Verizon has released the 2026 edition of its annual Data Breach Investigations Report (DBIR), finding that vulnerability exploitation has surpassed stolen credentials as the leading breach entry point for the first time in the report’s 19-year history.
As stated in a May 14 media release, the report highlights how artificial intelligence is reshaping the cybersecurity threat landscape by accelerating the speed at which attackers exploit known software vulnerabilities.
According to the report, nearly one-third of all breaches now begin with vulnerability exploitation, accounting for 31% of incidents analyzed. The report noted that AI-enabled threat actors are dramatically reducing the time between vulnerability discovery and exploitation, compressing defensive response windows from months to hours.
The DBIR also found that attackers are increasingly shifting toward mobile-focused social engineering attacks, including fraudulent text messages and voice calls, as users become more aware of traditional phishing emails. Verizon said these conversational mobile attacks are achieving success rates 40% higher than conventional email phishing attempts.
The report additionally highlighted growing concerns around “shadow AI,” or employees using unauthorized AI tools in the workplace. According to Verizon, frequent use of AI tools by employees increased from 15% to 45% over the past year, with shadow AI now ranking as the third most common source of non-malicious data leakage activity.
Third-party and supply chain risks also continue to rise, the report found. Breaches involving third parties accounted for 48% of all incidents analyzed, representing a 60% increase from previous reporting periods.
“While the velocity of cyber threats — driven by AI and faster vulnerability exploitation — is increasing, the foundational principles of security and strong risk management remain the most effective defense,” said Daniel Lawson, senior vice president of global solutions at Verizon Business, in the media release.
The report recommends that healthcare and other industry security leaders prioritize core cybersecurity practices, including rapid patch management, secure-by-design frameworks and defense-in-depth strategies as AI-driven threats continue to evolve.
The full 2026 DBIR and industry-specific findings are available from Verizon Business.
