IBM — X-Force Threat Intelligence Index 2026
AI relevance: IBM reports AI-accelerated attacks and a growing underground market for AI chatbot credentials, which directly impacts how organizations secure LLM and agent deployments.
- IBM released the 2026 X-Force Threat Intelligence Index, its annual, data-driven review of real-world incidents and adversary techniques.
- X-Force observed a 44% year-over-year increase in attacks starting with the exploitation of public-facing applications.
- IBM says many of those initial-access paths involved missing authentication controls and faster vulnerability discovery aided by AI tools.
- The report notes that 56% of disclosed vulnerabilities did not require authentication to exploit.
- IBM observed 300,000 AI chatbot credentials advertised for sale on the dark web in 2025.
- Active ransomware/extortion groups surged 49% year over year, signaling more fragmented, lower‑barrier operations.
- Large supply‑chain and third‑party compromises have nearly quadrupled since 2020, driven by attacks on CI/CD and SaaS integrations.
Why it matters
- AI services now sit in the same credential‑theft blast radius as core SaaS—compromises can lead to prompt abuse, data exposure, and poisoned outputs.
- Attackers are using AI to move faster from scanning to exploitation, so unpatched public-facing systems become an even bigger liability.
- AI‑accelerated supply‑chain risk means compromised tooling or integrations can propagate across agent stacks at scale.
What to do
- Harden AI service access (MFA, conditional access, least‑privilege tokens) and monitor for leaked credentials.
- Reduce public-facing exposure with aggressive patch SLAs, asset inventory, and external attack-surface monitoring.
- Audit CI/CD and SaaS integrations that feed models or agents; treat them as high‑risk supply‑chain dependencies.