THERE has been a 44% increase in cyber-attacks exploiting public-facing applications, according to IBM X-Force. The 2026 IBM X-Force Threat Intelligence Index points to missing authentication controls and AI-enabled vulnerability scanning as major drivers behind the spike, with vulnerability exploitation the leading cause of incidents in 2025, accounting for 40% of cases observed by IBM X-Force.
Attackers are speeding up their activity with AI, and Mark Hughes, global managing partner for cybersecurity services at IBM, said the core issue remains software vulnerabilities, but the pace has quickened. IBM found that large supply chain and third-party compromises have nearly quadrupled since 2020, and attackers are increasingly targeting software build and deployment environments, along with SaaS integrations.
The findings also show North America represented 29% of observed cases, up from 24% in 2024, becoming the most attacked region for the first time in six years.