Verizon Cybersecurity Findings: 31% Breaches via Exploits, AI Cuts Defense Windows to Hours
Verizon's 19th annual Data Breach Investigations Report finds that vulnerability exploitation now accounts for 31% of breaches—overtaking stolen credentials—and AI-driven attacks shrink defense windows from months to hours. It highlights 40% higher mobile social engineering success, shadow AI use up from 15% to 45%, and third-party breaches at 48%.
1. Key Breach Entry Trends
The 19th Data Breach Investigations Report finds that vulnerability exploitation accounts for 31% of breaches, overtaking stolen credentials for the first time in its history. This shift underscores a growing attack preference that could drive demand for more advanced security services.
2. AI-Driven Attack Velocity
Threat actors leverage AI to reduce the window to exploit known vulnerabilities from months to hours, demanding rapid patching and resilience measures. AI-powered internet crawlers are growing 21% month-over-month, signaling emerging automated threats.
3. Human Element and Shadow AI
Interactive mobile social engineering attacks now succeed at rates 40% higher than traditional email phishing, while unapproved shadow AI usage by employees jumped from 15% to 45%, elevating internal data leakage risks. Organizations may need to enforce stricter AI governance policies.
4. Third-Party and Bot Threat Growth
Breaches involving external vendors rose to 48%, a 60% increase, highlighting deepening supply chain vulnerabilities. This trend may push more enterprises to demand hardened third-party security protocols and inspections.