A 44% surge in attacks targeting public-facing applications reveals that basic security failures, not sophisticated AI tools, remain enterprises' biggest vulnerability according to IBM's latest threat intelligence report.
IBM released its 2026 X-Force Threat Intelligence Index on February 25, analyzing data from incident response engagements and dark web monitoring throughout 2025.
The findings show cybercriminals exploiting fundamental security gaps at dramatically higher rates, with missing authentication controls and unpatched vulnerabilities driving most successful breaches.
Vulnerability exploitation became the leading cause of attacks last year, accounting for 40% of incidents observed by IBM's security team. Many exploited weaknesses required no credentials to access systems, highlighting persistent failures in basic access control and patch management practices across organizations.
"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM.
While artificial intelligence accelerates reconnaissance and attack path analysis, the report emphasizes that foundational security hygiene remains the critical defense line against modern threats.
Active ransomware and extortion groups surged 49% year over year as smaller, transient operators complicate attribution efforts. Publicly disclosed victim counts rose roughly 12%, indicating broader ecosystem fragmentation rather than consolidation among major threat actors.
North America became the most attacked region for the first time in six years, accounting for 29% of total cases observed by X-Force compared to 24% in 2024.
The manufacturing sector faced particular pressure with data theft emerging as the most common attack pattern against industrial targets. As multimodal AI models mature, IBM expects adversaries to automate complex tasks like reconnaissance and advanced ransomware campaigns.
The company recommends organizations shift to proactive approaches using agentic-powered threat detection to identify security gaps before attackers exploit them.
