Software vulnerabilities have become the leading cyberattack entry point as AI-driven threats increase pressure on companies worldwide.

The cybersecurity landscape is becoming more complex by the day. And this week, by Verizon released its 2026 Data Breach Investigations Report, researching more than 31,000 real-world security incidents involving organizations across 145 countries.

The report, which covers events from October 2024 to November 2025, found that 31% of breaches now start with software vulnerabilities, beating stolen passwords as the top way for hackers to break into company systems.


The fact that software vulnerabilities are now the biggest entry point is concerning – particularly when considering that frontier AI models like Claude Mythos have the ability to identify and exploit zero-day vulnerabilities. As AI threatens to narrow the window between vulnerability discovery and exploitation, companies are going to need to become much more efficient at vulnerability mitigation.


At the same time, Splunk also released The Hidden Costs of Downtime 2026 report, which found that the Global 2000’s aggregate downtime costs have soared to $600 billion USD annually – up 50% from 2024 – with the average company in this group now losing $300 million USD a year to unplanned outages and service degradation.

Also Read: UAE cyberattacks hit 200,000 daily in 2026

How risk Is changing

One of the clearest patterns of this year’s data is how attackers are combining techniques for maximum impact: exploit a vulnerability to get in, then deploy ransomware to hold the victim hostage. According to Verizon’s report, 48% of all breaches now involve ransomware.

While payouts are shrinking, the fact that Instructure paid a ransom to threat actors following a ransomware attack on the Canvas learning management system – allegedly impacting 275 million users across 9,000 schools across the U.S. alone – shows that these attacks are still tremendously effective.

Ransomware is effective because an attacker can deny access to a company and its customers with encryption, while also threatening to leak data if the ransom isn’t paid. Splunk’s report highlighted that every minute of downtime costs an average of $15,000 USD, or over $900,000 USD per hour – meaning that short-term disruption can put a tremendous amount of financial pressure on the target.

On the other hand, faster vulnerability discovery threatens to make these kinds of attacks easier for attackers to execute.

“The DBIR’s 19-year credential streak ending is not primarily a credential story – it is an economics story. AI is making vulnerability discovery and weaponization so fast and cheap that attackers no longer need a stolen password when a known, unpatched flaw gets them in faster,” Trey Ford, chief strategy and trust officer at crowdsourced security platform Bugcrowd, told The Brew News.

“AI has compressed the window between a published vulnerability and an active exploit from months to hours. Security budgets still calibrated to annual assessment cycles are now structurally mismatched with how fast the threat actually moves,” he added.

Also Read: AI-based hiring transforms Middle East recruitment and reshapes global workforce trends

Old threats, new scale

While Anthropic’s Mythos hasn’t been generally released, the offensive capabilities of frontier AI models are advancing in real time. For instance, Verizon found that 15 different attack techniques were being bolstered by generative AI, with cybercriminals using the technology to work faster at doing everything from identifying security gaps to writing malware.

Although this suggests a change in the threat landscape, some in the industry warn that it’s a continuation of older threats.

“The Verizon DBIR makes one thing very clear: AI is not magically creating a new cyber universe. It is industrializing the one we already struggle to defend,” Diana Kelley, CISO at Noma Security, an AI security and governance platform, stressed while in conversation with The Brew News.

“The notable finding is that most AI-assisted malware and tooling activity still maps to ‘well-known and defined attack techniques’, but those techniques are getting faster, broader and easier to execute. The rise of vulnerability exploitation to 31% of initial access and the system intrusion pattern growing from 36% in 2024 to about 60% in 2026 show this in practice,” Kelley said.

With vulnerability exploitation becoming the top initial access vector, and shadow AI tools leaking data across the enterprise, companies not only need to be able to patch their systems, but rethink their approach to identity management.

As Kelley says, AI agents need to be governed like privileged identities: given the least privilege necessary, with full logging and human approval for high-risk actions, plus a fast way to revoke access.

Also Read: UAE Cybersecurity Council thwarts terrorist cyberattacks

Future-proofing 

As the threat landscape grows more complex, security teams need to double down on the basics; patching will always have a place for minimizing software vulnerabilities and potential entry points, and identity management also has a role to play in governing the activity of AI agents – and it is just as important for governing human and machine identities in the workplace.

With social engineering and phishing still a significant threat, other measures like investing in security awareness training can help to reduce the risk of employees inadvertently exposing data to threat actors.

In 2026, there’s no guarantee that breaches can be prevented, but cybersecurity fundamentals are still as relevant as they’ve ever been. In the long term, whether frontier AI tips the scale in favour of attackers or defenders, remains to be seen.

This article is contributed by Tim Keary (Forbes, formerly VentureBeat, and Technopedia)

This article is published in collaboration between The Brew News and Espacio.