Verizon report says hackers are using AI to find flaws faster
AI is shrinking defenders’ reaction window: Verizon said 31% of breaches now began with vulnerability exploitation, passing stolen credentials for the first time.
Hackers are using artificial intelligence to move faster through the attack chain, from finding flaws to launching phishing and malware, and that speed is leaving schools, hospitals, local governments and businesses with less time to patch, block or respond. Verizon’s 19th annual Data Breach Investigations Report said vulnerability exploitation accounted for 31% of breaches, overtaking stolen credentials for the first time and underscoring how quickly the balance has shifted in a single reporting cycle.
The report covered incidents from Nov. 1, 2024, through Oct. 31, 2025, and drew on more than 31,000 security incidents and more than 22,000 confirmed breaches across 145 countries, the largest dataset in the report’s history. In the prior year’s DBIR, credential abuse led at 22% and vulnerability exploitation trailed at 20%, a gap that has now reversed. The change suggests that organizations are losing ground not because attackers have invented entirely new tactics, but because they are exploiting known weaknesses more rapidly than many defenders can close them.
Verizon said generative AI is now being used at multiple stages of attacks, including targeting, initial access and the development of malware and other tools. That puts AI inside the operational machinery of cybercrime, not just at the margins. Verizon chief information security officer Nasrin Rezai said companies need to “fight AI with AI” and bring it into software development, testing and cyber defense processes at a scale they have never attempted before.
The report also flagged the risks created inside companies by unauthorized use of AI tools. Shadow AI became the third most common non-malicious insider action in data-loss incidents, with workers submitting source code, images or structured data into systems their employers had not approved. Some analysis of the report found employee AI use on corporate devices reached 45%, while use through non-corporate accounts reached 67%, with source code among the leading data types being uploaded to unapproved services.
Human behavior still sat at the center of the problem. The report said the human element was present in 62% of breaches, while social engineering was the third most common incident pattern overall at 16%. That combination of faster exploitation, more convincing lure campaigns and broader employee use of AI tools means defenders have a shrinking clock. Verizon’s warning is blunt: patch faster, lock down software hygiene and put stronger controls around employee AI use before attack speed outruns response speed.
Know something we missed? Have a correction or additional information?
Submit a Tip
