AI Made Attackers Faster, Not Smarter

Bottom line. The fear that sells the most security product in 2026 is that AI has handed attackers a new class of capability. The 2026 Verizon Data Breach Investigations Report, drawing in part on a collaboration covering 793 enforcement-actioned threat actors, points the other way. AI is mostly scaling techniques attackers already had: under 2.5% of observed techniques qualified as rare, and 44% of AI-assisted initial access was still ordinary phishing. The genuinely new finding sits elsewhere. Vulnerability exploitation, around 31% of breaches, has passed stolen credentials as the top way in. AI changed attacker throughput, not attacker capability, and that distinction should redirect where a CISO spends the next budget.

What the report measured

The DBIR is the closest thing enterprise security has to an annual census, which is why its framing matters as much as its figures. This year’s edition draws in part on a collaboration covering 793 enforcement-actioned threat actors, which lets it describe how attackers are actually using AI rather than how a vendor imagines they might. The short version is that AI is in the toolkit, and it is being used to do familiar things at greater volume.

That is a more useful statement than it first appears, because the prevailing narrative runs the other way. The marketing premise of much of the 2026 security cycle is that generative models have given adversaries new powers. The data does not support the strong form of that claim.

Throughput, not capability

The evidence is in the technique mix. Under 2.5% of observed techniques qualified as rare or novel; the overwhelming majority were the same methods that filled last year’s report. 44% of AI-assisted initial access was still phishing, the oldest vector there is. AI wrote the lure faster, translated it more fluently, and personalized it at greater scale, but the move was phishing, not something the defender has never seen.

So the accurate sentence is narrow and important. The AI-superhacker, the model inventing attack techniques no human has used, is not yet in the field on this data. What is in the field is an attacker who can run the existing playbook more times, against more targets, with less effort and in more languages. That is a throughput change. It raises the volume of attempts and the polish of each one. It does not raise the capability ceiling, and the defenses that worked against the technique still work against it.

The shift that should move budget

The genuinely new headline is not about AI at all. For the first time, the DBIR records vulnerability exploitation, around 31% of breaches, overtaking stolen credentials as the leading way into an enterprise. And a large majority of privilege-escalation incidents involved no named software flaw at all, meaning the escalation came through misconfiguration and weak identity boundaries rather than a catalogued vulnerability (Verizon DBIR).

Read together, the two findings point at the same unglamorous controls. Patch the known holes faster, because the known holes are now the front door. Tighten who and what can act once inside, because escalation is happening without a flaw to exploit. Neither of those is an AI problem, and neither is solved by buying an AI-threat-detection layer.

The shadow-AI line that is not a footnote

One AI number did move sharply. Shadow-AI use rose from 15% to 45% of workers feeding company data into AI tools the organization has not sanctioned, what Verizon describes as a fourfold rise in its data-loss dataset, and third-party involvement in breaches climbed toward 48% of the total. This is the part of the AI story that does change the defender’s job.

The mechanism is not a smarter attacker. It is a larger, less governed attack surface, opened from the inside. Every unsanctioned tool is a new place company data leaves the building and a new third party whose breach becomes yours. This is the same intra-vendor and unsanctioned-capability surface covered in the shadow-AI discovery work. AI’s contribution to the attacker is throughput. AI’s contribution to the attack surface is a pile of new data exits your own staff created.

What it means for the security plan

For a CISO the report is almost a relief, because it argues that the fundamentals still decide the outcome. Three priorities follow, in order.

Patch velocity comes first. If exploitation of known vulnerabilities is now the leading entry point, the mean time to patch a published flaw is the single most leveraged number in the program.

Identity hygiene comes second. Privilege escalation without a CVE is an identity-and-configuration failure, and the agent era only widens that surface, because non-human identities now act on their own schedule. The agent-specific version is set out in the OWASP agentic top-ten walkthrough.

Shadow-AI discovery comes third. You cannot govern data exits you cannot see, and the data says nearly half your workforce has opened one.

The work to deprioritize is the work that does not scale: building capacity to hunt novel AI-authored techniques that the data says are under 2.5% of the total. Not because it is impossible, but because the marginal breach is still coming through an unpatched server or a borrowed credential.

AI changed the volume knob, not the capability ceiling, at least as the 2026 data reads. That is good news only for the defender who acts on it. The attacker is running the old playbook faster, so the answer is to close the old holes faster, and to find the new data exits your own people opened. The exotic threat makes the keynote. The boring one takes the building.