Shadow AI and Vulnerability Exploits Dominate Latest Cybersecurity Threats, Verizon Report Finds
A surge in unauthorized AI use by employees dubbed "shadow AI" is exposing organizations to significant insider risks, according to Verizon’s latest Data Breach Investigations Report (DBIR). The study, analyzing over 22,000 global breaches, reveals that 45% of professionals regularly use AI at work, with 67% of those accessing tools like ChatGPT, Claude, or coding platforms via personal, unauthorized accounts. This marks a fourfold increase in non-malicious insider actions compared to last year.
Employees are feeding sensitive data into these platforms at an alarming rate: 28% of data loss prevention violations involved source code, while images, documents, and proprietary research were also uploaded. In 3.2% of cases, workers shared technical documentation, risking intellectual property exposure. The trend has prompted calls for stricter enterprise asset controls and the adoption of AI Bills of Materials (AI-BOMs), which track model configurations and provenance to help detect tampering or misuse.
Beyond shadow AI, the report highlights a resurgence in vulnerability exploitation as the top breach cause, surpassing credential abuse (down 13% from 2024). Patching remains sluggish, with critical vulnerabilities from CISA’s Known Exploited Vulnerabilities (KEV) catalog remediated at just 26% down from 38% in 2025. The median time to resolve vulnerabilities also rose to 43 days, up from 32 days the prior year, despite a 50% increase in critical flaws requiring attention.
Ransomware continued its dominance, appearing in 48% of breaches (up from 44%), though victim payments declined. Only 31% of organizations paid ransoms, with the median demand dropping to $139,875 from $150,000. The findings underscore persistent gaps in both human-driven risks and technical defenses.
Source: https://www.theregister.com/ai-ml/2026/05/19/shadow-ai-surges-in-the-workplace/5242868
Verizon cybersecurity rating report: https://www.rankiteo.com/company/verizon
"id": "VER1779216233",
"linkid": "verizon",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'location': 'Global', 'type': 'Global Organizations'}],
'attack_vector': ['Shadow AI (Unauthorized AI Use)',
'Unpatched Vulnerabilities'],
'data_breach': {'file_types_exposed': ['Source code',
'Images',
'Documents',
'Technical documentation'],
'sensitivity_of_data': ['High (Intellectual Property, '
'Proprietary Research)'],
'type_of_data_compromised': ['Source code',
'Images',
'Documents',
'Proprietary research',
'Technical documentation']},
'description': "A surge in unauthorized AI use by employees dubbed 'shadow "
"AI' is exposing organizations to significant insider risks, "
'alongside a resurgence in vulnerability exploitation as the '
'top breach cause, according to Verizon’s latest Data Breach '
'Investigations Report (DBIR). The report highlights slow '
'patching, ransomware dominance, and declining ransom '
'payments.',
'impact': {'data_compromised': ['Source code',
'Images',
'Documents',
'Proprietary research',
'Technical documentation']},
'investigation_status': 'Completed (Report Published)',
'lessons_learned': 'Persistent gaps in human-driven risks (e.g., shadow AI) '
'and technical defenses (e.g., slow patching) require '
'stricter controls, AI governance frameworks, and faster '
'vulnerability remediation.',
'motivation': ['Data Exposure',
'Financial Gain (Ransomware)',
'Intellectual Property Theft'],
'post_incident_analysis': {'corrective_actions': ['Stricter AI governance '
'policies',
'Faster vulnerability '
'remediation processes',
'Implementation of AI-BOMs'],
'root_causes': ['Unauthorized use of AI tools '
'(shadow AI) by employees',
'Slow patching of critical '
'vulnerabilities',
'Insufficient enterprise asset '
'controls']},
'ransomware': {'ransom_demanded': '$139,875 (median)',
'ransom_paid': '31% of organizations'},
'recommendations': ['Implement stricter enterprise asset controls to prevent '
'unauthorized AI use',
'Adopt AI Bills of Materials (AI-BOMs) to track model '
'configurations and detect tampering',
'Accelerate patching of critical vulnerabilities, '
'especially those in CISA’s KEV catalog',
'Enhance insider threat monitoring for shadow AI '
'activities',
'Develop policies for secure AI tool usage in the '
'workplace'],
'references': [{'source': 'Verizon Data Breach Investigations Report (DBIR)'}],
'response': {'remediation_measures': ['Stricter enterprise asset controls',
'Adoption of AI Bills of Materials '
'(AI-BOMs)']},
'title': 'Shadow AI and Vulnerability Exploits Dominate Latest Cybersecurity '
'Threats',
'type': ['Insider Threat', 'Vulnerability Exploitation', 'Ransomware'],
'vulnerability_exploited': 'Critical vulnerabilities from CISA’s Known '
'Exploited Vulnerabilities (KEV) catalog'}