IBM’s latest X-Force Threat Intelligence Index reveals a significant surge in cyberattacks originating from basic security vulnerabilities, with attackers increasingly leveraging AI tools to identify and exploit these gaps more rapidly. The report identifies the Asia-Pacific region as the second most-targeted area globally, accounting for 27% of the incidents monitored by IBM X-Force.
The findings emerge amid rising concerns among regional governments and operators about threats to critical services. In Singapore, for instance, all four telecommunications providers faced coordinated attacks from the threat actor UNC3886, prompting what officials have characterized as the largest cyber response in the nation’s history. Additional research conducted by Thales in collaboration with S&P Global 451 Research indicates that 71% of organizations in the Asia-Pacific now view AI as their principal data security risk.
IBM’s X-Force observed a 44% global increase in attacks that began with the exploitation of public-facing applications. The firm attributes much of this growth to the lack of proper authentication controls and the use of AI for vulnerability discovery. The exploitation of vulnerabilities has now emerged as the leading cause of cyber incidents, accounting for 40% of cases reported by X-Force in 2025.
Ransomware shifts
Additionally, the index highlights a more crowded ransomware landscape, with a 49% year-on-year rise in active ransomware and extortion groups. The number of publicly disclosed victims has also grown by roughly 12%. IBM characterizes the ecosystem as increasingly fragmented, populated by smaller, transient operators who conduct lower-volume campaigns, complicating the attribution of attacks.
This shift is partly driven by the reuse of leaked tools, established methodologies, and the automation of certain operations through AI. Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM, noted that attackers are not fundamentally altering their tactics but are instead accelerating them with AI technology. “The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed,” he stated. Hughes emphasized that security leaders must adopt a more proactive stance, utilizing agentic-powered threat detection and response to identify vulnerabilities and mitigate threats before they escalate.
In the Asia-Pacific region, malware was the primary action in 45% of observed activities, while spam and legitimate tools each accounted for 15%. Server access was noted in 10% of incidents. Exploitation of public-facing applications and the use of valid accounts were the dominant initial access vectors, representing 50% and 30%, respectively. IBM interprets these trends as indicative of weaknesses in managing internet-facing exposure and securing identities and credentials.
Data theft and damage to brand reputation were the most frequently recorded impacts, each accounting for 14% of incidents. Credential harvesting constituted 7% of the reported impacts in the region. Catherine Lian, General Manager and Technology Leader at IBM ASEAN, remarked, “Asia-Pacific continues to face a sharp increase in cyber threats, with attackers increasingly leveraging AI and exploiting gaps in basic security.” She urged organizations to prioritize identity protection and visibility across cloud and application environments to combat these evolving threats.
Manufacturing targeted
The manufacturing sector has remained the most targeted industry in the index for the fifth consecutive year, comprising 27.7% of all incidents reported by X-Force. The Asia-Pacific region accounted for 68% of manufacturing-focused incidents, with data theft being the most common reported outcome. The sector significantly overshadowed other targeted sectors, including finance and insurance at 17% and transportation at 7%.
IBM’s report also underscores identity risks associated with workplace use of AI services. The X-Force index indicates that infostealer malware resulted in the exposure of over 300,000 ChatGPT credentials in 2025, suggesting that AI platforms are now facing credential risks akin to other widely used software-as-a-service tools. Compromised credentials for chatbots could lead to risks beyond mere account access, such as data exfiltration and malicious prompt injection. Strong authentication and conditional access controls are deemed essential in mitigating such exposure.
Moreover, X-Force highlights the growing concern of supply chain compromises. The index noted a nearly fourfold increase in significant supply chain or third-party compromises since 2020, as attackers exploit trust relationships and development automation. IBM warns of a narrowing gap between nation-state actors and financially motivated groups, with tactics once associated with state-backed entities increasingly appearing among profit-driven operators. The firm anticipates that pressures on development pipelines and open-source ecosystems will intensify in 2026 as AI coding tools elevate software output, potentially introducing unvetted code into workflows.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
