IN SecurityWeek’s feature published on 25 February 2026, the IBM X-Force 2025 Threat Intelligence Index shows that more than half of the 400,000 vulnerabilities tracked in 2025 required no authentication before exploitation. The piece highlights the continuing success of infostealer credential theft, noting the discovery of 300,000 ChatGPT credentials on the dark web.
Weak access controls are being exacerbated by the use of agentic AI, which attackers can exploit to widen the blast radius and enable broader supply chain attacks. It also flags a fourfold rise in supply chain or third-party breaches over the last five years, underscoring how compromised credentials can pivot across interconnected systems.
The article argues that stolen credentials, when combined with AI, expand threat surfaces and can enable attacks beyond traditional data theft, while warning that defensive opportunities from agentic AI can also be misused by attackers. According to the report, adversaries are increasingly blurring lines between financially motivated criminals and state-sponsored actors, making credential theft a pivotal step in many campaigns.