IBM 2026 X-Force Threat Index: AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed

ARMONK, N.Y., Feb. 25, 2026 /PRNewswire/ -- IBM (NYSE: IBM) today released the 2026 X-Force Threat Intelligence Index, revealing that cybercriminals are exploiting basic security gaps at dramatically higher rates, now accelerated by AI tools that help attackers identify weaknesses faster than ever. IBM X‑Force observed a 44% increase in attacks that began with the exploitation of public-facing applications, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

Some of the key highlights include:

• Active ransomware and extortion groups surged (49%) year over year, marking ecosystem fragmentation, while publicly disclosed victim counts rose roughly 12%.
• Large supply chain and third-party compromises nearly quadrupled since 2020, as attackers increasingly exploit environments where software is built and deployed or SaaS integrations.
• Vulnerability exploitation became the leading cause of attacks, accounting for 40% of incidents observed by X-Force in 2025.

"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM. "The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate."

AI's Mounting Identity Problem

Infostealer malware led to the exposure of over 300,000 ChatGPT credentials in 2025, signaling that AI platforms have reached the same credential risk as other core enterprise SaaS solutions.

Compromised chatbot credentials create AI-specific risks beyond simple account access. Attackers can manipulate outputs, exfiltrate sensitive data or inject malicious prompts. This underscores the need to assess enterprise-wide AI adoption and enforce strong authentication, and conditional access controls.

AI, Leaked Tooling Lower Barriers to Ransomware Ecosystem

In 2025, X-Force observed a 49% increase in active ransomware groups compared to the prior year, as smaller, transient operators whose low volume campaigns complicate attribution. This trend is accelerated by collapsing barriers to entry as threat actors reuse leaked tooling, rely on established playbooks and increasingly tap AI to automate operations. As multimodal AI models mature, X-Force expects adversaries to automate complex tasks like reconnaissance and advanced ransomware attacks, driving faster-moving, more adaptive threats.

Pressure on Supply Chains Poised to Grow

X-Force identified a nearly 4X increase in large supply chain or third-party compromises since 2020, mainly driven by attackers exploiting trust relationships and CI/CD automation across development workflows and SaaS integrations. With AI-powered coding tools accelerating software creation, and occasionally introducing unvetted code, the pressure on pipelines and open‑source ecosystems is expected to grow in 2026.

This rise is also attributed to the blurring line between nation-state and financially motivated actors. As tactics and techniques spread across underground forums, and AI streamlines reconnaissance and exploitation, techniques once reserved for nation-state actors are now being adopted by financially motivated groups.

Additional findings from the 2026 report include:

• AI accelerating attacker lifecycle. Attackers are using AI to speed research, analyze large data sets and iterate on attack paths in real time. For example, North Korean IT worker schemes are using AI to scale operations, including AI-driven image manipulation for synthetic identities and translation tools to interact across global marketplaces.
• Security fundamentals still lacking. X-Force Red penetration tests reveal persistent weaknesses in credential hygiene and software configuration, with misconfigured access controls as the most common entry point for these engagements.
• Manufacturing tops the target list for the fifth year. The sector accounted for 27.7% of incidents observed by X-Force, with data theft being the most common.
• North America emerged as the most‑attacked region. Accounting for 29% of total cases observed by X-Force, and up from 24% in 2024, North America became the most attacked region for the first time in 6 years.

Additional resources:

• Read the full IBM X-Force Threat Intelligence Index 2026.
• Sign up for the IBM X-Force Threat Intelligence 2026 webinar on March 17 at 11 am ET.
• Connect with the IBM X-Force team for a tailored review of the findings.
• Read more about the report's top findings in this blog.

About IBM
IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit www.ibm.com for more information.

Media Contact:
Michele Brancati
IBM Communications
Mbrancati@ibm.com

 

ARMONK, N.Y., Feb. 25, 2026 /PRNewswire/ -- IBM (NYSE: IBM) today released the 2026 X-Force Threat Intelligence Index, revealing that cybercriminals are exploiting basic security gaps at dramatically higher rates, now accelerated by AI tools that help attackers identify weaknesses faster than ever. IBM X‑Force observed a 44% increase in attacks that began with the exploitation of public-facing applications, largely driven by missing authentication controls and AI-enabled vulnerability discovery.

Some of the key highlights include:

• Active ransomware and extortion groups surged (49%) year over year, marking ecosystem fragmentation, while publicly disclosed victim counts rose roughly 12%.
• Large supply chain and third-party compromises nearly quadrupled since 2020, as attackers increasingly exploit environments where software is built and deployed or SaaS integrations.
• Vulnerability exploitation became the leading cause of attacks, accounting for 40% of incidents observed by X-Force in 2025.

"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services, IBM. "The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate."

AI's Mounting Identity Problem

Infostealer malware led to the exposure of over 300,000 ChatGPT credentials in 2025, signaling that AI platforms have reached the same credential risk as other core enterprise SaaS solutions.

Compromised chatbot credentials create AI-specific risks beyond simple account access. Attackers can manipulate outputs, exfiltrate sensitive data or inject malicious prompts. This underscores the need to assess enterprise-wide AI adoption and enforce strong authentication, and conditional access controls.

AI, Leaked Tooling Lower Barriers to Ransomware Ecosystem

In 2025, X-Force observed a 49% increase in active ransomware groups compared to the prior year, as smaller, transient operators whose low volume campaigns complicate attribution. This trend is accelerated by collapsing barriers to entry as threat actors reuse leaked tooling, rely on established playbooks and increasingly tap AI to automate operations. As multimodal AI models mature, X-Force expects adversaries to automate complex tasks like reconnaissance and advanced ransomware attacks, driving faster-moving, more adaptive threats.

Pressure on Supply Chains Poised to Grow

X-Force identified a nearly 4X increase in large supply chain or third-party compromises since 2020, mainly driven by attackers exploiting trust relationships and CI/CD automation across development workflows and SaaS integrations. With AI-powered coding tools accelerating software creation, and occasionally introducing unvetted code, the pressure on pipelines and open‑source ecosystems is expected to grow in 2026.

This rise is also attributed to the blurring line between nation-state and financially motivated actors. As tactics and techniques spread across underground forums, and AI streamlines reconnaissance and exploitation, techniques once reserved for nation-state actors are now being adopted by financially motivated groups.

Additional findings from the 2026 report include:

• AI accelerating attacker lifecycle. Attackers are using AI to speed research, analyze large data sets and iterate on attack paths in real time. For example, North Korean IT worker schemes are using AI to scale operations, including AI-driven image manipulation for synthetic identities and translation tools to interact across global marketplaces.
• Security fundamentals still lacking. X-Force Red penetration tests reveal persistent weaknesses in credential hygiene and software configuration, with misconfigured access controls as the most common entry point for these engagements.
• Manufacturing tops the target list for the fifth year. The sector accounted for 27.7% of incidents observed by X-Force, with data theft being the most common.
• North America emerged as the most‑attacked region. Accounting for 29% of total cases observed by X-Force, and up from 24% in 2024, North America became the most attacked region for the first time in 6 years.

Additional resources:

• Read the full IBM X-Force Threat Intelligence Index 2026.
• Sign up for the IBM X-Force Threat Intelligence 2026 webinar on March 17 at 11 am ET.
• Connect with the IBM X-Force team for a tailored review of the findings.
• Read more about the report's top findings in this blog.

About IBM
IBM is a leading provider of global hybrid cloud and AI, and consulting expertise. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain a competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and consulting deliver open and flexible options to our clients. All of this is backed by IBM's long-standing commitment to trust, transparency, responsibility, inclusivity and service. Visit www.ibm.com for more information.

Media Contact:
Michele Brancati
IBM Communications
Mbrancati@ibm.com

 

** The press release content is from PR Newswire. Bastille Post is not involved in its creation. **

IBM 2026 X-Force Threat Index: AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed

GUANGZHOU, China, Feb. 25, 2026 /PRNewswire/ -- Guangdong held Provincial High-quality Development Conference on Feb. 24, the first working day of the Year of the Horse. At the conference, the CPC Guangdong Provincial Committee and the People's Government of Guangdong Province focused on the coordinated development of the manufacturing and services sectors, holding in-depth discussions on advancing high-quality development to a higher level, cultivating new competitive strengths, achieving fresh breakthroughs, and securing a strong start to the 15th Five-Year Plan (2026–2030). Huang Kunming, secretary of the CPC Guangdong Provincial Committee, addressed the conference. Meng Fanli, governor of the People's Government of Guangdong Province and secretary of the CPC Shenzhen Municipal Committee, presided. Huang Chuping, chairman of the Standing Committee of the Guangdong Provincial People's Congress, and Lin Keqing, chairman of the Guangdong Provincial Committee of the Chinese People's Political Consultative Conference, also attended.

Huang Kunming said that promoting coordinated development between manufacturing and services is essential to aligning with industrial evolution trends and advancing industrial upgrading. As both a major manufacturing base and a major services hub, Guangdong aims to move from being a large industrial province to a strong one by deepening integration between the two sectors and building a modern industrial system in which industries reinforce one another and develop in tandem. With cutting-edge digital and intelligent technologies, abundant data resources, and a wide range of application scenarios, the province is well positioned to seize new opportunities and leverage its strengths to take the lead in building such a system.

Huang Kunming stressed an unwavering commitment to strengthening the real economy and prioritizing manufacturing, advancing high-quality and efficient development of the services sector, and deepening coordination between the two sectors through AI technologies to enhance Guangdong's overall competitiveness in "advanced manufacturing + modern services." Efforts will be made to energize micro-level market entities, cultivate ecosystem-oriented leading enterprises, and support them in becoming comprehensive champions capable of delivering integrated "manufacturing + services" solutions. Strong support will also be given to "pioneer enterprises" focused on their core businesses, helping them grow into "little giant" firms that apply specialized and sophisticated technologies to produce novel and distinctive products, as well as single-product manufacturing champions and "benchmark enterprises" in the services sector. Hub platform enterprises will be carefully nurtured to drive broader and deeper coordination between manufacturing and services. The province will promote joint research and development in common technologies and innovate organizational models to address fundamental and shared needs, ensuring that scientific and technological innovation permeates every industry and enterprise. Guangdong will also advance the development of a high-level talent hub in the Guangdong-Hong Kong-Macao Greater Bay Area and fully implement the Action Plan to Introduce 1 Million Talents to Guangdong, building an interdisciplinary workforce that is sufficient in scale and high in quality. To remain at the forefront of coordinated development between manufacturing and services, Guangdong will further expand opening-up, accelerate the aggregation of global manufacturing and services resources, and strengthen the twin brands of "Guangdong Manufacturing" and "Guangdong Services" as it attracts high-quality international resources and expands globally with high standards.

During the conference's speech session, Ke Jixin, vice minister of Industry and Information Technology, offered opinions and suggestions on Guangdong's work. Principal officials from several cities and counties (districts), along with representatives of provincial enterprises and institutions, delivered remarks. Focusing on coordinated development between manufacturing and services and accelerating the construction of a modern industrial system, they outlined work plans tailored to local conditions and presented their goals, tasks, and supportive policy measures.

 

** The press release content is from PR Newswire. Bastille Post is not involved in its creation. **

Guangdong focuses on coordinated development of manufacturing and services sectors in 2026