AI-driven cyberattacks surpass credential theft, causing record data breaches and fraud losses

Hackers are increasingly using artificial intelligence to detect software vulnerabilities, driving a surge in data breaches that exploit system flaws rather than stolen credentials, Verizon's 2026 report said on May 19. ^{[1, 2, 3, 4, 5]} In a review of over 31,000 incidents, 31% of breaches began with vulnerability exploitation, overtaking stolen credentials as the primary cause of breaches. ^{[1, 2, 3, 4, 5]} AI accelerates exploitation speed, narrowing defense windows from months to hours. ^{[1, 2, 4, 5]}

Verizon Chief Information Security Officer Nasrin Rezai said, "We need to fight AI with AI. We need to incorporate them into our practices to defend against the rapidly evolving threats." ^[1] She urged deeper AI integration into software development, testing, and network monitoring. ^[5] The report described AI as reshaping cybersecurity by automating and scaling attacks that defenders once recognized. ^{[1, 2, 3, 4, 5]}

CrowdStrike's 2026 report found AI-enabled adversaries increased attacks by 89% year-over-year in 2025, expanding capabilities for both low- and high-level threat actors. ^{[1, 2, 6]} Nation-state attacks linked to North Korea have targeted the financial sector, including cryptocurrencies and FinTech. ^[6] Meanwhile, modern cyber intrusions focus more on credential and session token theft, demanding identity-centric defenses. ^[6]

The FBI reported over 1 million cybercrime complaints in 2025 with losses exceeding $208 billion, driven by AI-enhanced fraud schemes featuring AI-generated voice, video, and automated targeting. ^[7] Mason Wilder, Research Director at the Association of Certified Fraud Examiners, said, "The current volume and variety of fraud has reached unprecedented levels, largely driven by the ubiquity and accessibility of AI tools." ^[7] Eva Velasquez, CEO of the Identity Theft Resource Center, warned, "Anyone could be a victim as fraudsters easily gather massive personal data leveraging AI tools." ^[7]

Shadow AI, or unauthorized AI use, ranks as the third most common non-malicious insider cause of data loss. ^{[1, 2]} Anthropic announced Mythos, a new AI model with advanced coding skills employed defensively by Verizon and others under Project Glasswing, but experts caution it also raises cybersecurity concerns. ^{[1, 2, 3, 5]}

AI misuse extends beyond cybercrime. It contributes to digital harassment via deepfake face and voice impersonations to spread misinformation and cause mental harm. ^[8]

The growing threat has led cybersecurity leaders to call for mandatory AI integration in defense strategies and software lifecycles to reduce damage from AI-powered breaches and fraud. ^{[1, 3, 5]}

Anthropic unveiled Mythos in April 2026, marking a milestone in AI-aided defense efforts. ^{[1, 2, 5]} Verizon’s annual report was released May 19, 2026, underscoring AI’s expanding role in cyber risks. ^{[1, 2, 3, 4, 5]}