WASHINGTON — Hackers are increasingly using AI to detect software vulnerabilities, which has shortened the time targets have to respond to threats, global telecommunications company Verizon said in a recent report.

Verizon said using software flaws in data surpassed stolen credentials for the first time. It said in a review of more than 31,000 incidents that 31 percent of all breaches began with vulnerability exploitation, adding, "AI is fundamentally reshaping the cybersecurity industry".

The 2026 Data Breach Investigations Report, which reviews a wide range of industry data, shows intruders are using generative artificial intelligence to help at all stages of attacks, "including targeting, initial access, and development of malware and other tools".

AI was being used by threat actors "to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours", the report said.

The report also found that the use of shadow AI, or non-authorized AI, is now the third most common non-malicious insider action in data loss incidents. Employees are submitting source code in image and other structured data formats.

AI models are making their mark beyond just the realm of finding and exploiting vulnerabilities.

It also noted a steady increase in AI bot activity, with the number of automated web crawlers growing by 20 percent each month — while human-driven traffic remains flat — pointing to a future where bot-related threats may become more frequent.

Patrick Munch, chief security officer at Mondoo, a supplier of vulnerability management services, told Computer Weekly that the report confirmed pain points defenders are already feeling.

"The breach happens in the gap between knowing and fixing, and that is where the work has to move… 62 percent of teams still run remediation manually, only 2 percent are fully automated, and just 9 percent are confident they can fix what matters in time."

Verizon's Chief Information Security Officer Nasrin Rezai said it was critical to address the growing threats.

"We need to fight AI with AI. We need to incorporate them into our practices."

Agencies Via Xinhua