No one can say cybercriminals lack ambition or innovation, but fundamentally, they tend to look for the easiest path of access into their target environments. Research from the IBM X-Force threat intelligence team bears this out, noting that the most common points of entry are exposed systems, holes in supply chain defences, and cracks in application and cloud ecosystems.
Compiling data from incident response, penetration tests, the dark web and other intelligence, the newly published X-Force Threat Intelligence Index 2026 uncovered that the most common entry point for bad actors is publicly-facing applications. Citing the increasing complexity of applications and the frequency of misconfigurations, this software can be easily breached. There was a 44% increase in the number of publicly facing applications breached this year versus last.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Threat actors are polishing their techniques and applying advanced technology to infiltrate networks through vulnerabilities and other security gaps. The report suggests that too many organisations are not deploying appropriate controls to deflect attacks. 56% of the disclosed vulnerabilities did not involve authentication for access. The result is a high rate of success in stealing high-value data, including credentials. IBM identified 300,000 AI Chatbot credentials up for sale on the dark web.
Cybercriminals continue to actively exploit supply chain weaknesses in ecosystems, CI/CD platforms and cloud infrastructure. IBM X-Force researchers saw more attacks against developer platforms, including GitHub and GitLab and breaches of cloud services infrastructure and SaaS platforms. A key takeaway is that bad actors are focusing on the platforms where applications are developed and the ecosystems that facilitate workflows.
AI is in play with adversaries employing generative AI to expand phishing campaigns, expedite malware development and innovate social media campaigns with more sophisticated content creation. The immediate result is that the threat actors are using AI to increase their efficacy by reducing development time and trying out new tactics during an intrusion. This kind of agility seriously tests security practitioners who have often relied on fixed rules and signatures to combat breaches.
Conversely, enterprise security teams are also applying AI in areas like analytics to process massive volumes of network and systems data, accelerating detection and response times. Machine learning has long been a key defensive tool in discerning harmless anomalies from serious threats.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“Organizations need to close security gaps, particularly at points of interconnection in their ecosystems,” says Amy DeCarlo, GlobalData principal analyst, ETS, adding that fundamentals around identity and authentication and configuration issues must be addressed before they are exploited. DeCarlo observes enterprises need to prioritise effective policy development and training, for both security practitioners and line of business employees.
“Security teams also need to be ready for the AI factor in attacks, which lends adversaries both speed and flexibility,” says DeCarlo, noting that at the same time, they need to tap the technology as a defensive shield in helping them recognise threats faster and deflect attacks.
