FILE PHOTO: AI (Artificial Intelligence) letters are placed on computer motherboard in this illustration taken, June 23, 2023. REUTERS/Dado Ruvic/Illustration/File Photo/File Photo

AI-related data breaches surpass stolen credentials in cyber incidents, Verizon report says

19 May 2026, 20:10 · CNA · Join

Read a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST

WASHINGTON, May 19 : AI-detected vulnerabilities surpassed incidents of stolen credentials in data breaches last year, according to an annual report from Verizon relating to industry security incidents.

Verizon said in a review of more than 31,000 incidents that 31 per cent of all breaches started with vulnerability exploitation in an AI world. It warned that AI was being used by threat actors "to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours."

The annual report that reviews a wide range of industry data shows hackers are using generative AI to help at all stages of attacks "including targeting, initial access, and development of malware and other tools."

The report said AI’s primary impact "is currently operational: automating and scaling techniques defenders already know how to detect, not yet unlocking these novel or rare attack surfaces."

CNA Games

Guess Word
Crack the word, one row at a time

Buzzword
Create words using the given letters

Mini Sudoku
Tiny puzzle, mighty brain teaser

Mini Crossword
Small grid, big challenge

Word Search
Spot as many words as you can
Show More
Show Less

But it added that assessment might be obsolete as AI continues to advance rapidly.

The report said threat actors typically researched or used AI assistance in 15 different techniques, with some using as many as 50.

The report does not cover data from Mythos, a new AI model that has raised widespread cybersecurity concerns.

Mythos, ‌announced on April 7, is being deployed as part of Anthropic's "Project Glasswing," a controlled initiative under which select organizations are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes, including Verizon.

Mythos' skill in coding at a high level has ⁠given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, according to experts.

Verizon chief information security officer Nasrin Rezai said it was critical to address the growing threats.

"We need to fight AI with AI. We need to incorporate them into our practices," Rezai told Reuters. "We need to bring them into our software development life cycle, in our testing processes, in our cyber defense processes at a scale that we have never done before."

Newsletter

Week in Review

Subscribe to our Chief Editor’s Week in Review

Our chief editor shares analysis and picks of the week's biggest news every Saturday.

Sign up for our newsletters

Get our pick of top stories and thought-provoking articles in your inbox

Subscribe here

Get the CNA app

Stay updated with notifications for breaking news and our best stories

Download here

Get WhatsApp alerts

Join our channel for the top reads for the day on your preferred chat app

Join here