Hackers are using AI to detect software vulnerabilities, sharply reducing defenders’ response time, Verizon said in its annual data breach investigations report.

Reuters recently reported that exploiting software vulnerabilities surpassed credential theft for the first time as a cause of data breaches. Verizon said its analysis of more than 31,000 incidents found that 31 percent of all breach cases started with vulnerability exploitation. "AI is fundamentally changing the cyber security industry," it said.

Attackers are using generative AI across the pre-attack stages, including target selection, initial access and malware development. Reuters reported that AI is cutting the time to exploit known vulnerabilities from months to hours.

Verizon’s report said "shadow AI," in which employees use AI that is not approved by the company, became the third most common type of non-malicious insider action in data breach incidents. It explained that employees are providing structured data such as source code and images to AI in uncontrolled environments.

CrowdStrike also said in its annual report early this year that in 2025, "malicious hackers increased attacks by 89 percent from the previous year by using AI." It said less skilled hackers can use AI to carry out more powerful attacks, while skilled hackers have become more capable.

Verizon assessed the level of AI-enabled attacks as being, "for now, operational," meaning it automates and scales techniques defenders already know how to detect, and said it is "not yet at the stage of opening new attack surfaces." It added that this assessment may not last long as AI develops rapidly.

Nasrin Rezai (나스린 레자이), Verizon’s chief information security officer, said, "We have to fight AI with AI." She said AI should be introduced at an unprecedented scale into the software development lifecycle, testing processes and cyber defence processes.