"More than half (56%) of the 400,000 vulnerabilities IBM X-Force tracked in 2025 required no authentication before exploitation. This is revealed in the X-Force 2025 Threat Intelligence Index. The report also highlights the continuing success of infostealer credential theft, pointing to the discovery of 300,000 ChatGPT credentials on the dark web (almost certainly stolen by infostealers)."
"AI helps attackers find weak access points; it provides compelling deepfakes that assist in the theft of credentials as well as performing immediate scams. And defensive use of agentic AI can also be harnessed by attackers. If credential theft gains API keys into in-house agentic AI, the blast radius of a compromise expands beyond the traditional data theft to potential control of the whole system."
"X-Force also notes a fourfold increase in supply chain or third party breaches over the last five years. This is continuing. Adversaries increasingly exploited developer trust and identity integrations to steal credentials, pivot into networks and establish persistence."
IBM X-Force tracked 400,000 vulnerabilities in 2025, with 56% requiring no authentication before exploitation. Infostealer malware continues stealing credentials at scale, with 300,000 ChatGPT credentials discovered on the dark web. Artificial intelligence significantly complicates the threat landscape by enabling attackers to identify weak access points, generate convincing deepfakes for credential theft, and execute immediate scams. Compromised API keys to agentic AI systems expand breach impact beyond data theft to potential system-wide control. Supply chain and third-party breaches have increased fourfold over five years, with adversaries exploiting developer trust and identity integrations to steal credentials and pivot deeper into networks.
#access-control-vulnerabilities #ai-enabled-threats #credential-theft #supply-chain-security #infostealer-malware
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]