Application Exploitation Sees Resurgence in Cyber Attacks, Threat Actors Turn to AI-Powered Tools

In a surprising reversal of the long-standing trend, researchers at IBM’s X-Force threat intelligence unit have observed a significant increase in cyber attacks that begin with the exploitation of vulnerable public-facing applications. According to their latest report, this practice has seen a 44% surge in recent months, outpacing credential abuse by a substantial margin.

In recent years, the security community has often joked about attackers not hacking the cloud but rather logging in to legitimate accounts. This phenomenon has been fueled by the widespread use of cloud services, which can provide an easy entry point for threat actors seeking to gain unauthorized access to sensitive data. However, as our reliance on cloud infrastructure continues to grow, so too does the number of vulnerabilities being exploited by attackers.

The X-Force report highlights a critical need for stronger access controls, rigorous patching, and secure deployment practices in order to prevent such attacks. The team's findings suggest that artificial intelligence (AI) tools are playing a significant role in driving this trend by making it easier for attackers to identify misconfigured or vulnerable applications. This technology has also enabled threat actors to bypass human oversight and move directly from scanning to impact, significantly increasing the speed and effectiveness of their attacks.

"We're not seeing new attack vectors, we're just speeding up existing ones with AI," said Mark Hughes, IBM global managing partner for cyber security services. "The core issue is still the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact."

This warning comes as security leaders face a daunting challenge in keeping up with the rapid pace of technological change. As AI-powered tools become increasingly prevalent, defenders must adapt their strategies to stay ahead of the threat actors.

The X-Force report also notes that while credential theft remains a common initial access vector, there is a growing identity problem around AI, particularly when it comes to popular generative AI services like ChatGPT. The researchers found that over 300,000 ChatGPT credentials were exposed in 2025 due to the use of infostealer malware, highlighting the need for stricter policies around AI use.

Furthermore, the report observed a significant increase in active ransomware groups, with many smaller operators running low-volume campaigns that complicate attribution. The use of AI is also playing a peripheral role in automating ransomware operations, and X-Force expects this trend to continue in the coming months.

In conclusion, the resurgence of application exploitation as an initial access vector highlights the ongoing challenge faced by security leaders in keeping up with the evolving threat landscape. As we move forward, it's essential that organizations prioritize stronger access controls, rigorous patching, and secure deployment practices to prevent such attacks. Additionally, there is a pressing need for security teams to assess their use of AI and enforce stricter policies around it.

Security professionals can learn from this trend by focusing on proactive threat detection and response strategies using agentic-powered tools. By identifying gaps in their systems and catching threats before they escalate, organizations can reduce the risk of data breaches and minimize the impact of cyber attacks.

As the threat landscape continues to evolve, one thing is clear: security leaders must stay vigilant and adapt their strategies to stay ahead of the threat actors. Only by doing so can we hope to mitigate the growing threat of application exploitation and protect our digital assets from these increasingly sophisticated attacks.