IBM: Why do Enterprises Still have Basic Security Gaps?

Attackers have picked up the AI rifle and your organisation could be in the crosshairs.  

IBM's latest 2026 X-Force Threat Intelligence Index says as much, as it paints a stark picture of how cyber threats are evolving as enterprises struggle to close fundamental security gaps. 

According to the report, attackers are relying on AI to accelerate their tactics, intensify attacks and exploit any weaknesses they can find.

A key headline from the index is the surge in attacks that begin with the exploitation of basic vulnerabilities in public-facing applications, which are easily detected using AI-enabled vulnerability discovery tools.

IBM X-Force observed a 44% rise in such attacks, driven in large part by missing authentication controls.

“Attackers aren't reinventing playbooks, they're speeding them up with AI,” says Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM.

“The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. 

“Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”

Persistent threat vectors and escalating ransomware activity

The 2026 index highlights several troubling developments. 

Active ransomware and extortion groups grew by 49% compared to the previous year, as publicly disclosed victim counts rose by about 12%, showing that more organisations are being named and shamed in the wake of successful attacks.

Supply chain and third-party compromises have ballooned too, with large scale attacks nearly quadrupling since 2020. 

These breaches often occur where software is built, deployed or integrated with SaaS platforms and they pose a major risk because they can cascade through networks and affect multiple organisations simultaneously.

Vulnerability exploitation has become the leading trigger for incidents in 2025, accounting for nearly half (40%) of observed attacks. 

Identity risks and AI assisted cybercrime

The report also shines a light on a mounting identity problem linked to AI usage.

Notorious infostealer malwares were responsible for the exposure of more than 300,000 ChatGPT credentials in 2025, indicating that AI platforms are now as vulnerable to credential theft as any traditional enterprise service.

Once attackers compromise AI tool credentials, they can manipulate outputs, exfiltrate sensitive data or inject malicious prompts, opening a new pandora’s box of AI risks.

This development makes strong authentication and just-in-time identity access management that follows the principle of zero-trust more vital than ever, especially as organisations expand their use of AI systems across business functions.

Synthetic images and deepfakes also create further identity troubles.

AI is also understandably lowering the barriers to entry for cybercrime. X-Force notes a 49% increase in ransomware groups compared to the previous year.

The index notes that leaked tooling, readily available playbooks and AI-assisted automation are enabling smaller ransomware groups to operate effectively, even if their campaigns are low volume. 

AI is used by threat actors to analyse large datasets and iterate attack paths in real-time, creating a whole new attack vector to watch out for. 

As multi-modal AI models mature, adversaries will likely automate even more complex tasks such as reconnaissance and advanced ransomware deployment, which threat intelligence suggests is already happening.

Strategic imperatives for organisations

Despite the sophistication of emerging cyber threats, IBM emphasises that the core issues remain familiar.

X-Force Red team’s penetration tests show that weakness in credential hygiene and software configuration remains the common cause that opens enterprise doors to intruders. 

The report’s insights should serve as a wake-up call. 

Manufacturing industries remained the most targeted sector for the fifth consecutive year, accounting for more than one in four (28%) incidents observed.

XForce report showed that North America emerged as the most attacked region overall.

In a climate where attackers are accelerating their operations through AI, organisations must reinforce basic security controls, embrace proactive threat hunting and prioritise identity protection if they hope to stay one step ahead.