TORONTO, Feb. 25, 2026 /PRNewswire/ — IBM (NYSE: IBM) has released its 2026 X-Force Threat Intelligence Index, revealing that AI-accelerated cyberattacks are significantly reshaping the threat landscape in North America, putting Canadian organizations under increased pressure. North America has become the most attacked region globally, accounting for nearly a third of all incidents that X-Force addressed last year, directly impacting Canada.
The report indicates a notable 44% surge in cyberattacks initiated by exploiting public-facing applications. This rise is attributed to vulnerabilities stemming from inadequate authentication controls and the use of AI technologies for vulnerability discovery. Globally, the exploitation of such vulnerabilities emerged as the leading cause of cyberattacks in 2025, highlighting the persistent challenges faced by Canadian firms grappling with outdated systems, delays in patching, and rapidly growing Software as a Service (SaaS) environments.
Cybercriminals continue to actively seek compromised credentials, with credential harvesting identified as the most prevalent impact in North America. The report underscores the growing threat posed by direct attacks on AI platforms, revealing that infostealer malware exposed over 300,000 ChatGPT credentials worldwide in 2025. This incident illustrates the risks associated with deploying AI tools without sufficient safeguards.
“Canadian organizations are facing a perfect storm: legacy systems, rapid AI adoption, and increasingly automated threats,” said Chris Sicard, Security Leader at IBM Canada. “The speed at which attackers can now identify and exploit vulnerabilities means traditional, reactive security models are no longer enough. Organizations across Canada need to modernize authentication, secure their AI adoption, and continuously hunt for vulnerabilities before attackers do.”
The trends identified in the IBM X-Force report reflect the realities of Canada’s digital ecosystem, where shared cloud infrastructure and interconnected supply chains expose enterprises to similar attacker behaviors. In 2025, the manufacturing sector remained the most attacked globally, comprising 27.7% of incidents—a particularly relevant statistic for Canada, given its advanced manufacturing landscape. The finance and insurance sectors also experienced significant threats, accounting for 27% of global attacks, consistent with the concentration of high-value data in Canada’s financial sector. Furthermore, government and public sector organizations faced increased attacks driven by phishing schemes and the use of valid accounts.
The report illustrates that adversaries are leveraging AI to streamline decision-making processes, expand the scale of phishing attacks, and manipulate digital identities. Such advancements enable less-skilled attackers to carry out sophisticated campaigns that were once the domain of highly trained threat actors. This evolving landscape calls for a comprehensive reassessment of security strategies among Canadian organizations.
In light of these findings, IBM recommends several critical measures for Canadian organizations to enhance their cybersecurity posture. Companies should secure AI platforms as integral components of their enterprise infrastructure, adopting conditional access and robust identity controls. There is also a pressing need to modernize authentication practices and treat identity as a critical infrastructure element. Continuous vulnerability assessments across cloud infrastructure, applications, and networks are essential. Organizations should map their external attack surface to identify leaked credentials and client-specific assets, while also strengthening patching and configuration hygiene to mitigate the most exploited attack vectors.
To access the full IBM X-Force Threat Intelligence Index 2026, visit IBM’s official report page.
Media Contact:
Lorraine Baldwin
IBM Canada Communications
[email protected]
IBM Reports 44% Surge in Cyberattacks as AI Exploits Weak Security Vulnerabilities
IBM Reports 44% Surge in AI-Accelerated Cyberattacks Threatening Canadian Enterprises
CIOs Expect AI Cyber Attacks Soon; Only One-Third Feel Prepared to Respond
Gambit Security Secures $61M to Enhance AI Cybersecurity Platform for Ransomware Resilience
Gambit Security Secures $61M to Launch AI Platform for Business Resilience Post-Cyberattack
