IBM X-Force Threat Index 2026: Adversaries Use AI as a Weapon in Scaling Attacks

by Amy Larsen DeCarlo, posted in Secure
A professional headshot of a woman with long blonde hair, smiling softly while wearing a black blazer and a light-colored turtleneck.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• New research from the IBM X-Force threat intelligence team said the most sweeping developments in cybersecurity are threat actor exploiting exposed systems, gaps in supply chain defenses and fissures in interlinked application and cloud ecosystems to increase the volume and effectiveness of their attacks.

• IBM X-Force saw a dramatic rise in the number of active ransom groups, noting that cybercriminals are employing leaked tools and playbooks while using AI to automate attacks.

It is no secret that the enterprise is under threat from ambitious and aggressive cybercriminals, and that these threats have been escalating. Recently published research from IBM X-Force bears that out, highlighting the fact that adversaries are quick to exploit some major vulnerabilities to breach their targets. Compiling data from incident response, penetration tests, the dark web, and other intelligence, the newly published X-Force Threat Intelligence Index 2026 uncovered that the most common entry point for bad actors is publicly-facing applications. Citing the increasing complexity of applications and the frequency of misconfigurations, these applications are easily breached. There was a 44% increase in the number of publicly facing applications breached this year versus last.

Threat actors are polishing their techniques and applying advanced technology to infiltrate networks through vulnerabilities and other security gaps. The report suggests too many organizations are not deploying appropriate controls to deflect attacks. Fifty-six percent of the disclosed vulnerabilities did not involve authentication for access. The result is a high rate of success in stealing high-value data including credentials. IBM identified 300,000 AI chatbot credentials up for sale on the dark web.

Cybercriminals continue to actively exploit supply chain weaknesses in ecosystems, CI/CD platforms and cloud infrastructure. IBM X-Force researchers saw more attacks against developer platforms including GitHub and GitLab and breaches of cloud services infrastructure and SaaS platforms. A key takeaway is that bad actors are focusing on the platforms where applications are developed and the ecosystems that facilitate workflows.

AI is in play with adversaries employing generative AI (GenAI) to expand phishing campaigns, expedite malware development, and innovate social media campaigns with more sophisticated content creation. The immediate result is that the threat actors are using AI to increase their efficacy by reducing development time and trying out new tactics during an intrusion. This kind of agility seriously tests security practitioners who have often relied on fixed rules and signatures to combat breaches.

Conversely, enterprise security teams are also applying AI in areas like analytics to process massive volumes of network and systems data, accelerating detection and response times. Machine learning has long been a key defensive tool in discerning harmless anomalies from serious threats.

Organizations need to close security gaps, particularly at points of interconnection in their ecosystems. Fundamentals around identity and authentication and configuration issues must be addressed before they are exploited. Enterprises need to prioritize effective policy development and training, for both security practitioners and line of business employees. Security teams also need to be ready for the AI factor in attacks, which lends adversaries both speed and flexibility. At the same time, they need to tap the technology as a defensive shield in helping them recognize threats faster and deflect attacks.

Leave a Reply