Author: Amy Larsen DeCarlo

As Principal Analyst for Security and Data Center Services at Current Analysis, Amy assesses the managed IT services sector, with an emphasis on security and data center solutions delivered through the cloud including on demand application and managed storage offerings.

Verizon DBIR: Adversaries Weaponize AI in Stealth Attacks by Targeting Points of Exposure

by Amy Larsen DeCarlo, posted in Secure
A close-up portrait of a woman with light brown hair, wearing a black blazer and a light-colored turtleneck sweater, smiling softly against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • Bad actors are raising their intelligence quotient with AI, tapping it to find vulnerabilities faster and to power mobile-centric phishing campaigns.
  • Supply chains are a weak link with partner network weaknesses linked to nearly half of all breaches.

An already volatile threat landscape is becoming even more dangerous as threat actors tap AI to accelerate and improve the success of their attacks on enterprises. Verizon’s 2026 Data Breach Investigations Report (DBIR) reveals how effective adversaries have become in using AI to capitalize on enterprise weaknesses. Exploiting software vulnerabilities was the initiating factor in 31% of all breaches, notable because this is the first time in almost 20 years that it has overtaken compromised credentials as the most frequent entry point for an attack.

Continue reading “Verizon DBIR: Adversaries Weaponize AI in Stealth Attacks by Targeting Points of Exposure”

Lumen Research Paints a Dark Picture of the Threat Landscape in 2026

by Amy Larsen DeCarlo, posted in Secure
A professional headshot of a woman with long blonde hair, smiling gently while wearing a black jacket over a light-colored top.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• As the operator of one of the world’s largest global internet backbones, Lumen has a view into 99% of the public IPv4 addresses; its threat research team Black Lotus Labs monitors 2.3 million threats daily.

• Lumen’s 2026 Defender Threatscape Report underscores the highly organized and effective tactics cybercriminals are using to infiltrate the enterprise by exploiting network and edge vulnerabilities.

Long gone are the days when it was a question of if, not when, an organization would be breached. Most enterprise security practitioners are painfully aware of how successful threat actors have become in evolving their techniques to outwit some of the best defensive tools. But if anything, Lumen’s 2026 Defender Threatscape report, highlights that the real security challenge is only beginning. Leveraging research from its Black Lotus Labs threat intelligence unit including data from investigations, network telemetry, and campaigns between September 2024 and January 2026, Lumen notes that in response to the increasing effectiveness of endpoint detection solutions, cybercriminals have changed their strategies to leverage camouflaged proxies, vulnerable edge devices, and generative AI (GenAI) to set up attacks.

Continue reading “Lumen Research Paints a Dark Picture of the Threat Landscape in 2026”

Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs

by Amy Larsen DeCarlo, posted in Secure
Headshot of a woman with long blonde hair, wearing a black jacket over a beige sweater, smiling against a light blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• APIs are an alluring target for threat actors now with the average number of daily API attacks soaring by 113% versus last year.

• More than 60% of the attacks in 2025 were affiliated with unauthorized workflows and activity that veered from the norm; indicators that are cybercriminals shifted from conventional web breaches to behavior-based incidents.

AI is changing the threat landscape, and it is doing so at lightning speed. Aggressive threat actors are putting the technology to work to expedite endpoint discovery and improve overall efficiencies. This has left enterprises flat-footed, often missing breaches until the real losses are finally discovered.

Continue reading “Akamai Research Shows AI-Powered Attacks are Targeting Undersecured APIs”

EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology

by Amy Larsen DeCarlo, posted in Secure
A professional portrait of a woman with long blonde hair, wearing a black jacket and a light-colored top, smiling against a soft blue background.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Ninety-six percent of the security leaders surveyed see AI as a core element in their cybersecurity strategy that they are already deploying

• However, that same number perceive AI-driven attacks as serious threats to their organization

Cybersecurity is a delicate balancing act, requiring organizations to mount multi-layered defenses without causing the kind of friction that can impede productivity. An effective defense also requires the adequate funding to ensure the appropriate technical and personnel resources are in place to protect enterprise assets. With AI as an active part of the cybersecurity conversation, there are more angles for IT organizations to consider as both a proactive tool and an offensive weapon.

Continue reading “EY Survey Reveals Enterprises are Investing in AI to Repel Adversaries Weaponizing the Very Same Technology”

IBM X-Force Threat Index 2026: Adversaries Use AI as a Weapon in Scaling Attacks

by Amy Larsen DeCarlo, posted in Secure
A professional headshot of a woman with long blonde hair, smiling softly while wearing a black blazer and a light-colored turtleneck.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• New research from the IBM X-Force threat intelligence team said the most sweeping developments in cybersecurity are threat actor exploiting exposed systems, gaps in supply chain defenses and fissures in interlinked application and cloud ecosystems to increase the volume and effectiveness of their attacks.

• IBM X-Force saw a dramatic rise in the number of active ransom groups, noting that cybercriminals are employing leaked tools and playbooks while using AI to automate attacks.

It is no secret that the enterprise is under threat from ambitious and aggressive cybercriminals, and that these threats have been escalating. Recently published research from IBM X-Force bears that out, highlighting the fact that adversaries are quick to exploit some major vulnerabilities to breach their targets. Compiling data from incident response, penetration tests, the dark web, and other intelligence, the newly published X-Force Threat Intelligence Index 2026 uncovered that the most common entry point for bad actors is publicly-facing applications. Citing the increasing complexity of applications and the frequency of misconfigurations, these applications are easily breached. There was a 44% increase in the number of publicly facing applications breached this year versus last.

Continue reading “IBM X-Force Threat Index 2026: Adversaries Use AI as a Weapon in Scaling Attacks”

Cisco Research Finds AI Is Revolutionizing the Privacy Landscape

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• The overwhelming majority of organizations say they are benefiting from privacy investments in a myriad of ways, including helping increase customer trust.

• But most acknowledge data localization efforts increase the cost and complexity – and risk – to cross-border data transfers.

Data privacy is top of mind for most organizations, and not just because of a stormy geopolitical climate that is putting pressure on businesses to meet stringent regulatory requirements around data residency. Security concerns about protecting both customer data and intellectual property have companies expanding privacy programs. There is also growing recognition that customers place a premium on knowing their data will be protected.

Continue reading “Cisco Research Finds AI Is Revolutionizing the Privacy Landscape”

ISC2’S Security Study Finds an Overburdened Workforce Embracing AI

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • While the escalation in cybersecurity cuts leveled off in 2025, the ISC2 survey showed economic instability is keeping IT budget expansion in check, which is a cause for concern that organizations will hold off on making needed investments in cybersecurity.
  • AI is changing the IT industry as a whole, and cybersecurity specifically. Seen as both an offensive weapon and a potential defensive shield, security professionals see the technology as opportunistic for their careers rather than a threat to job security, offering them a chance to hone their skills and improve their professional trajectory.

One of the most significant challenges in cybersecurity is the resource constraints and skills gaps that plague so many organizations. Add to the mix technologies like AI that enterprising threat actors are all too eager to insert into their arsenals, and the issue of staff limitations is magnified. In its 2025 ISC2 Cybersecurity Workforce Study, the non-profit association uncovered a profession balancing the struggle to keep ahead of increasingly sophisticated adversaries while also savoring the chance to leverage AI and other technologies to elevate their defenses. The annual study of industry workplace trends, which surveyed 16,020 security professionals globally, found resource constraints are front and center in impacting the cybersecurity workplace.

Continue reading “ISC2’S Security Study Finds an Overburdened Workforce Embracing AI”

Verizon Mobile Security Index: In the AI Era, the Human Element Remains the Weak Link

by Amy Larsen DeCarlo, posted in Big Data
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • To protect an expansive mobile environment attack surface in the face of a very dangerous threat environment, organizations are ramping up their security investments, with 75% of the 762 polled in a recent Verizon study reporting they had increased spending this year.
  • But concerns still loom large threat actors using AI and other technologies and tactics to breach the enterprise; and only 17% have implemented security controls to stave off AI-driven attacks.

Mobile and IoT devices play an essential role in most organizations’ operations today. However, the convenience and flexibility they bring comes with risk, opening new points of exposure to enterprise assets. Organizations that were quick to embrace bring your own device (BYOD) strategies often didn’t have a solid plan for safeguarding this environment when so many of these devices were under-secured. Enterprises have made progress in layering their defenses to better protect mobile and IoT environments, but there is still room for progress.

Continue reading “Verizon Mobile Security Index: In the AI Era, the Human Element Remains the Weak Link”

LevelBlue Research Finds Manufacturing Organizations are at Risk and Underprepared for Cyber Threats

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

  • As part of a larger global cross-industry study, LevelBlue surveyed executives in 220 manufacturing companies to gauge the state of their cyber resilience strategies in the era of AI-driven threats and other risks
  • Awareness is high but also so are concerns, with 37% saying they are seeing a significantly higher volume of attacks; just 30% said their organization is prepared for deepfake attacks, even as 47% are anticipating them

Threat actors are savvy when choosing their targets. Manufacturing holds a strong appeal to cyber criminals because the profit potential associated with intellectual property is high and, thanks in part to supply chain vulnerabilities, there are plenty of points of exposure. A recent LevelBlue survey of 220 manufacturing executives found that while awareness about the threat environment is high, preparedness, especially for AI-driven attacks, is not.

Continue reading “LevelBlue Research Finds Manufacturing Organizations are at Risk and Underprepared for Cyber Threats”

Verizon Frontline Research Shows an Uptick in the Use of Advanced Technology by First Responders on the Horizon

by Amy Larsen DeCarlo, posted in Network
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Though just 12% of public safety workers currently use AI everyday, 46% anticipate it will become part of their daily work by 2030.

• With an increasing emphasis on using network-dependent technologies like connected cars and drones, network reliability – or the lack thereof – is the top concern of 67% of those surveyed.

As essential as first responders are, public safety officials aren’t necessarily known for deploying leading-edge technology. But results from the fifth annual Verizon Frontline Public Safety Communications Survey suggest this may be changing. The survey results of 1,028 first responders – i.e., EMS, fire, police, emergency management, public safety, and emergency communications workers – find that while advanced technologies like AI and drones are broadly used today, they expect wider implementation through 2030.

Continue reading “Verizon Frontline Research Shows an Uptick in the Use of Advanced Technology by First Responders on the Horizon”