Vulnerability exploitation top breach entry point, 2026 industry-wide DBIR finds - Verizon
Verizon
Archived Jun 16, 2026
✓ Full text saved
Vulnerability exploitation top breach entry point, 2026 industry-wide DBIR finds Verizon
Full text archived locally
Accessibility Resource Center
Skip to main content
About Us Careers
Support
About Us
News
Responsibility
Investors
end of navigation menu
Get email updates with the latest stories, insights, and news from Verizon. Sign up for Verizon News Alerts
Vulnerability exploitation top breach entry point, 2026 industry-wide DBIR finds
The 19th edition of the Data Breach Investigations Report (DBIR) confirms AI-driven speed as a new challenge, pushing security strategy toward fundamental resilience.
Download 2026 DBIR
Media contact: Carlos Arcila
Published May 19, 2026
At a glance
Vulnerabilities top entry point: Using software flaws (31%) has surpassed stolen credentials for the first time, with AI accelerating attacks from months to hours.
New human & AI risks: Mobile social engineering success is up 40%, while employee use of unapproved “shadow AI” tripled to 45%, spiking data leakage.
Expanding attack surfaces: Third-party supply chain breaches jumped 60% (now 48% of total), while AI bot traffic is growing 21% month-over-month.
NEW YORK, NY—Verizon published the annual Data Breach Investigations Report (DBIR) today, which shows how Artificial Intelligence (AI) is impacting the cyber threat landscape as a whole. Although this report uses 2025 data—predating the latest frontier model advancements—the trends are clear: AI is fundamentally reshaping the cybersecurity industry. And at the same time that AI-detected vulnerabilities are in the news, for the first time in 19 years of the DBIR being published, exploiting vulnerabilities has surpassed stolen credentials to become the number one breach entry point.
Key findings:
Nearly a third (31%) of all breaches start with vulnerability exploitation in an AI world: This is the first time in 19 years that it has surpassed stolen credentials as the biggest point of entry. Further, AI is being leveraged by threat actors to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours.
Interactive, conversational attacks on mobile are on the rise: In terms of the “Human Element” risk of cybersecurity, as people get more savvy about traditional email phishing, threat actors are pivoting to mobile-centric social engineering (fake text messages and voice calls) with a success rate 40% higher than traditional email phishing.
More employees now use ‘shadow AI’ at work, risking company secrets: Shadow AI, referring to employees using unapproved AI tools at work, is now the third most common non-malicious data leakage related activity. Frequent usage of AI tools by employees has surged from 15% to 45% of employees in a single year, highlighting an elevated risk of data exfiltration associated with unapproved platforms.
Supply chains get riskier as third-party involvement in breaches is up 60%: As companies rely more heavily on external vendors, threat actors are exploiting those vulnerabilities, with breaches involving a third party now accounting for 48% of all breaches.
AI Bots are the next frontier: AI Bot Internet Crawlers are experiencing a massive 21% month-over-month growth compared to entirely flat (0.3%) human-led traffic growth, showing where the next set of threats could come from.
What it means:
The rapid weaponization of known vulnerabilities by AI can create a capacity crisis for security teams, underscoring the urgent need to prioritize fundamental security and risk management practices. In response, the DBIR is providing Chief Information Security Officers (CISOs) and cybersecurity professionals with actionable, resilient recommendations tailored with today’s AI environment in mind throughout the report. These include preparing for an influx of patches as AI identifies software flaws at an accelerating rate, integrating AI into ’secure by design’ frameworks, and leveraging AI within defense-in-depth strategies to minimize the total attack surface.
“While the velocity of cyber threats—driven by AI and faster vulnerability exploitation—is increasing, the foundational principles of security and strong risk management remain the most effective defense,” said Daniel Lawson, SVP Global Solutions, Verizon Business. “The DBIR reinforces that these fundamentals still hold as organizations strive for resilience.”
Download the full 2026 DBIR and review industry specific information on Verizon’s website
Published May 19, 2026
Media Contact
Carlos Arcila
908-202-0479
Carlos.Arcila@verizon.com
Categories:
Networks & platforms
Network solutions for business
Tags:
Cybersecurity
Continue reading
The new 465 area code is coming to the 347/718/917/929 area code region in New York
New York is getting a new 465 area code starting June 18, 2026. This overlay joins 347, 718, 917, and 929. Learn how this change impacts calls and local dialing in the NYC boroughs.
7 days ago in Building the future
Verizon named a leader in Gartner® Magic Quadrant™ IoT report, marking third recognition after Private Network, Global WAN reports
Verizon named a Leader in this year’s Gartner Magic Quadrant for Managed IoT Connectivity Services, following the same recognition in 4G and 5G Private Mobile Services and Global WAN services
25 days ago in Network solutions for business
Beyond the track: How Verizon is powering your Indy 500 experience
Verizon overhauled the Indy 500 network for a seamless fan experience, providing instant app response, fast entry, and pro-level 5G speeds for all your sharing and streaming.
26 days ago in 5G technology
Services & Solutions
Verizon.com
Mobile Plans
Mobile Devices
Home Services
Small and Medium Business
Enterprise Solutions
Verizon Connect
Public Sector
Partner Solutions
Support
Mobile Online Support
Home Online Support
Contact Customer Support
Sign in to your Account
Store Locator
Account Security & Fraud Claims
Accessibility
News Alerts Signup
Innovation
Innovation Labs
Verizon Ventures
Network Technologies
Fiber Optics
Multi-Access Edge Compute (MEC)
Careers
Welcome to the #VTeamLife
Life at Verizon
Our Culture
Search Open Roles
Careers Site Map
Follow Verizon
linkedin
facebook-official
twitter
you-tube
instagram
TikTok
Privacy Policy
California Privacy Notice
Health Privacy Notice
Your Privacy Choices
Website Terms of Use
Accessibility
Open Internet
Important Consumer Information
Site Map
© 2026 Verizon