“AI-driven attacks escalating” states IBM 2026 X-Force Threat Index

IBM X‑Force observes a 44% increase in attacks that began with the exploitation of public-facing applications, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

Some of the key points included within the Threat Index are as follows: 

*active ransomware and extortion groups surged (49%) year over year, marking ecosystem fragmentation, while publicly disclosed victim counts rose roughly 12%

*large supply chain and third party compromises have nearly quadrupled since 2020 

*vulnerability exploitation has become the leading cause of attacks, accounting for 40% of incidents observed by X-Force in 2025

“Attackers are not reinventing playbooks,” stated Mark Hughes, global managing partner for cyber security services at IBM. “They’re speeding them up with AI. The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact.”

Further, Hughes noted: “Security leaders need to shift towards a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”

AI’s mounting identity problem

Last year, Infostealer malware led to the exposure of over 300,000 ChatGPT credentials, thereby signalling that AI platforms have reached the same credential risk as other core enterprise SaaS solutions.  

Compromised chatbot credentials create AI-specific risks beyond simple account access. Attackers can manipulate outputs, exfiltrate sensitive data or inject malicious prompts. This underscores the need to assess enterprise-wide AI adoption and enforce strong authentication and conditional access controls.

In 2025, X-Force observed a 49% increase in active ransomware groups compared to the prior year. This trend is accelerated by collapsing barriers to entry as threat actors reuse leaked tooling, rely on established playbooks and increasingly tap into AI to automate operations.

As multimodal AI models mature, X-Force expects adversaries to automate complex tasks like reconnaissance and advanced ransomware attacks, in turn driving faster-moving and more adaptive threats.

Pressure on supply chains

X-Force has identified a nearly 4X increase in large supply chain or third party compromises since 2020, mainly driven by attackers exploiting trust relationships and CI/CD automation across development workflows and Software-as-a-Service (SaaS) integrations. With AI-powered coding tools accelerating software creation and occasionally introducing unvetted code, the pressure on pipelines and open-source ecosystems is expected to grow in 2026.

This rise is also attributed to the blurring line between nation state and financially motivated actors. As tactics and techniques spread across underground forums, and AI streamlines reconnaissance and exploitation, techniques once reserved for nation state actors are now being adopted by financially motivated groups.

Additional findings from the 2026 report include the following:

*AI accelerating attacker lifecycle

Attackers are using AI to speed research, analyse large data sets and iterate on attack paths in real-time. For example, North Korean IT worker schemes are using AI to scale operations, including AI-driven image manipulation for synthetic identities and translation tools to interact across global marketplaces 

Security fundamentals still lacking

X-Force Red penetration tests reveal persistent weaknesses in credential hygiene and software configuration, with misconfigured access controls serving as the most common entry point for these engagements 

Manufacturing tops target list for fifth year

The sector accounted for 27.7% of all incidents observed by X-Force, with data theft being the most common 

North America emerges as most‑attacked region

Accounting for 29% of total cases observed by X-Force, and up from 24% in 2024, North America became the most attacked region for the first time in six years

*Read the IBM X-Force Threat Intelligence Index 2026

**Sign up for the IBM X-Force Threat Intelligence 2026 webinar on 17 March