This is an AI-generated summary, which may contain errors. For context, always refer to the full article.
AI was being used by threat actors to ‘speed up the time to exploit known vulnerabilities, reducing the protection window from months to mere hours,’ the Verizon report says.
WASHINGTON, USA – Hackers are increasingly using AI to detect software vulnerabilities, which has shortened the time targets have to respond to threats, Verizon said in an annual report that tracks data breaches.
Verizon said it used software bugs in the data to bypass the first stolen ID. It said in a review of more than 31,000 incidents, 31% of all breaches started with exploits, adding “AI is fundamentally reshaping the cybersecurity industry.”
An annual report that reviews a range of industry data shows attackers are using artificial intelligence to assist in all stages of an attack “including targeting, early access, and the creation of malware and other tools.”
AI was being used by threat actors to “speed up the time to exploit known vulnerabilities, reducing the protection window from months to mere hours,” the report said.
The Verizon report also found that the use of Shadow AI – or unauthorized AI – is now the third most common step by malicious actors in data loss incidents. Employees submit source code, images and other types of structured data.
This is the latest in a series of reports detailing the rise of AI in cyberspace. CrowdStrike said in its annual global threat report earlier this year that in 2025, “AI-enabled adversaries increased attacks by 89% year-over-year … It elevated low-level threat actors and promoted the most advanced.”
Verizon said the basic effect of AI “is working right now: automated methods and add defenders already know how to detect, they have not yet opened these novel or rare attack surfaces.” But it added that the assessment may be outdated as AI continues to advance rapidly.
The report does not include data from Mythos, a new AI model that has raised serious cybersecurity concerns.
Mythos, announced on April 7, is being deployed as part of Anthropic’s “Project Glasswing,” a controlled program in which certain organizations, including Verizon, are allowed to use an unreleased Claude Mythos Preview model for cybersecurity protection purposes.
Mythos’ mastery of high-level coding has given it an unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, according to experts.
Verizon’s chief information security officer Nasrin Rezai said it’s important to address the growing threats.
“We need to fight AI with AI. We need to integrate them into our practices,” Rezai told Reuters. “We need to bring them into our software development lifecycle, into our testing processes, into our cyber security processes to a degree that we’ve never done before.” – Rappler.com
