.
For years, stolen usernames and passwords remained the biggest cause of breaches. Verizon’s findings now show that exploitation of vulnerabilities has accelerated as organizations struggle to patch systems quickly.
The report noted that many firms continue to delay software updates, leaving critical flaws exposed for weeks or months after disclosure. Attackers increasingly focus on edge devices and externally accessible systems since they often lack strong monitoring and security controls.
Verizon also flagged growing risks linked to shadow AI, unauthorized AI tools employees use in the workplace without company approval.
The report identified shadow AI as one of the leading non-malicious causes of data leaks. Employees often upload confidential documents, source code, and internal business information into AI platforms without understanding the security risks involved.
Also Read: Apple Cracks Down on Fake Apps and Blocks $2.2 Billion in Fraud
Nasrin Rezai, chief information security officer at Verizon Communications, said organizations must integrate AI into their own cybersecurity systems to counter increasingly sophisticated attacks.
The report recommended faster patch management, stronger monitoring of internet-facing systems, and tighter controls over employee use of AI tools to reduce breach risks.