The DBIR 2026: three findings that deserve immediate attention
Vulnerabilities overtake credentials as the top initial access vector, third-party involvement doubles again, and AI's first impact is industrialization — not innovation.
The 2026 Verizon DBIR is out. 22,000+ confirmed breaches across 145 countries. Three findings deserve immediate attention from anyone working in cybersecurity and risk.
1. Vulnerabilities have taken the lead — and patching is losing the race
Exploitation of vulnerabilities now drives 31% of breaches at initial access, up from 20% last year (a 55% increase in this vector). Credential abuse, the previous leader, fell to 13%, though part of that drop reflects a methodology change. Measured across the entire breach chain rather than just initial access, credentials remain dominant at 39%. So this is not “credentials no longer matter.” It is “vulnerabilities have moved to the front of the queue while credentials remain pervasive everywhere else.”
On remediation, the data is worse than the headline. Only 26% of CISA KEV vulnerabilities were fully remediated, down from 38%. Median time to patch went from 32 to 43 days. The DBIR points to a patching capacity problem: organizations had a median of 16 KEVs to patch in 2025 versus 11 in 2024 — nearly 50% more work. More telling, the first-week remediation rate has barely moved in three years despite process maturity. Between 60% and 70% of KEVs remain open at day 7 regardless of organization size or program maturity. Pre-KEV remediation — organizations patching before CISA flags a vulnerability — fell from 17% to 12%.
Faster patching alone has hit a ceiling. The data argues for risk-based exposure management focused on where attackers actually go, not checklist completeness.
2. Third-party involvement in breaches has now doubled twice in two years
48% of breaches involved a third party this year, up from 30% — a 60% increase, after already doubling the year before. The root causes are not exotic supply-chain attacks. The DBIR is explicit: most third-party cloud incidents in 2025 come down to insecure authentication (missing MFA, poor credential rotation) and lack of least privilege for users and service accounts.
Three numbers put this in perspective. 37% of organizations have an admin account with MFA disabled on an IaaS platform. Median time to remediate poor password practices and excessive permissions in third-party cloud environments is almost 8 months. Only 31% of organizations fully remediate.
Vendor questionnaires and AI-generated assessments will not close this gap, especially with critical vendors. Demand evidence, define authentication and least-privilege requirements as contractual conditions, and treat third-party access to your environment with the same architectural scrutiny as your own identity perimeter.
3. AI is showing up in the data — but the first impact is industrialization, not innovation
The DBIR collaborated with Anthropic to analyze 793 threat actors flagged by Anthropic’s Safeguards team. Among AI-assisted initial access techniques, phishing leads at 44%, followed by exploitation of vulnerabilities at 32%. An important caveat the DBIR itself flags: in its broader incident dataset, phishing as an initial access vector has barely moved in years. Threat actors are using AI for phishing, but it does not yet translate into more successful phishing-led breaches at the organization level.
The clearer signal is operational. Less than 2.5% of AI-assisted techniques observed could be classified as rare. The DBIR’s conclusion: AI’s primary impact is currently operational — automating and scaling techniques defenders already know how to detect, not yet unlocking novel or rare attack surfaces. A footnote in the report flags that frontier model advancements in early 2026 on flaw detection and exploit development have the foremost vulnerability discovery experts “on the edges of their seats.” That trajectory deserves watching.
Shadow AI is now the third most common non-malicious insider DLP action, a fourfold increase. 45% of users are regular AI users on corporate devices, up from 15%. 67% access AI via non-corporate accounts. Source code is the most common data type uploaded to unsanctioned AI services.
What this means in practice
Vulnerability and exposure management needs to become risk-based, not capacity-based
The patching ceiling is real. Three years of process improvement have not moved the first-week remediation rate. The lesson is not “patch harder,” it is “decide what actually matters.” That means moving from CVSS-driven prioritization to exploitation-evidence prioritization: KEV inclusion, EPSS scoring, threat intelligence on active campaigns relevant to your sector. It also means shifting the lens from vulnerability management to exposure management by bringing misconfigurations, attack paths, and identity exposure into the same prioritization model rather than treating them as separate programs. Where patching is genuinely not possible at speed, compensating controls (network isolation, identity-layer restrictions, runtime detection) become first-class options, not afterthoughts. With AI-generated code now flooding into applications, the input rate of vulnerabilities will only grow. The constraint is no longer patching speed. It is decision quality about what to patch.
Third-party risk needs proof, not paperwork
The dominant root causes — missing MFA, poor credential rotation, excessive permissions on service accounts — are operational controls you can test, not policy questions you can survey. That should change what third-party assessments look like. Tier vendors by access type and data exposure, not by contract value. For vendors with elevated access, replace or supplement questionnaires with evidence: MFA enforcement attestations, least-privilege reviews on the access they actually use, secret rotation logs, and breach notification SLAs that have teeth and are actually tested. Move beyond point-in-time assessments to continuous external attack surface monitoring for critical vendors. Treat third-party access — OAuth tokens, federated identities, service principals — as part of your own identity perimeter, with PAM, just-in-time access, and session controls applied accordingly. DORA and NIS2 will push organizations in this direction. Treat that as the floor of what good looks like, not the goal.
AI does not slow cybersecurity down, but it does not reinvent it either — yet
The first impact is attackers being faster and more efficient at exploiting the gaps that already exist. Fundamentals therefore deliver the highest leverage: MFA everywhere including service and machine accounts, least privilege at scale, hardened identity for both human and non-human principals, working patch operations, accurate asset and exposure inventory, and detection content tuned for the volume modern attackers can generate. Once those are in place, AI-specific controls become both possible and meaningful: shadow AI governance built on data classification, DLP, and sanctioned alternatives that people will actually use; agent and machine identity governance for the non-human identities that will multiply with agentic AI; model risk governance defining which models can be used for what data and which decisions; and pipeline controls (SAST, dependency scanning, secret detection) that hold up against AI-generated code volume. The trajectory the DBIR flags — frontier model gains on flaw detection and exploit development — does not change this prioritization. It compresses the timeline for getting it done.
The DBIR’s own framing for 2026 is “keeping a strong foundation in the face of change.” The data supports it. Compliance has not made organizations safer. It has made them documented.
Source: Verizon 2026 Data Breach Investigations Report.