# IBM releases 2026 X-Force Threat Intelligence Index on AI-driven attacks

_Friday, June 26, 2026 at 9:47 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![IBM releases 2026 X-Force Threat Intelligence Index on AI-driven attacks — Primary](https://newsroom.ibm.com/image/TII+Hero+visual_Social.png)

IBM released the 2026 X-Force Threat Intelligence Index. The report shows that cybercriminals are exploiting basic security gaps at dramatically higher rates, now accelerated by AI tools that help attackers identify weaknesses faster than ever. IBM X-Force observed a 44 percent increase in attacks that began with the exploitation of public-facing applications.

The increase is largely driven by missing authentication controls and AI-enabled vulnerability discovery. Vulnerability exploitation became the leading cause of attacks. It accounted for 40 percent of incidents observed by X-Force in 2025.

Active ransomware and extortion groups surged 49 percent year over year. This marks ecosystem fragmentation, while publicly disclosed victim counts rose roughly 12 percent. Large supply chain and third-party compromises nearly quadrupled since 2020.

Attackers increasingly exploit environments where software is built and deployed or SaaS integrations. Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM, said that attackers are not reinventing playbooks but speeding them up with AI. The core issue is that businesses are overwhelmed by software vulnerabilities.

The difference now is speed, allowing attackers to bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.

Infostealer malware led to the exposure of over 300,000 ChatGPT credentials in 2025. This signals that AI platforms have reached the same credential risk as other core enterprise SaaS solutions. Compromised chatbot credentials create AI-specific risks beyond simple account access.

Attackers can manipulate outputs, exfiltrate sensitive data or inject malicious prompts. This underscores the need to assess enterprise-wide AI adoption and enforce strong authentication and conditional access controls.

## Sources

- [IBM](https://newsroom.ibm.com/2026-02-25-ibm-2026-x-force-threat-index-ai-driven-attacks-are-escalating-as-basic-security-gaps-leave-enterprises-exposed)

---
Canonical: https://techandbusiness.org/newswire/X0O85GNlLhBSz1ObTqSI4a
Retrieved: 2026-06-27T05:54:45.340Z
Publisher: Tech & Business (techandbusiness.org)