(Image: amgun/ Shutterstock.com). For nearly two decades Verizon has counted more cyberattacks using stolen credentials than those exploiting vulnerabilities. In the AI era, that is changing. Even before Anthropic’s allegedly particularly powerful AI model Claude Mythos Preview, software vulnerabilities were exploited more frequently for cyberattacks than stolen credentials for the first time in 19 years. This is what the US provider Verizon determined based on data from 2025 for its latest Data Breach Investigations Report (DBIR), which has now been published. In the previous year, a vulnerability had been the starting point for almost a third of all cyberattacks, also thanks to AI technology. Whereas software vendors previously had months to patch vulnerabilities and prevent attacks, they now have only hours in the current AI world, the report states. Cybersecurity in transition. Overall, Verizon’s security team sees a fundamental shift in cybersecurity, already in 2025, though newer data has not yet been evaluated for the report. In the previous year, AI technology primarily enabled criminals to automate and scale their tried-and-tested techniques, the team summarizes. On the defense side, the organization was able to keep pace, if they had done the same: “But who knows? Given the rapid development of AI capabilities, this assessment could already be outdated by the time this report is finally published,” they note, likely with an eye toward Anthropic’s new technology. Anthropic unveiled Mythos in early April [1] and explained that the model is so dangerous it is only made available to companies working on IT security. The AI model had already identified thousands of high-risk zero-day vulnerabilities, they said at the time. At the same time, the AI technology is significantly more capable of developing a working exploit for such vulnerabilities, sometimes even exploiting multiple ones in combination. That is why only companies with the ability to use the tool to improve IT security gained access to it. Since then, the number of identified and patched vulnerabilities in browsers like Firefox has risen sharply [2]. Associated with this is the promise that all vulnerabilities can be found this way. However, there are also cases where the AI is not as successful [3]. In Verizon’s Data Breach Investigations Report, warnings are now issued about further developments, which are more or less all tied to the rapid advancement of AI technology. Criminals are increasingly relying on social engineering via mobile devices, trying to extract money from people through text messages or calls. The success rate here is 40 percent higher than with traditional phishing. Warnings are also issued about the dangers of shadow AI, AI tools not approved by employers used in the workplace. Additionally, attacks on supply chains have increased massively. The full report [4] is over 120 pages long and can be accessed online. (mho [6]). URL of this article:. https://www.heise.de/-11299991. Links in this article:. https://www.heise.de/news/Anthropics-neues-KI-Modell-Mythos-Zu-gefaehrlich-fuer-die-Oeffentlichkeit-11248034.html. https://www.heise.de/news/Dank-KI-Im-April-so-viele-Firefox-Luecken-geschlossen-wie-vorher-in-zwei-Jahren-11287023.html. https://www.heise.de/news/Mythos-findet-nur-eine-Sicherheitsluecke-in-curl-11291666.html. https://www.verizon.com/business/resources/T1e0/reports/2026-dbir-data-breach-investigations-report.pdf. https://pro.heise.de/security/?LPID=39555_HS1L0001_27416_999_0&wt_mc=disp.fd.security-pro.security_pro24.disp.disp.disp. mailto:mho@heise.de. Copyright © 2026 Heise Medien
heise security News