Cyberattacks jump as AI targets weak security, says IBM
Cybercriminals are leaning harder on the simplest ways into company networks, and using AI tools to do it quicker, IBM has warned.
In its 2026 X-Force Threat Intelligence Index published on Wednesday, IBM said it saw a 44 per cent rise in attacks that started by breaking into internet-facing systems, like public websites and online apps.
The jump was largely due to missing login checks and attackers using AI to spot weak points at a much faster rate.
The tech giant cited taking advantage of software flaws as the single biggest trigger behind the incidents it tracked last year, accounting for 40 per cent of cases.
“They’re speeding it up with AI,” said Mark Hughes, IBM’s global managing partner for cybersecurity services.
“Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate.”
Faster attacks
IBM’s report comes as the UK government steps up efforts to get businesses, especially SMEs, to tighten their defences.
Just last week, ministers launched a campaign urging firms to adopt the so-called ‘Cyber Essentials’ checklist, which focuses on basics such as keeping software up to date, or limiting who can access accounts.
The government has estimated that cyber threats cost UK businesses £14.7bn a year, with around half of small firms hit by a breach or attack in the last 12 months.
IBM’s report suggests the weakest points for UK PLC continue to be exposed systems and weak account protection.
Its security testing teams continue to find problems with access controls and configuration, which are gaps that are easy to overlook, but equally easy to exploit.
The report also flagged growing risks around AI tool usage within businesses, with stolen login details linked to ChatGPT appearing in large numbers last year.
IBM warned that compromised chatbot accounts can be used to extract sensitive data or manipulate outputs.