IBM’s 2026 X-Force Threat Intelligence Index: How AI Is Supercharging Cyber Attacks

If attackers could spin up tireless digital scouts to probe your apps, guess passwords, write phishing emails in any language, and even slip unvetted code into your pipeline—would your defenses keep up? IBM’s newly released 2026 X-Force Threat Intelligence Index suggests the answer, for too many organizations, is still no. The report paints a stark picture: AI isn’t inventing new crimes—it’s accelerating the old ones, exploiting the same basic gaps defenders have struggled with for years.

In other words, the front door is still open—and now the burglars have drones.

IBM’s data—drawn from incident response engagements, dark web monitoring, and global threat telemetry—highlights a surge in vulnerability exploitation, AI-assisted credential theft, and ransomware operations scaled by automation. The takeaway is clear: enterprises don’t just need more tools; they need to close fundamentals, modernize identity defenses, and consider agentic AI to keep pace.

Below, we break down what changed, why it matters, and the highest-impact steps to take right now.

Read IBM’s announcement

The headline: AI-fueled attacks are rising fast, powered by basic security gaps

IBM’s 2026 X-Force Threat Intelligence Index spotlights several key trends from 2025:

Vulnerability exploitation accounted for 40% of observed incidents—up significantly year-over-year. Attackers are using AI to rapidly scan for weak spots and chain exploits at scale.
Public-facing applications without authentication saw a 44% rise in targeting. “Missing auth” remains a shockingly common foot-in-the-door.
Infostealer malware exposed more than 300,000 ChatGPT credentials, enabling risks like prompt injection, unauthorized data access, and sensitive prompt history leaks.
Ransomware groups surged 49% year-over-year, boosted by leaked tooling and AI-driven reconnaissance, targeting, and operations.
Supply chain compromises nearly quadrupled since 2020, exacerbated by AI coding tools introducing unvetted, potentially vulnerable code into production pipelines.
Industry and geography: Manufacturing absorbed 27.7% of incidents, with North America hit hardest at 29% of cases observed.
Tactics evolve: Nation-state and criminal schemes now use AI to create synthetic identities, translate and localize social engineering at scale, and augment fraud campaigns (including IT worker fraud attributed to North Korean actors).

IBM’s Mark Hughes emphasizes a critical theme: attackers aren’t inventing brand-new techniques so much as accelerating proven ones with AI—moving faster than human-only defenders can keep up. That gap is set to widen as multimodal AI supercharges adaptability in 2026.

What changed in 2025: The old problems got AI accelerators

The rise of vulnerability exploitation (40% of incidents)

Vulnerability exploitation has long been a top ingress vector, but the combination of:

Internet-scale scanning
AI-enabled clustering of likely-vulnerable targets
Automated exploit testing and chaining
Lightning-fast weaponization of newly disclosed CVEs

…has supercharged attacker success. Systems lacking authentication, missing patches, or misconfigured internet exposure are low-hanging fruit, and AI simply makes harvesting them cheaper and faster.

What’s particularly concerning is the growth in attacks against public-facing applications with no or weak authentication. When a login page or API endpoint doesn’t enforce identity or authorization consistently, everything downstream is at risk: data access, lateral movement, and ransomware staging.

Ransomware’s automation bump (+49% YoY)

Ransomware hasn’t “returned”—it never left. What’s changed is the cost curve. AI tools help operators:

Prioritize high-value targets more quickly
Draft convincing lures and lingo-matched phishing in seconds
Script reconnaissance, credential stuffing, and infrastructure setup
Generate polymorphic payloads to evade basic detection

Leaked tools and playbooks lower barriers to entry, while automation drives throughput. The result: more incidents, faster time-to-impact, and sharper pressure on victims.

Infostealers and AI credentials: 300,000+ ChatGPT logins exposed

Credentials are still the skeleton key of modern attacks. Infostealers grab cookies, tokens, and saved passwords at scale—now including logins for AI platforms. Stolen ChatGPT credentials open the door to:

Prompt injection and manipulation of saved sessions
Retrieval of sensitive prompt history or outputs
Unauthorized access to connected systems or plugins
Targeted social engineering based on prior conversations

Once attackers can see how your teams use AI, they can aim social engineering, tailor phishing content, and even poison your models’ inputs.

Supply chain compromises: Nearly 4x since 2020

The software supply chain remains a prime attack surface, and AI coding tools introduce both speed and risk. When developers accept generated code without rigorous review, sneaky anti-patterns, hardcoded secrets, or subtle vulnerabilities can slip through. Compromises at the library, package manager, or CI level then cascade downstream to thousands of consumers.

Who’s getting hit hardest?

Manufacturing: 27.7% of observed incidents. Operational technology (OT) interdependencies, legacy systems, and downtime sensitivity make manufacturers high-value targets.
North America: 29% of incidents by region, reflecting both concentration of targets and adversary focus.
Adversaries: Scammers and state-aligned actors increasingly deploy AI for translation, synthetic identities, and large-scale application (e.g., IT worker fraud schemes attributed to North Korean operators).

Why AI is tilting the field for attackers

AI primarily changes speed, scale, and specificity:

Speed: AI systems find and triage weak spots orders of magnitude faster than manual effort.
Scale: Attackers can parallelize recon, phishing, and exploit attempts across thousands of targets.
Specificity: Highly tailored lures—localized by language, role, and sector—convert better.

Combine that with cheap cloud infrastructure, resilient criminal ecosystems, and leaked tooling, and you get an adversary machine built to exploit your slowest, least-automated controls.

Expect 2026 to add another multiplier: multimodal AI. With models that process text, code, images, audio, and video, you’ll see more persuasive voice deepfakes, visual recon (screenshots, UI scraping), and cross-channel social engineering that looks and sounds eerily human.

The playbook: 12 high-impact moves to blunt AI-accelerated attacks

You don’t beat speed with paperwork. You beat speed with fundamentals executed ruthlessly—and automation where it counts.

1) Fix the basics relentlessly

Inventory everything: cloud assets, domains, apps, APIs, identities, and third-party connections.
Close obvious exposures: disable directory listings, block unauthenticated admin panels, remove test endpoints, and ensure authentication on all public-facing apps and APIs.
Patch with purpose: prioritize internet-facing, actively exploited issues using sources like CISA’s Known Exploited Vulnerabilities catalog and exploit-likelihood models (e.g., EPSS).
Kill legacy auth: disable basic/legacy protocols; enforce strong, phishing-resistant MFA for all admins and remote access.

Helpful resources: – CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog – EPSS: https://www.first.org/epss/

2) Go identity-first with ITDR

Identity Threat Detection and Response (ITDR) layers detection and response on top of IAM:

Monitor for session hijacking, token replay, impossible travel, MFA fatigue, and lateral movement via SSO.
Lock down privileged access with just-in-time elevation, approval workflows, and time-bound roles.
Harden conditional access and step-up authentication for risky actions.
Continuously audit stale accounts, shared credentials, and over-permissioned service identities.

Learn more: – NIST Digital Identity Guidelines (SP 800-63): https://pages.nist.gov/800-63-3/ – Microsoft’s identity attack mitigations overview is also useful for strategy (vendor-agnostic principles apply).

3) Deploy agentic AI for defense—safely

If attackers are automating reconnaissance and exploitation, defenders should automate detection and containment:

SOC copilots to summarize alerts, correlate signals, and accelerate triage.
Autonomous playbooks to isolate endpoints, disable accounts, and block malicious domains on high-confidence detections.
AI-assisted hunting to spot anomalous patterns across endpoints, identities, and network logs.

Guardrails matter: – Keep AI on least-privilege operational rails. – Log all actions with human override. – Validate model outputs before changes to production systems.

IBM explicitly urges exploration of agentic AI for threat detection and response—done with careful governance.

4) Mature exposure management

Vulnerability management alone isn’t enough. You need continuous exposure management:

External Attack Surface Management (EASM) to see what attackers see.
Configuration scanning for cloud misconfigurations (CSPM), identity risks (CIEM), and Kubernetes posture (KSPM).
Patch SLAs based on risk tiers: internet-facing criticals within days, not weeks.
Track drift: ensure fixes stick via continuous validation.

Frameworks to align: – CIS Critical Security Controls: https://www.cisecurity.org/controls – NIST SP 800-53 (selections for enterprise): https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

5) Lock down apps and APIs

Given the 44% rise in attacks against unauthenticated public apps, focus here pays dividends:

Enforce authentication and authorization everywhere—especially APIs.
Apply OWASP ASVS and API Security Top 10 controls, including:
Strong object-level authorization
Robust input validation and schema enforcement
Rate limiting and abuse detection
Secrets management and rotation
Shift-left security with SAST/DAST/IAST and secure code reviews on high-risk flows.

Helpful references: – OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/ – OWASP API Security Top 10: https://owasp.org/API-Security/

6) Secure the software supply chain end-to-end

Make it hard to slip malicious or fragile code into releases:

Software composition analysis (SCA) with policy gating for vulnerable licenses/versions.
Provenance and integrity: adopt SLSA and sign artifacts with Sigstore Cosign.
Isolate builds, enforce branch protection and mandatory reviews.
Scan for secrets in code and containers; block pushes that include them.
Monitor your dependencies for maintainership changes and suspicious updates.

Start here: – SLSA: https://slsa.dev/ – Sigstore: https://www.sigstore.dev/ – OpenSSF resources: https://openssf.org/

7) Strengthen ransomware resilience

Assume ransomware will get in; make sure it can’t take everything down:

3-2-1-1-0 backup strategy with immutable and offline copies; test restores quarterly.
EDR/XDR with behavioral detections; rapid isolation actions rehearsed.
Network segmentation—especially for OT and crown jewels.
Disable macros by default; use application allowlisting where practical.
Practice incident response with tabletop exercises and time-boxed drills.

Guidance: – CISA Cross-Sector Cybersecurity Performance Goals: https://www.cisa.gov/cpg

8) Protect AI platforms, prompts, and data

Given the scale of stolen AI credentials:

Enforce SSO with phishing-resistant MFA for AI tools; avoid local password reuse.
Restrict data egress and file uploads; sanitize outputs before downstream use.
For internal LLM apps, sandbox retrieval-augmented generation (RAG) and implement prompt injection filters.
Rotate API keys, watch OAuth scopes, and monitor unusual query volume or content patterns.
Keep an inventory of AI apps and plugins in use; review their permissions.

Resources: – OWASP Top 10 for LLM Applications: https://owasp.org/www-project-top-10-for-large-language-model-applications/ – NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework

9) Harden email and business communications

Enforce SPF/DKIM/DMARC with a p=reject policy for your primary domains.
Add advanced phishing detection with QR code and QR phishing inspection.
Implement banner warnings for external senders and financial approvals.
Train executives and finance on deepfake voice/video risk with strong out-of-band verification.

DMARC details: – https://dmarc.org/

10) Reduce secrets sprawl

Centralize secrets in a vault; never store creds in code, wikis, or CI logs.
Rotate tokens and keys frequently; use short-lived credentials where possible.
Scan repos, containers, and artifacts for secrets both pre-commit and in CI.

11) Monitor for adversary-in-the-middle and token theft

Deploy phishing-resistant MFA (FIDO2/passkeys) to defeat OTP and push fatigue.
Detect and block known AitM phishing kits and suspicious OAuth grants.
Renew session tokens frequently; bind tokens to device and network context where feasible.

Background: – NIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/publications/detail/sp/800-207/final

12) Build a security culture that ships secure-by-default

Embed security champions in product teams.
Make secure code the default with templates, libraries, and guardrails—not just policies.
Reward risk reduction and mean time to remediate (MTTR), not ticket closure volume.

For design principles: – CISA Secure by Design: https://www.cisa.gov/securebydesign

Metrics that matter to boards and CISOs

Forget vanity metrics. Track these to measure progress against AI-accelerated threats:

Time-to-patch for internet-facing criticals (goal: days, not weeks)
Percentage of identities covered by phishing-resistant MFA
Number of privileged accounts (aim to reduce; maximize just-in-time use)
Exposure coverage: percent of assets under EASM/CSPM/KSPM monitoring
Critical vulnerability backlog trend (aim downward with SLA adherence)
Backup recovery time and success rate from immutable copies
Mean time to detect/respond (MTTD/MTTR) for identity misuse and ransomware precursors
Percentage of public-facing apps/APIs with enforced auth and authorization tests

What to watch in 2026

Multimodal AI in the wild: more persuasive voice and video deepfakes; image-aware phishing and UI-based recon.
Autonomous attack agents: chained tasks that discover, exploit, and persist with minimal human input.
Supply chain pressure: attacks on build systems, package registries, and maintainers remain high.
Identity at the center: more session hijacking, OAuth abuse, token theft, and MFA bypass.
Regulations with teeth: expanding obligations (e.g., EU NIS2), SEC incident disclosure expectations, and AI governance controls will affect risk, reporting, and spend.
Passkeys and FIDO2 adoption: the most effective way to blunt phishing and AitM at scale—expect more enterprises to accelerate rollout.

A pragmatic 30/60/90-day action plan

You don’t need a 12-month transformation to close the biggest gaps. Start here:

Next 30 days

Inventory internet-facing assets; remediate unauthenticated endpoints immediately.
Patch actively exploited vulnerabilities on edge systems and VPNs.
Enforce phishing-resistant MFA for administrators and remote access.
Disable legacy auth protocols; review conditional access baselines.
Lock down SSO for AI tools; rotate AI platform credentials.

Next 60 days

Deploy EASM and CSPM; start weekly exposure review.
Roll out ITDR detections; integrate with SIEM/XDR for automated response.
Hardening backups: implement immutability and offline copies; test a full restore.
Stand up SCA in CI; generate SBOMs for critical apps; gate high-risk dependencies.
Configure DMARC p=reject; enhance phishing defenses and reporting.

Next 90 days

Pilot agentic AI for SOC triage and containment with strong guardrails.
Segment critical OT and crown-jewel systems; validate network controls with a purple team exercise.
Formalize vulnerability SLAs; measure and report time-to-patch and backlog trend.
Launch a secure-by-default program: templates, libraries, and security champions in product teams.
Tabletop a ransomware and identity-compromise scenario with execs and legal.

FAQs

What is the IBM X-Force Threat Intelligence Index?

It’s IBM Security’s annual analysis of the global threat landscape, combining incident response data, dark web monitoring, and threat intelligence to identify attacker trends, top techniques, and sector impacts. See IBM’s announcement here: IBM Newsroom.

Why are AI-driven attacks rising now?

Because AI slashes the time and cost of proven methods—scanning, phishing, exploit chaining, and recon—while basic exposures still abound. Attackers don’t need novelty; they need efficiency. AI delivers that efficiency.

Does MFA still help against AI-enabled threats?

Absolutely—but it must be phishing-resistant (FIDO2/passkeys, security keys). Legacy MFA like SMS, TOTP codes, and push approvals are vulnerable to adversary-in-the-middle kits and MFA fatigue. Pair strong MFA with ITDR and token/session protections.

How can we protect our LLMs and AI apps?

Put SSO with phishing-resistant MFA in front of every AI tool.
Sandbox RAG and validate outputs; strip sensitive data before prompts if possible.
Monitor for prompt injection patterns and anomalous usage.
Lock down plugins and data connectors; use least-privilege scopes and short-lived tokens.
Follow the OWASP LLM Top 10 and NIST AI RMF.

What is ITDR and how is it different from IAM?

IAM manages identities and access policies. ITDR (Identity Threat Detection and Response) detects and responds to identity-centric attacks—like token theft, session hijacking, and lateral movement via identity systems—often missed by traditional IAM controls.

Are small and mid-sized businesses targets, too?

Yes. Automation lowers the cost to attack, so SMBs are routinely targeted—especially with ransomware and business email compromise. Basic hygiene, managed detection/response, and strong backups make a big difference.

What metrics should our board track?

Focus on risk-reduction indicators: time-to-patch internet-facing criticals, MFA coverage (phishing-resistant), privileged account count and JIT usage, exposure coverage (EASM/CSPM), critical vuln backlog trend, immutable backup restore success, and MTTR for identity misuse.

Where should we start with agentic AI for defense?

Begin with narrow, high-confidence automations: triage summarization, enrichment, and containment of known bads (e.g., isolating an endpoint on confirmed ransomware behavior). Establish guardrails, logging, and human override. Expand only after measuring impact and safety.

The takeaway

AI has changed the tempo of cybercrime—but it hasn’t changed the playbook. The same basic gaps keep getting exploited: missing authentication, weak identity protection, unpatched edge systems, and supply chain blind spots. IBM’s 2026 X-Force Threat Intelligence Index is a wake-up call to close those doors and match automation with automation.

If you do three things this quarter, make them these: enforce phishing-resistant MFA everywhere it matters, fix internet-facing exposures fast, and pilot agentic AI—under guardrails—to accelerate your own detection and response. The attackers have drones. It’s time we fly, too.

Discover more at InnoVirtuoso.com

I would love some feedback on my writing so if you have any, please don’t hesitate to leave a comment around here or in any platforms that is convenient for you.

For more on tech and other topics, explore InnoVirtuoso.com anytime. Subscribe to my newsletter and join our growing community—we’ll create something magical together. I promise, it’ll never be boring!

Stay updated with the latest news—subscribe to our newsletter today!

Thank you all—wishing you an amazing day ahead!