The 2026 Verizon DBIR provides one of the clearest views into how the threat landscape is evolving. With Six Degrees having contributed to the report for a second consecutive year, our Cyber Security Assurance Technical Director Andy Swift has summarised some of the key findings that organisations should be paying attention to – from the rise of vulnerability exploitation to the growing operational use of AI by threat actors.
The latest edition of the Verizon Data Breach Investigations Report (DBIR) has now been published – and Six Degrees was once again one of a select number of cyber security organisations invited to contribute. Widely regarded as one of the cyber security industry’s most comprehensive and authoritative reports, the DBIR draws on insights from leading incident response and digital forensics teams across the globe.
We are proud to have contributed to the report for the second consecutive year, sharing our expertise alongside many of the industry’s foremost cyber security practitioners. The result is a valuable body of research that helps organisations better understand the evolving threat landscape and the tactics being used by today’s attackers.
Over the coming weeks, we’ll take a deeper dive into some of the report’s key themes. But for now, several headline findings deserve immediate attention.
Vulnerability Exploitation Continues to Rise
One of the most significant trends highlighted in this year’s report is the continued growth in vulnerability exploitation as the primary route to initial compromise. In 2025, exploitation of vulnerabilities overtook phishing and credential abuse as the leading method attackers used to gain initial access. The 2026 report shows this trend accelerating further, with vulnerability exploitation now establishing a clear lead over other attack vectors.
This does not mean that phishing and credential theft are no longer significant threats. Rather, it reflects the increasing effectiveness of modern security controls designed to detect and prevent these types of attacks. Email security technologies, multi-factor authentication, user awareness training, and identity protection measures have made many traditional attacks more difficult and less efficient for threat actors.
At the same time, organisations continue to face challenges in identifying, prioritising, and remediating vulnerabilities quickly enough to keep pace with emerging threats. As attackers increasingly focus on exploiting known weaknesses, effective vulnerability management is becoming a critical component of cyber resilience.
The Growing Role of Social Engineering
The report also introduces “pretexting” as a distinct category of attack. Pretexting involves attackers establishing trust with a target over an extended period before persuading them to take a specific action, such as sharing sensitive information, approving a payment, or granting access to systems. The emergence of this category reflects a notable increase in sophisticated social engineering campaigns that go beyond traditional phishing techniques.
This development serves as a reminder that while technology remains essential, security awareness, verification processes, and organisational culture continue to play a crucial role in defending against cyber threats.
Record Numbers of Vulnerabilities
Another notable finding is the continued growth in the number of disclosed vulnerabilities. The volume of vulnerabilities identified over the past year reached record levels, and this is a trend that shows little sign of slowing. With the evolution of AI tools like Claude Mythos, advances in AI-assisted research are helping both security professionals and threat actors identify software weaknesses more rapidly than ever before.
While increased discovery ultimately contributes to a stronger security ecosystem, it also expands the workload facing security teams tasked with assessing and remediating vulnerabilities before they can be exploited. This growing volume is likely contributing to the rise in vulnerability-based attacks, as organisations struggle to keep pace with an increasingly complex threat environment.
AI’s Expanding Role in Cyber Attacks
Unsurprisingly, artificial intelligence continues to feature prominently throughout the report. Evidence suggests that threat actors are increasingly leveraging AI and large language models (LLMs) to support a range of activities, including target research, reconnaissance, initial access operations, and the development of supporting tools such as scanners, information stealers, and enumeration frameworks.
However, one of the report’s most interesting observations is that AI is currently being used primarily to enhance operational efficiency rather than create entirely new forms of attack. In many cases, AI is helping attackers automate existing processes, accelerate research, and scale established techniques. While this increases the speed and volume of attacks, it has not yet resulted in a widespread shift towards fundamentally new attack methodologies.
That said, the pace of AI development remains extraordinary. What is true today may not remain true for long, and organisations should continue to monitor how AI capabilities evolve and how threat actors adapt them for offensive purposes.
What This Means for Organisations
The findings from this year’s DBIR reinforce a clear message: cyber security programmes must continue to evolve in response to changing attacker behaviour. As vulnerability exploitation becomes the dominant route to compromise, organisations should ensure they have effective vulnerability management, patching, attack surface monitoring, and security testing programmes in place. At the same time, they must remain vigilant against increasingly sophisticated social engineering tactics and prepare for the growing influence of AI within the threat landscape.
While attackers continue to adapt their methods, the organisations that focus on resilience, visibility, and continuous improvement will be best positioned to reduce risk and respond effectively when incidents occur.
Need support? As a DBIR contributor, Six Degrees demonstrates the knowledge and capabilities to enhance your cyber security posture in today’s hostile digital landscape. If you want to discuss how your business can prepare for the latest cyber threats – and how Six Degrees can help you implement a future-ready security programme – contact our team today.
