Artificial intelligence is rapidly changing the cybersecurity landscape, and according to Verizon’s latest annual security report, the speed of modern cyber attacks is becoming one of the industry’s biggest challenges.

The company analysed more than 31,000 cybersecurity incidents and found that software vulnerability exploitation has now surpassed credential theft as the leading cause of data breaches for the first time. Around 31% of all analysed breaches started from exploited software vulnerabilities, showing how quickly attackers are adapting their methods.

One of the report’s most important conclusions is that AI is dramatically accelerating the timeline of cyber attacks. Threat actors increasingly use generative AI tools to identify vulnerabilities, automate reconnaissance, develop malware, and improve attack efficiency. Processes that once took weeks or months can now happen within hours, significantly reducing the time available for security teams to react.

Verizon explained that attackers are using AI throughout the entire attack lifecycle, from selecting targets and gaining initial access to refining malicious code and scaling operations. This evolution turns previously manageable vulnerabilities into immediate operational risks for organisations running complex digital infrastructure.

The report also highlights the growing impact of “shadow AI” inside companies. Employees are increasingly using unauthorised AI platforms in day-to-day work processes, often uploading sensitive information such as source code, images, internal documents, or structured datasets without formal approval or governance policies in place.

According to Verizon, shadow AI has already become one of the largest forms of insider-related activity associated with data loss incidents. For companies operating in regulated industries or environments where data continuity and operational control are critical, this creates an additional layer of exposure that traditional security policies may struggle to monitor effectively.

Verizon’s findings align with broader industry research showing a sharp rise in AI-enabled cyber activity. Security companies continue to report significant increases in automated attacks, phishing sophistication, and vulnerability exploitation powered by machine learning systems.

At the same time, the report notes that AI’s current impact is still largely operational. Most attackers are using it to automate and scale techniques already familiar to cybersecurity teams, rather than invent entirely new attack categories. Even so, the pace of AI development suggests that this balance could change quickly.

The report also references growing industry concerns around new advanced AI models capable of complex coding and software analysis tasks. Security researchers warn that highly capable AI systems may soon accelerate vulnerability discovery and exploitation even further, especially in large-scale software ecosystems.

Nasrin Rezai, Verizon’s Chief Information Security Officer, believes organisations must integrate AI directly into their defensive operations to keep pace with the threat landscape.

According to Rezai, cybersecurity teams need to adopt AI across software development, testing, monitoring, and incident response processes at a scale the industry has not previously implemented.

For businesses building or operating critical digital platforms, the message is becoming increasingly clear: AI is changing cybersecurity faster than traditional defence models can evolve. Faster development cycles, broader digital ecosystems, and growing automation create new operational opportunities, but they also reduce tolerance for weak governance, delayed patching, and fragmented security practices.

As AI-assisted attacks continue to accelerate, resilience increasingly depends on visibility, controlled workflows, secure development practices, and the ability to respond in real time.

Source