Log In Get Started
Stock Markets May 19, 2026 01:08 PM

Verizon: AI-driven vulnerability exploits overtook stolen credentials as breach starter last year

Annual industry report finds generative AI is accelerating exploit timelines and automating known attack techniques

By Hana Yamamoto

An annual Verizon analysis of more than 31,000 security incidents found that vulnerabilities detected or exploited with AI now exceed breaches initiated by stolen credentials. The report warns generative AI is being used across attack lifecycles to speed exploitation, automating techniques defenders already recognize while raising the prospect that current assessments could become outdated as AI capabilities evolve. The report excludes data from the new Mythos model being trialed under a controlled program.

Verizon: AI-driven vulnerability exploits overtook stolen credentials as breach starter last year

Key Points

  • Verizon's review of over 31,000 incidents found 31% of breaches began with vulnerability exploitation in an AI-influenced context, surpassing incidents that began with stolen credentials.
  • Generative AI is being used across attack stages - including targeting, initial access, and malware development - primarily to automate and scale existing techniques rather than to create entirely novel attack surfaces.
  • The report excludes data on the Mythos model, a high-capability AI being tested under Anthropic’s Project Glasswing; experts say Mythos’s advanced coding skills may enable it to identify and devise exploits for vulnerabilities.

An annual review from Verizon, covering more than 31,000 security incidents, shows a shift in the initial vectors for data breaches: vulnerabilities identified or exploited with AI now outnumber cases that began with stolen credentials.

According to the report, 31% of all breaches began with exploitation of vulnerabilities in what the authors describe as an AI-influenced environment. Verizon cautioned that threat actors are employing AI "to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours."

The report details how hackers are leveraging generative AI across the stages of an attack. It notes that AI is being applied to tasks including targeting, gaining initial access, and assisting in the development of malware and other attack tools. While these applications are widening the scale and speed of activity, Verizon characterizes AI’s main effect so far as operational: it automates and scales attack techniques that defenders already know how to detect, rather than immediately creating fundamentally new types of attack surfaces.

However, the authors add a caveat: that assessment may quickly become outdated as AI capabilities continue to advance. The report found that threat actors typically researched or used AI assistance in 15 different techniques, with some actors employing as many as 50 techniques aided by AI.

The report explicitly excludes data related to Mythos, a recently announced AI model. Mythos, disclosed on April 7, is being made available in a controlled way under Anthropic’s Project Glasswing - a limited program that allows select organizations to use an unreleased Claude Mythos Preview model for defensive cybersecurity work. Verizon is among organizations permitted to operate under that controlled initiative.

Security experts cited in the report warn that Mythos’s advanced coding ability gives it an uncommon capacity to both identify vulnerabilities and suggest ways to exploit them, creating potential new risks even as the model is being trialed for defense.

Verizon’s chief information security officer, Nasrin Rezai, stressed the urgency of adopting AI for defensive purposes. "We need to fight AI with AI. We need to incorporate them into our practices," Rezai said. "We need to bring them into our software development life cycle, in our testing processes, in our cyber defense processes at a scale that we have never done before."

The report’s findings spotlight how generative AI is being used to compress attackers’ timelines and to scale familiar techniques, while also flagging an unresolved question about future attack surfaces as AI models grow more capable. The exclusion of Mythos-related data from the report further underscores an area of active concern and monitoring, given the model’s purported coding strengths and the controlled nature of its current deployments.

Risks

  • Shrinking defense window - AI is accelerating the time from discovery to exploitation of known vulnerabilities, reducing response time for defenders; this affects enterprise security operations, cloud service providers, and software vendors.
  • Rapid advancement of AI - the report’s current assessment that AI mainly automates known techniques may become obsolete as capabilities evolve, creating uncertainty for cybersecurity planning across technology and critical infrastructure sectors.
  • Unmeasured risk from excluded models - the report does not include data from the Mythos model; its strong coding ability could present additional vulnerabilities or exploitation pathways not reflected in the report, impacting organizations participating in controlled trials and their peers.

More from Stock Markets

Wolfe Research Says Rising Treasury Yields, Not Slumping Stocks, Are the More Likely Trigger for U.S. Action on the Iran Conflict May 19, 2026 Google Set to Unveil New AI Tools and Developer Features at I/O May 19, 2026 Chewy Shares Drop to Fresh 52-Week Low After CEO Appearance Fails to Calm Investors May 19, 2026 Aschenbrenner’s Put Bets Stoke Concerns Over AI Chip Valuations May 19, 2026 Pinterest Shares Slide After Q1 GAAP Loss and Rising Legal Overhang May 19, 2026