TORONTO — A new report from IBM warns that AI-accelerated cyberattacks are dramatically altering the threat landscape for Canadian organizations. Released on February 25, the 2026 X-Force Threat Intelligence Index reveals that North America has become the most attacked region globally, accounting for nearly a third of all incidents that X-Force responded to last year. This shift poses significant risks for Canadian enterprises, which share cloud infrastructure and interconnected supply chains with their North American counterparts.
The report indicates a significant 44% increase in attacks that exploit public-facing applications, primarily due to inadequate authentication controls and the use of AI in identifying vulnerabilities. In 2025, vulnerability exploitation emerged as the leading cause of cyberattacks worldwide, underscoring persistent challenges faced by Canadian organizations that are grappling with aging systems, delayed patching, and the rapid expansion of SaaS environments.
Credential theft remains a core concern for cybercriminals, with IBM noting that credential harvesting was the most prevalent tactic observed in North America. This underscores how compromised accounts continue to fuel widespread attacks. Additionally, attackers have begun to target AI platforms directly; infostealer malware exposed over 300,000 ChatGPT credentials globally in 2025, highlighting the vulnerabilities associated with deploying AI tools without sufficient safeguards.
“Canadian organizations are facing a perfect storm: legacy systems, rapid AI adoption, and increasingly automated threats,” said Chris Sicard, Security Leader at IBM Canada. “The speed at which attackers can now identify and exploit vulnerabilities means traditional, reactive security models are no longer enough. Organizations across Canada need to modernize authentication, secure their AI adoption, and continuously hunt for vulnerabilities before attackers do.”
According to IBM’s findings, manufacturing remains the most attacked industry globally, constituting 27.7% of all attacks. This is particularly relevant for Canada, which has a robust advanced manufacturing sector. The finance and insurance industries followed closely, accounting for 27% of global attacks, a statistic reflective of the high concentration of valuable data in Canada’s financial sector. Government and public sector organizations also experienced an uptick in attacks, primarily driven by phishing and the misuse of valid accounts.
IBM recommends several strategies for Canadian organizations to enhance their cybersecurity posture. These include securing AI platforms as core enterprise infrastructure with conditional access and robust identity controls, modernizing authentication practices, and treating identity as critical infrastructure. Continuous vulnerability assessment across cloud infrastructures, applications, and networks is essential, as is mapping external attack surfaces to identify potential exposures, such as leaked credentials and client-specific assets.
Strengthening patching and maintaining configuration hygiene are also vital steps to mitigate the most exploited attack vectors. The report conveys a clear message: as cyber threats continue to evolve, Canadian organizations must proactively adapt their security measures to contend with the complexities introduced by AI and interconnected systems.
The implications of these findings extend beyond immediate cybersecurity concerns, reflecting broader challenges tied to technology adoption in the enterprise sector. As organizations increasingly rely on advanced technologies, the integration of comprehensive security frameworks will be crucial in navigating the evolving threat landscape and safeguarding sensitive data.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
