Exploited vulnerabilities jump 43% in Q1 as cyber criminals leverage AI for more effective attacks - Beazley Security

News provided by

Beazley Security

May 12, 2026, 10:00 ET

  • More than 15,200 new vulnerabilities were disclosed in Q1, including nearly 3,900 classified as high risk
  • Compromised credentials dominate as the primary initial access vector, accounting for 74% of ransomware intrusions
  • Beazley Security Labs recorded a 15% increase in critical zero-day advisories issued to clients

WEST HARTFORD, Conn., May 12, 2026 /PRNewswire/ -- Beazley Security today releases its Quarterly Threat Report for Q1 2026, revealing that exploited vulnerabilities rose 43% in the first three months of the year, fueled by AI-enabled supply chain attacks and a surge in actively exploited zero-day vulnerabilities.

More than 15,200 new vulnerabilities were disclosed in Q1, including nearly 3,900 classified as high risk. The number of vulnerabilities added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog increased 43% compared with Q4 2025, signaling faster real-world weaponization. Alongside this, Beazley Security Labs recorded a 15% increase in critical zero-day advisories issued to clients, driven in part by vulnerabilities impacting edge infrastructure such as VPNs and firewalls.

March incidents buck trend for quarter

After a seasonal slowdown early in the quarter, threat activity accelerated in March with two impactful incidents. In the first, an autonomous AI agent scanned thousands of public code repositories, identified misconfigured access controls, and exploited them without human direction. This ultimately enabled a threat actor group to compromise Trivy, a widely trusted open-source vulnerability scanner used across the software development industry, which had wide ranging impact.

In the second, an Iranian-linked hacktivist group carried out a politically motivated attack against medical device manufacturer Stryker, weaponizing Microsoft Intune to remotely wipe more than 200,000 systems worldwide.

AI-assisted attacks target developer supply chains

One of the most significant incidents of the quarter involved threat actor group TeamPCP, which used an automated AI agent, dubbed hackerbot-claw, to identify and exploit misconfigurations in GitHub CI/CD workflows. The attackers ultimately poisoned a well-known security scanner, Trivy, with credential-stealing malware, cascading compromise risk across thousands of downstream tools and organizations such as the opensource AI gateway LiteLLM, which is reliant on the tool.

The incident highlights a growing trend toward developer-focused supply chain attacks that prioritize targeting non-human identities to compromise automation pipelines over traditional user credentials.

Ransomware activity holds steady as tactics persist

Ransomware incident volumes remained largely stable compared with previous quarters, with activity rebounding in March following a seasonal lull. Compromised credentials continued to dominate as the primary initial access vector, accounting for 74% of ransomware intrusions observed by Beazley Security investigators.

At the same time, incident responders noted an increase in extortion-only attacks, where threat actors exfiltrate data without deploying encryption as a lower-effort tactic that still enables negotiation leverage.

Alton Kizziah, CEO of Beazley Security, said: "The first quarter began quietly and ended with some of the most consequential cyber events we've seen in years. What stood out wasn't just the volume of activity, but the efficiency. Beazley Security Labs researchers have noted how AI-assisted tooling is enabling attackers to scale familiar techniques faster, with broader downstream impact."

Josh Carolan, director of security research at Beazley Security, added: "Attackers aren't reinventing their playbooks. They're refining tradecraft, using AI-driven automation and trusted platforms to move faster, scale operations, and increase impact."

About the Report

Beazley Security Labs' Quarterly Threat Report synthesizes global threat intelligence, incident response data and MDR telemetry to identify trends shaping the cyber risk landscape. The Q1 2026 report examines the growing role of AI in both offensive and defensive security operations, evolving supply chain risks and the continued importance of foundational security controls.

Access the full Q1 2026 Quarterly Threat Report at: https://beazley.security/insights/insights/quarterly-threat-report-first-quarter-2026.

About Beazley Security

Beazley Security is a global cybersecurity services firm offering managed detection and response, incident response, exposure management, and advisory services to organizations of all sizes. A wholly owned subsidiary of Beazley plc, the company helps clients build resilience from pre-breach preparation through remediation.

Beazley Security Labs publishes ongoing research and advisories at labs.beazley.security.

SOURCE Beazley Security

21%

more press release views with 
Request a Demo

Also from this source

New Exposure Management Product Combats Accelerating Risk

New Exposure Management Product Combats Accelerating Risk

Beazley Security today announced availability of its Exposure Management product, which delivers continuous, automated discovery and...
Beazley Security Targets Risk Reduction Through Broad Availability of Security Posture Reports

Beazley Security Targets Risk Reduction Through Broad Availability of Security Posture Reports

Beazley Security, the integrated cyber risk management firm wholly owned by Beazley Insurance, announced today the expanded availability of Security...
More Releases From This Source

Explore

Artificial Intelligence

Artificial Intelligence

The Latest Artificial Intelligence News

The Latest Artificial Intelligence News

High Tech Security

High Tech Security

Computer & Electronics

Computer & Electronics

News Releases in Similar Topics