VERIZON’S 2026 DBIR finds vulnerability exploitation has overtaken credential abuse as the leading breach vector, with AI accelerating attacks and patching delays worsening the problem. The report analyzed 31,000 security incidents, of which more than 22,000 were confirmed breaches, and around 31% of breaches were the result of unpatched vulnerabilities being exploited, while credential abuse accounted for 13%.
According to Verizon’s researchers, threat actors are using AI to speed vulnerability exploitation, shrinking the defence window from months to hours. The median time to full patching rose to 43 days in 2025, up from 32 days the prior year, and only 26% of security defects in CISA’s Known Exploited Vulnerabilities catalog were patched. Ransomware was involved in 48% of breaches, with a median payment below $140,000 and 31% of victims paying.
The report also notes a 60% rise in breaches with third-party involvement and growing use of gen-AI for targeting, initial access and malware development, underscoring the need to fix flaws during development rather than after exploitation.