-
A new IBM research shows that attacks on public-facing apps surged 44% last year, mostly because AI is helping attackers to find security holes and slip in.
-
Cybercriminals stole more than 300,000 ChatGPT logins using infostealers, and even targeted the AI platforms themselves.
-
Attacks on the supply chain skyrocketed by fourfold in six years as non-state hacking tactics are now being spread freely on dark web forums.
AI is making breaking into companies easier and faster. In its latest X-Force Threat Intelligence Index, IBM revealed an alarming rise in attacks that take advantage of basic security gaps.
The manufacturing industry has taken the highest hit for five years in a row now. Meanwhile, the number of attacks on American companies reached a six-year high, with 24% of cyber incidents landing on US soil.
Hackers Sharpen Up Their Tricks Using AI
IBM’s global managing partner for cybersecurity services, Mark Hughes, says attackers aren’t “reinventing playbooks.” Rather, they’re enhancing and speeding them up using AI. The worst part is that businesses still haven’t improved in software vulnerability detection and patching up.
According to IBM, nearly half (about 40%) of attacks happened because companies couldn’t patch basic security holes. In many of the vulnerabilities hackers exploited, they didn’t even need to steal login credentials. Simply scanning for holes was all it took to get in.
The ransomware landscape has changed a lot lately, with attacks by top 10 groups reducing by 25%. Smaller extortion groups are taking over now. In a single year, the number of active groups went up by 49 per cent, from 73 in 2024 to 109 in 2025.
To make matters worse, just about anyone can now launch a ransomware operation. The entry-level barrier is no longer there; all they need to do is purchase a hacking tool or a step-by-step guide floating around dark web forums. Moreover, the entire cybercriminal scene is fragmenting into smaller independent crews, each running its own game.
Hackers are Targeting AI Platforms as Well
Hackers are not just using AI to spot and exploit vulnerabilities; they are going after the AI platforms themselves. In 2022, operators of infostealing malware targeted ChatGPT, creating over 300,000 credential-harvesting accounts.
Once criminals get hold of login credentials, obtaining people’s personal information from AI apps becomes a piece of cake. In addition, by tampering with an AI model, criminals can manipulate the output to commit fraud or create and spread disinformation.
Password reuse is another major loophole cyber crooks exploit more these days. Many users recycle one password for many accounts. So if an attacker gets a hold of your ChatGPT login, they can pretty much access all your other accounts, your email, your bank, name them.
That’s where you see low-value consumer account theft turning to a high-value enterprise access.
How Small Vendors are Now Becoming the Real Target
Furthermore, major software supply chain breaches have nearly quadrupled over the past five years. These attacks were originally carried out by nation-state hackers who have big budgets and can easily afford to launch such attacks. However, with the tactics for such sophisticated attacks now readily available in many hacking forums, any gang can easily access them.
Attackers exploit any and everything, including the relationships between companies, using smaller vendors to get to the bigger fish. They breach SaaS integrations. CI/CD platforms aren’t left out. And compromise developer identities to poison software before it reaches customers.
This targeting of interconnected systems extends beyond the corporate world; educational institutions are also in the crosshairs, with Indian schools and universities facing over 8,000 cyberattacks every week, demonstrating that no sector, from manufacturing to education, is safe from the relentless wave of digital intrusions.
Of all attacks X-Force detected, 29 percent targeted manufacturing companies. Financial services were another big target, along with insurance companies. This suggests that cybercrooks go after operational disruption, not only stealing data.
The Way Forward for Companies
Speed makes all the difference now, both in response and detection, Hughes stressed this. Security teams can no longer afford to just wait for attacks to happen before they react. Why? Because attackers often now move straight from scanning to system compromise.
Proactive defense is the way to go now, IBM advised. Firms should adopt AI-powered defense so they can spot threats faster and identify security gaps automatically before criminals do.
This entails that they start treating human and machine identities as critical infrastructure that needs to be monitored continuously. In the end, AI can help, but it can’t save you if you leave basic doors open.
