IBM X-Force 2026: Cloud Application Exploitation Surges 44%
IBM X-Force 2026: Cloud Application Exploitation Surges 44%
The IBM X-Force Threat Intelligence Index 2026 landed in February, and the headline number is enough to make any CISO wince: exploitation of public-facing applications surged 44% year-over-year in 2025, making vulnerability exploitation the leading cause of incidents for the first time, at 40% of all observed cases. That’s a structural shift. After two years of credential abuse dominating as the top initial access vector, attackers pivoted hard to the path of least resistance: unpatched, internet-exposed, often cloud-hosted software.
The core thesis of the report is blunt: attackers aren’t innovating. They’re scaling what already works, and AI is compressing the timeline from discovery to impact. For teams running cloud infrastructure, the implications are immediate and uncomfortable.
| Metric | 2025 Finding | Year-over-Year Change |
|---|---|---|
| Public-facing app exploitation | 40% of all incidents | +44% |
| Active ransomware/extortion groups | 109 groups | +49% |
| Vulnerabilities requiring no authentication | 56% of all disclosed | N/A |
| Devices infected with infostealers | 16 million+ | N/A |
| ChatGPT credentials on dark web | 300,000+ | N/A |
| Supply chain breaches (vs. 2020) | Nearly 4x increase | N/A |
| Most targeted industry | Manufacturing (27.7%) | 5th consecutive year |
| Most attacked region | North America (29%) | +5pp from 2024 |
Public-Facing Applications: The New Default Entry Point
X-Force tracked nearly 40,000 vulnerabilities in 2025. The critical detail: 56% of disclosed flaws required no authentication to exploit. That means more than half the attack surface available to adversaries doesn’t need phishing, credential theft, or social engineering. Scan, find, exploit. No human in the loop.
Vulnerability exploitation now accounts for 40% of all incidents, displacing credential abuse (32%) from the top spot. This isn’t a zero-day problem. The vast majority of successful exploits target known, already-patched vulnerabilities. The bottleneck isn’t knowledge, it’s execution speed on the defender’s side. IBM’s own X-Force Red penetration tests confirmed what red teams have known for years: misconfigured access controls remain the most common entry point.
For cloud-native organizations, the attack surface compounds. Every public-facing API, every container orchestration endpoint, every SaaS integration with an internet-accessible management console is a candidate. The Turing Point analysis of the report notes that the Cloud Security Alliance has identified what it calls the ‘Toxic Cloud Trilogy’: a publicly accessible workload, a critical vulnerability, and elevated privileges. Even at a reduced prevalence of 29% of cloud workloads in mid-2025, a single instance of that combination is sufficient for full compromise.
Supply Chain Compromises Nearly Quadrupled Since 2020
If application exploitation is the hammer, supply chain attacks are the multi-tool. IBM X-Force recorded a nearly fourfold increase in large supply chain and third-party compromises since 2020. Attackers aren’t going after endpoints anymore; they’re targeting the environments where software is built, tested, and deployed.
CI/CD pipelines, package registries (npm, PyPI), and SaaS integrations are the new perimeter. A single compromised developer account on GitHub or GitLab can distribute malicious updates across thousands of downstream projects. IBM documented rising attacks on platforms including GitHub, GitLab, and npm, with open-source registries remaining high-risk targets because compromised accounts propagate trojanized packages at scale.
The report cites the NPM worm Shai-Hulud as a concrete example of supply chain weaponization. For organizations consuming open-source dependencies at scale, every package.json, every requirements.txt, every Terraform module sourced from a public registry is a potential blast radius. The Turing Point analysis adds a wrinkle: generative AI-assisted development is accelerating the creation of what the CSA calls “slop code” — suboptimal components with hidden security flaws that developers integrate with minimal scrutiny. The risk is shifting from known CVEs in established libraries to novel, AI-generated code that was never manually reviewed.
Infostealers, AI Credentials, and the Identity Crisis
Credential abuse may no longer be the top initial access vector, but it remains the backbone of campaign escalation. IBM observed over 16 million devices infected with infostealer malware in 2025, including Lumma, Acreed, and Vidar. Stolen browser passwords, session cookies, and API tokens end up on dark web marketplaces like Russian Market, where complete credential sets sell for as little as $10.
The new twist: infostealers are now systematically targeting AI platforms. Over 300,000 ChatGPT credentials were advertised for sale on dark web marketplaces in 2025, according to X-Force. While none remained valid at time of posting, the pattern is clear. AI chatbot platforms carry the same credential risk profile as core enterprise SaaS systems. The IBM report warns that compromised chatbot credentials create AI-specific risks beyond simple account access: attackers can manipulate outputs, exfiltrate sensitive data, or inject malicious prompts.
The Cloud Security Alliance reports that the ratio of machine-to-human identities in cloud environments has reached 100-to-1. Service principals, API keys, and automated agents vastly outnumber human users, and SentinelOne attributes over 70% of all cloud breaches to compromised identities. Every non-human identity in your cloud tenant is a potential attack vector that likely lacks the governance and monitoring applied to human accounts.
Ransomware Fragmentation and the Blurring of Attribution Lines
Active ransomware and extortion groups surged 49% year-over-year. X-Force identified 109 distinct extortion groups in 2025, up from 73 in 2024. The ecosystem is fragmenting into smaller, more transient operators running lower-volume campaigns that complicate attribution and incident response.
This fragmentation is driven by collapsed barriers to entry. Leaked tooling from disrupted groups like LockBit is recycled by newcomers. Established playbooks are shared across underground forums. And the IBM report documents a concerning convergence: techniques once associated with nation-state actors are now routinely adopted by financially motivated groups. Three criminal groups — Scattered Spider, LAPSUS$, and ShinyHunters — are cited as particularly active in exploiting identity systems, vendor trust relationships, and SaaS interconnectivity, with their reported alliance in mid-2025 marking a notable escalation.
What Defenders Must Do Now
The X-Force 2026 report is not a call for novel tooling. It’s a call for discipline applied at scale. The recommendations are grounded in what’s demonstrably working:
- Aggressive vulnerability management. Public-facing applications are the top vector. Prioritize patching internet-exposed services with the same urgency as CISA KEV-listed vulnerabilities. A 44% surge in exploitation isn’t a trend — it’s an indictment of patch latency.
- Identity as critical infrastructure. Implement phishing-resistant MFA (FIDO2/passkeys). Extend identity governance to non-human identities — service accounts, API keys, CI/CD tokens. The 100-to-1 machine-to-human identity ratio means most of your attack surface is ungoverned.
- Supply chain hardening. Require SBOMs from vendors. Pin dependency versions. Implement artifact signing and verification. Treat every external dependency as untrusted until verified.
- AI platform security. Apply the same authentication, authorization, and monitoring rigor to AI chatbot platforms as to any enterprise SaaS. Compromised ChatGPT sessions can expose connected systems and sensitive prompt data.
- Transition to ephemeral credentials. IBM recommends moving from static API keys to identity-based, time-limited credentials with access windows measured in minutes. The principle of least privilege must extend to every automated workload.
- Cloud posture management at scale. Misconfigurations account for 95% of cloud security failures according to IBM. Deploy CSPM tools, enforce CIS benchmarks, and automate remediation for the “Toxic Cloud Trilogy” pattern.
Frequently Asked Questions
What was the most significant shift in the 2026 IBM X-Force report?
Vulnerability exploitation of public-facing applications displaced credential abuse as the top initial access vector for the first time, accounting for 40% of incidents with a 44% year-over-year increase. This reflects a structural shift toward targeting unpatched internet-exposed software rather than stealing credentials.
Why are infostealers targeting AI chatbot credentials?
Infostealer operators are expanding target lists to include AI platforms because compromised chatbot credentials create unique risks: attackers can manipulate AI outputs, exfiltrate sensitive prompt data, access connected enterprise systems, and inject malicious instructions. Over 300,000 ChatGPT credentials were observed on dark web marketplaces in 2025.
What is the “Toxic Cloud Trilogy” and why does it matter?
Coined by the Cloud Security Alliance, it describes the combination of a publicly accessible workload, a critical vulnerability, and elevated privileges. While prevalence decreased from 38% to 29% of cloud workloads, a single instance is sufficient for full breach. At enterprise scale with hundreds of thousands of workloads, this pattern represents persistent systemic risk.
How has ransomware changed according to the report?
The ransomware ecosystem fragmented significantly, with 49% more active groups (109 total) in 2025 versus 2024. Lower barriers to entry from leaked tooling, recycled playbooks, and AI-enabled automation are driving the proliferation of smaller, transient operators that complicate attribution and response.