IBM's latest X-Force Threat Intelligence Index reveals how attackers are using AI to exploit security gaps. According to IBM, the rapid adoption of AI chatbot platforms for consumers and workplace users has introduced a new layer of exposure.
Credentials tied to these chatbots increasingly surface in underground marketplaces. The underlying trend identified by IBM is that organizations are accumulating large amounts of sensitive authentication data on systems that may not be adequately secured.
"While AI has not changed playbooks, it has dramatically increased the speed, scale and efficiency of those operations. Adversaries are now using generative AI to shrink decision cycles, scale social engineering and iterate on attack paths in real time," says IBM.
The computing giant also predicts that, as AI multimodal models mature, the barrier to entry will shrink further. This will potentially spawn a new generation of lower-skilled cybercriminals, enabling them to automate reconnaissance, resulting in faster-moving, and more adaptive threats.
IBM also reports that the ransomware ecosystem shifted in 2025, becoming more fragmented and volatile, with many small groups conducting lower volume but widespread attacks. Data extortion, supply-chain compromise and opportunistic targeting of smaller organizations are also prominent trends.
"Overall, 2025 highlighted a clear message: identity protection, secure configuration and visibility across applications, development pipelines and cloud environments are increasingly central to cyber resilience," reports IBM.
IBM believes that lapses in cybersecurity hygiene contributed to many compromises. X-Force incident response and penetration testing engagements found misconfigured access controls, weak authentication practices, incomplete logging and insufficient vulnerability management as recurring issues. These foundational weaknesses continued to provide attackers with opportunities that are easy to exploit.
Fourfold increase in supply-chain attacks
In 2025, infostealer malware enabled the exposure of over 300,000 ChatGPT credentials, demonstrating that AI platforms have reached the same credential risk as other core enterprise software-as-a-service (SaaS) solutions.
Over a five-year period, IBM observed a fourfold increase in the number of major supply-chain or third-party breaches. Sprawling third-party dependencies create hard-to-secure attack surfaces, where one weak link can expose many targets.
"Once largely confined to nation-state actors, these supply-chain attack techniques are now being adopted by financially motivated and other criminal threat groups, reflecting a clear trickle-down of advanced tactics," says IBM.