Verizon Report Fuels Feedback on AI, Patching, Vulnerability Management

'The reflex after a report like this is to procure more AI. The data argues against it.'

Jun 4, 2026
Patching Istock Pashalgnatov
istock.com/Pashalgnatov
Verizon Business recently unveiled their annual Data Breach Investigations Report (DBIR). Specific to manufacturing, it's not surprise that this year's findings reflect a sector under constant attack and subject to increasing operational disruptions, IP exposure, and ransomware, with recovery costs increasingly becoming a cost of doing business.
 
Some additional findings include:
  • Three patterns account for 91 percent of manufacturing breaches: System Intrusion, Social Engineering, and Basic Web Application Attacks.
  • Malware is pervasive – and ransomware is the primary driver – present in 75 percent of manufacturing breaches, and ransomware accounting for 61 percent. 
  • Internal data is seen as the leading target, appearing in 80 percent of reported manufacturing breaches. Credentials were compromised in 26 percent of incidents, and personally identifiable information (PII) theft accounted for 17 percent.
  • Remote Monitoring and Management (RMM) tools used widely in manufacturing environments have grown 240 percent in prevalence as an attacker tool over the last year – offering attackers persistent, legitimate-looking access.
  • Vulnerability exploitation has become the leading initial access vector across all sectors – a critical issue for manufacturers running legacy OT/IT environments where patching timelines are often extended. 
Numerous industry stakeholders offered their takeaways from what has become one of the most highly anticipated reports in cybersecurity.

Scott Miserendino, VP of Engineering, Cyber at DataBee

“Vulnerability exploitation is now the front door—and patching isn’t keeping up.

"The DBIR confirms what many security leaders are experiencing operationally: exploitation of vulnerabilities is now the leading initial access vector, overtaking credential abuse. But the more important signal isn’t just attacker behavior—it’s defender constraints. Organizations are facing a growing backlog of critical vulnerabilities, with only 26 percent fully remediated and a median remediation time stretching to 43 days. 

"The gap here isn’t awareness—it’s operational execution. Security teams don’t lack vulnerability data; they lack the ability to prioritize, coordinate, and act on it at scale across fragmented environments.

"Looking ahead, this challenge is likely to intensify. Emerging cyber-focused AI models—such as Anthropic’s Mythos, OpenAI’s GPT-5.5-Cyber, and DeepMind’s Big Sleep—have the potential to dramatically accelerate vulnerability discovery and lower the barrier to exploitation. Even before broad availability, it’s reasonable to expect that attackers will gain access to similar capabilities, enabling them to uncover undisclosed vulnerabilities faster and weaponize them with far less expertise.

"If that happens, the already widening gap between time-to-exploit and time-to-remediate could expand further, making it a critical area to watch in next year’s DBIR."

Dana Simberkoff, Chief Risk, Privacy and Information Security Officer at AvePoint

"I’m not surprised that 45 percent of employees are using unapproved AI tools. In fact,  I would have expected the number to be even higher. But the answer to shadow AI isn’t to block tools. It’s to build a comprehensive trust layer that continuously secures, governs, and audits how data is accessed and used across the enterprise. 

"The DBIR reinforces an important point: while AI accelerates the speed and scale of risk, it doesn’t change the fundamental principles of security. Organizations realize value at the intersection of data and AI. However, that’s also where risk compounds. Ultimately, the true differentiator won’t be how quickly companies adopt AI, but whether they’ve established the trust layer and data protection guardrails needed to deploy it securely, responsibly, and with confidence.

"Verizon’s findings also highlight how AI is compressing vulnerability exploitation timelines, which have shrunk from months to hours. Organizations are recognizing that they simply can’t patch fast enough to keep pace with exposure. The path forward is to build a resilient trust layer that reduces the overall attack surface and proactively mitigates the risk of automated exploitation before it ever reaches the network."

Diana Kelley, CISO, Noma Security

"The Verizon DBIR makes one thing very clear: AI is not magically creating a new cyber universe. It is industrializing the one we already struggle to defend. 

"For CISOs, that means the AI story is not just phishing emails with better grammar. It is about vulnerability exploitation becoming the top initial access vector, Shadow AI turning source code and technical documents into accidental data leakage, and agentic systems creating a new class of privileged, machine-speed actors. 

"If an AI agent can act, connect to tools, move data or trigger workflows, it needs to be governed like a privileged identity: least privilege, full logging, human approval for high-risk actions and a fast way to revoke access.

"The practical response is not panic or a ban. It is governance with teeth: know where AI is being used, understand the blast radius, manage confidential data egress, treat agents and service accounts as high-risk identities, enforce least privilege, monitor tool use, and rehearse what happens when an agent makes the wrong decision at machine speed."

Jason Soroko, Senior Fellow at Sectigo

"AI-augmented weaponization accelerates the pace of exploitation beyond human response capabilities. As autonomous systems become deeply integrated into corporate networks, the traditional focus on securing human credentials is no longer sufficient. 

"The most effective mitigation strategy requires abstracting our defenses away from the endless race to patch individual endpoints and instead establishing a hardened identity and authorization control plane. By guaranteeing that every machine, workload, and enterprise AI agent is strictly authenticated through tightly managed public key infrastructure, organizations can effectively neutralize the blast radius of an exploited vulnerability."

Collin Hogue-Spears, Sr. Director of Solution Management at Black Duck

"Vulnerability exploitation topped the DBIR because AI-accelerated attacks outrun patching. AI did not create that gap. AI erased the head start defenders used to have. The fix is not faster patching. It is patching by reachability and containing the rest.

"The losing strategy patches by volume. The winning one patches by reachability and contains the rest. Reachability analysis separates the flaws attackers can actually exploit from the ones that only look dangerous. Compensating controls buy time on everything triage has not cleared. 

"Patching is just one of two layers. The first is AI-augmented reachability analysis that separates exploitable findings from theoretical ones. The second is compensating controls: egress restrictions, behavioral allowlists, and identity-bound access. Those controls slow exploitation while triage runs, because triage and containment are the two clocks defenders can still control.

Trey Ford, Chief Strategy and Trust Officer, Bugcrowd

"AI is making vulnerability discovery and weaponization so fast and cheap that attackers no longer need a stolen password when a known, unpatched flaw gets them in faster. Third-party involvement now accounts for 48 percent of all breaches, up 60 percent year over year, which means the attack surface enterprises must defend extends well beyond anything they directly control or test.

"AI has compressed the window between a published vulnerability and an active exploit from months to hours. Security budgets still calibrated to annual assessment cycles are now structurally mismatched with how fast the threat actually moves.

"The reflex after a report like this is to procure more AI detection tooling. The data argues against it. Third-party involvement in breaches jumped 60 percent, which underscores that coverage problems extend well beyond your perimeter, into every vendor, supplier, and integration partner you rely on. No product closes that gap. Continuous, adversarial pressure across the full attack surface is how you find what attackers will find before they find it."

Morey Haber, Chief Security Advisor, BeyondTrust

"The headline this year belongs to vulnerability exploitation, which has surpassed credential abuse as the most common initial attack vector. Exploitation now accounting for 31 percent of breaches, while stolen credentials have fallen to 13 percent (16 percent with pretexting as a consideration). 

"This inversion matters because for years, organizations have operated under the assumption that identity, specifically, compromised usernames and passwords, was the primary entry point into an organization. After all, it is easier for a threat actor to login verse hack in, right?

"The DBIR's core message this year is not revolution, but rather maturity and cybersecurity refinement. Strong fundamentals: asset and identity visibility, patching discipline, least privilege enforcement, and practiced incident response plans. For 2027, it is not a matter of if your organization will appear in next year's dataset but how your organization responds once an incident has occurred. Will you support the trend or be one of the few that continues to mature and thwart the next wave of attacks."

Mika Aalto, Co-Founder and CEO at Hoxhunt

"I found it interesting that Verizon explicitly included ‘a culture that supports and enables secure behavior’ alongside technical controls like patch management and response planning. That’s an important signal for the industry. Security culture is no longer a soft initiative sitting outside core security operations. It’s part of the operational foundation."

Latest in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
June 1, 2026
Robot Human Hand Connection 000075665883 Small
The Impact of AI on the Identity Attack Surface
June 4, 2026
Industrial Hack Andrey Popov
Your RAID Backup Isn’t Really Backup
June 4, 2026
Phishing Tadamichi
A Simple Tool to Combat Phishing Schemes
June 4, 2026
Related Stories
Hacktivist Peshkov
Cybersecurity
CISA, Partners Release Fact Sheet on Securing Automatic Tank Gauge Systems
Kela
Cybersecurity
Inside The Gentlemen Data Breach
Phishing Tadamichi
Cybersecurity
Report Details New Phishing Scheme
Strengthen Your Manufacturing Sales Resiliency
Sponsor Content
Strengthen Your Manufacturing Sales Resiliency
More in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
Discover manufacturing sales and marketing strategies for today’s volatile market. Get guide now!
June 1, 2026
Robot Human Hand Connection 000075665883 Small
Cybersecurity
The Impact of AI on the Identity Attack Surface
Companies are giving AI agents the keys to critical systems faster than safeguards can be established.
June 4, 2026
Industrial Hack Andrey Popov
Cybersecurity
Your RAID Backup Isn’t Really Backup
Avoid finding out the hard way.
June 4, 2026
Phishing Tadamichi
Cybersecurity
A Simple Tool to Combat Phishing Schemes
Consistent email signatures can help support human-centric security and foster a cybersecurity culture.
June 4, 2026
Ai Cybersecurity Ismagilov
Cybersecurity
Trump's AI Order Generates Support, Raises More Questions
'Adversaries are operating at machine speed and the Government is operating at bureaucracy speed.'
June 4, 2026
Hacktivist Peshkov
Cybersecurity
CISA, Partners Release Fact Sheet on Securing Automatic Tank Gauge Systems
Threat activity involves bad actors manipulating the readings of internet-exposed ATG systems.
June 3, 2026
Kela
Cybersecurity
Inside The Gentlemen Data Breach
Breaking down how this Ransomware-as-a-Service group has surged in the threat rankings.
June 2, 2026
Phishing Tadamichi
Cybersecurity
Report Details New Phishing Scheme
How calendar invite files are now being used to unleash malware.
June 2, 2026
Hacker In Clouds Leolintang
Cybersecurity
The Expanding OT Threat
These attacks are finally being recognized for impacts that go beyond just a single enterprise.
May 29, 2026
Soc
Cybersecurity
OT Remote Access Compliance Tool Helps Control Audit Costs
Continuous audit evidence is built into OT and CPS remote access - eliminating manual work.
May 29, 2026
Encryption
Cybersecurity
The Risks of Delaying Quantum Encryption Strategies
The mindset is understandable, but dangerous.
May 29, 2026
Ai
Artificial Intelligence
The Hidden Pitfalls of AI Integration in Manufacturing
The question is not whether AI can be useful, but whether it can be integrated without compromise.
May 29, 2026
Ai Cybersecurity Ismagilov
Cloud Computing
How AI Adoption Is Creating Unseen Vulnerabilities on the Factory Floor
The use of agents and generative AI tools are the top concerns of manufacturing security professionals.
May 28, 2026
Ep175
Video
Security Breach: 'Defense in Depth is Dead'
Issuing some reality checks for your cybersecurity strategies and investments.
May 28, 2026
Industrial Cyber
Cybersecurity
The Cybersecurity Risks Posed by Older Ethernet Systems
Industrial Ethernet remains critical, but outdated systems pose significant cybersecurity risks.
May 28, 2026