VULNERABILITY exploitation has overtaken compromised credentials as the most common initial access vector for data breaches for the first time in nearly two decades, according to Verizon. The latest DBIR report shows that 31% of breaches started with vulnerability exploitation, up from 20% last year. Credential abuse fell to 13% from 22%.
The report also notes that only 26% of critical vulnerabilities in the CISA KEV catalog were fully remediated in 2025, a drop from 38% the previous year, which Verizon attributes to a higher patch load—organizations faced 50% more critical vulnerabilities to patch in this year’s dataset. Analysts quoted by Infosecurity stress the difficulty of prioritising patches when a vulnerability can enable lateral movement, ransomware deployment or data theft.
The DBIR also highlights growing AI involvement in threat techniques and Shadow AI as a rising enterprise risk, with broader implications for how organisations approach vulnerability management and remediation.