Verizon DBIR: Adversaries Weaponize AI in Stealth Attacks by Targeting Points of Exposure

by Amy Larsen DeCarlo, posted in Secure
A close-up portrait of a woman with light brown hair, wearing a black blazer and a light-colored turtleneck sweater, smiling softly against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • Bad actors are raising their intelligence quotient with AI, tapping it to find vulnerabilities faster and to power mobile-centric phishing campaigns.
  • Supply chains are a weak link with partner network weaknesses linked to nearly half of all breaches.

An already volatile threat landscape is becoming even more dangerous as threat actors tap AI to accelerate and improve the success of their attacks on enterprises. Verizon’s 2026 Data Breach Investigations Report (DBIR) reveals how effective adversaries have become in using AI to capitalize on enterprise weaknesses. Exploiting software vulnerabilities was the initiating factor in 31% of all breaches, notable because this is the first time in almost 20 years that it has overtaken compromised credentials as the most frequent entry point for an attack.

The 2026 DBIR examines 31,000 enterprise security incidents in 145 countries–22,000 of which are confirmed data breaches–highlighted how adversaries are both employing AI as an offensive weapon and leveraging security gaps in AI-driven applications to gain access to organizational resources. One finding is that staff are increasingly using unsanctioned AI tools to conduct business. These shadow AI tools are the third most frequent issue cited in data leakage, a quadruple increase over 2025. In just one year, the percentage of employees using shadow AI jumped from 15% to 45%. Of these users, 67% are connecting to shadow AI from non-corporate accounts running on their corporate devices.

Most frequently, employees are uploading source code to unauthorized GenAI models. Alarmingly, some (3%) employees are submitting research and technical documentation to shadow AI systems – in other words intellectual property.

Social engineering remains a popular criminal tactic as part of 16% of all breaches. Mobile-centric social engineering that targets text and voice messaging is a particularly effective technique with a click-rate 40 percent higher than email. Pretexting, in which an adversary creates a fictional situation to get a target to give out sensitive information, credentials, of funds, is represented in 6% of breaches.

The percentage of breaches (48%) that are part of ransomware climbed again – up four percent over last year. But organizations are paying less frequently, with only 31% submitting to the ransom demand. And they are paying less: the median ransom paid was $139,875 – down more than $10,000 from the prior year.

The interconnected nature of business opens up points of exposure along the supply chain. Third-party affiliated breaches shot up 60% from last year, accounting for nearly half (48%) of all breaches. With respect to third-party cloud exposure, these breaches are remedied at a snail’s pace with only 50% saying complete remediation of missing or under secured multifactor authentication (MFA) within a month.

Through a substantial dataset, this year’s DBIR demonstrates how critical it is for organizations to understand how threat actors are capitalizing on points of weakness with AI now in their arsenal. Enterprises need to tap into advances in both AI and automation to address vulnerabilities and accelerate remediation in the event of a breach.

Right now, time is not on the enterprise’s side.

Zoom Enhancements Help Move Work Forward but Fall Short in Other Areas

by Gregg Willsky, posted in Cloud Enable, Communicate
Close-up portrait of a man smiling, wearing glasses and a suit.
G. Willsky

Summary Bullets:

  • Zoom hopes that this latest round of capabilities will help drive greater platform adoption and distinguish itself from rivals.
  • With respect to achieving those goals, the capabilities deliver Zoom a mixed report card.

Zoom announced a mix of capabilities encompassing mobile access for Zoom My Notes, improved agentic search for Zoom AI Companion and upgrades to Zoom MCP Server. Through the new capabilities, Zoom intends to achieve two implicit goals: to drive platform adoption by adding appealing functionality that aligns with recent market trends and to distinguish itself in a competitively dense field.

Continue reading “Zoom Enhancements Help Move Work Forward but Fall Short in Other Areas”

What Was All That Back There, Then? Orange Business Announced 14 Offers at its March Summit

by John Marcus, posted in Big Data, Communicate
A man with dark hair and a slight smile, wearing a black jacket, against a light blue background.
John Marcus – Senior Principal Analyst, Enterprise Mobility and IoT Services

Summary Bullets:

• In March 2026, Orange Business unveiled 14 innovations at its summit, a mix of new products, major upgrades, and strategic repackaging.

• The summit’s offerings position Orange to lead in secure, sovereign enterprise services, driving market differentiation and revenue growth.

Orange Business was not shy about showing its work at its customer summit in Paris this March. The event generated five separate press releases, and included references to “14 breakthrough innovations” in its launch announcement for a collection of “trusted AI, cloud and secure connectivity” offers. If you weren’t paying attention, you may be forgiven for wondering what was all that back there, then?

Continue reading “What Was All That Back There, Then? Orange Business Announced 14 Offers at its March Summit”

April Showers Heartache on Developers Using Popular Coding Tools

by Charlotte Dunlap, posted in Big Data
Close-up portrait of a woman with blonde hair and a warm smile.
C. Dunlap
Research Director

Summary Bullets:

• Anthropic backpedals price hikes following outcry

• GitHub makes controversial move from flat-rate to usage-based billing models

April has a been a controversial and even catastrophic month for developers of popular copilots and agents.

Some enterprise and independent developers felt gut-punched following unorthodox activities including significant price increases and major subscription restructuring. Anthropic removed Claude Code from its standard Pro Plan priced at $20, offering it instead as part of its Max plan for $100 per month. Confronted with serious backlash, it was forced to reverse its decision.

Continue reading “April Showers Heartache on Developers Using Popular Coding Tools”

Lumen Research Paints a Dark Picture of the Threat Landscape in 2026

by Amy Larsen DeCarlo, posted in Secure
A professional headshot of a woman with long blonde hair, smiling gently while wearing a black jacket over a light-colored top.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• As the operator of one of the world’s largest global internet backbones, Lumen has a view into 99% of the public IPv4 addresses; its threat research team Black Lotus Labs monitors 2.3 million threats daily.

• Lumen’s 2026 Defender Threatscape Report underscores the highly organized and effective tactics cybercriminals are using to infiltrate the enterprise by exploiting network and edge vulnerabilities.

Long gone are the days when it was a question of if, not when, an organization would be breached. Most enterprise security practitioners are painfully aware of how successful threat actors have become in evolving their techniques to outwit some of the best defensive tools. But if anything, Lumen’s 2026 Defender Threatscape report, highlights that the real security challenge is only beginning. Leveraging research from its Black Lotus Labs threat intelligence unit including data from investigations, network telemetry, and campaigns between September 2024 and January 2026, Lumen notes that in response to the increasing effectiveness of endpoint detection solutions, cybercriminals have changed their strategies to leverage camouflaged proxies, vulnerable edge devices, and generative AI (GenAI) to set up attacks.

Continue reading “Lumen Research Paints a Dark Picture of the Threat Landscape in 2026”

RingCentral’s Expanded Partnerships with Cox and Spectrum Position Each for Growth in the Contact Center Space and Beyond

by Gregg Willsky, posted in Cloud Enable, Communicate
Close-up portrait of a smiling man with glasses, wearing a light-colored suit.
G. Willsky

Summary Bullets:

  • RingCentral has expanded its partnerships with Cox Business and Spectrum Business by augmenting existing unified communications offers with contact center capabilities.
  • Now is an especially opportune time to expand the partnerships as organizations are under more pressure than ever from customers to forge deeper connections.

RingCentral has recently expanded its partnership with two service providers by supplying contact center capabilities for their portfolios. ‘Cox Business Contact Center with RingCentral’ and ‘Unified Customer Experience (UCX) with RingCentral’ from Spectrum Business both leverage RingCentral’s ‘RingCX’ platform, which is AI-driven and omnichannel capable. Both offers complement existing unified communications (UC) offers brought to market in conjunction with RingCentral based on its ‘RingEX’ platform namely, ‘Cox Business Connect with RingCentral’ and from Spectrum Business, ‘Unified Communications (UC) with RingCentral’. Spectrum Business sweetens the deal by blending in a sales-oriented add-on from RingCentral to its UC offer called AI Conversation Expert (ACE), which transcribes and analyzes sales calls and meetings to help close more opportunities.

Continue reading “RingCentral’s Expanded Partnerships with Cox and Spectrum Position Each for Growth in the Contact Center Space and Beyond”

You Can’t Look Away From IT

by Steven J. Schuchart Jr., posted in IT Leader
Close-up portrait of a balding man with glasses and a distinctive mustache, smiling warmly.
S. Schuchart

Summary Bullets:

• Agentic AI could have been rolled out more gradually, with actual cybersecurity protection, including data protection, regulatory compliance, and responsibility tracking.

• AI and agentic AI are here to stay, but it’s up to customers to pump the brakes and ensure they don’t implement a technology that leaves them vulnerable to attack in ways that even AI’s creators can’t fully envision.

RSAC 2026 concluded last week, and it was a firestorm of AI and agentic AI announcements, products, services, and marketing. The mood on the show floor was positive, the majority of people crowding around interesting demos and informational sessions. And of course, good booth prizes and tchotchkes. Cybersecurity vendors and service providers paid out for lavish booths and even the smaller booths were mostly cleverly decorated/marketed.

Continue reading “You Can’t Look Away From IT”

Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs

by Amy Larsen DeCarlo, posted in Secure
Headshot of a woman with long blonde hair, wearing a black jacket over a beige sweater, smiling against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• APIs are an alluring target for threat actors now with the average number of daily API attacks soaring by 113% versus last year.

• More than 60% of the attacks in 2025 were affiliated with unauthorized workflows and activity that veered from the norm; indicators that are cybercriminals shifted from conventional web breaches to behavior-based incidents.

AI is changing the threat landscape, and it is doing so at lightning speed. Aggressive threat actors are putting the technology to work to expedite endpoint discovery and improve overall efficiencies. This has left enterprises flat-footed, often missing breaches until the real losses are finally discovered.

Continue reading “Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs”

A Unified Network for IT and OT Delivers Efficiency and Creates Opportunity for Service Providers

by siowmeng, posted in Big Data, Cloud Enable, Secure
A professional portrait of a man with short black hair, wearing a dark blazer over a light shirt, standing in front of a blurred glass background.
S. Soh

Summary Bullets:

  • Businesses are modernizing their IT and digitizing their operations. The case of IT and OT convergence is becoming stronger, and this should extend to the underlying network infrastructure.
  • Network services providers can capture this opportunity by strengthening their professional services and focus on business outcomes.

Businesses are constantly looking for automation and efficiency to improve their speed of operations while lowering costs. Technology is a key driver. Much attention on digital transformation has been on information technology (IT), in the form of migrating workloads to the cloud for agility, leveraging data analytics for business insights, and using artificial intelligence (AI) and machine learning (ML) for automation.

Continue reading “A Unified Network for IT and OT Delivers Efficiency and Creates Opportunity for Service Providers”

EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology

by Amy Larsen DeCarlo, posted in Secure
A professional portrait of a woman with long blonde hair, wearing a black jacket and a light-colored top, smiling against a soft blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Ninety-six percent of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying

• However, that same number perceive AI-driven attacks as serious threats to their organization

Cybersecurity is a delicate balancing act, requiring organizations to mount multi-layered defenses without causing the kind of friction that can impede productivity. An effective defense also requires the adequate funding to ensure the appropriate technical and personnel resources are in place to protect enterprise assets. With AI as an active part of the cybersecurity conversation, there are more angles for IT organizations to consider as both a proactive tool and an offensive weapon.

Continue reading “EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology”