Rising Cyber Threats: Organizations Struggle with Vulnerabilities Amidst an AI Revolution
In 2025, organizations encountered a significant increase in cybersecurity vulnerabilities, facing a median of 16 CISA Known Exploited Vulnerabilities, a rise from just 11 the previous year. Alarmingly, the percentage of these vulnerabilities that were fully remediated dropped to 26%, down from 38%. This trend reveals a growing crisis in incident response and cybersecurity preparedness, as defenders find themselves in a relentless struggle akin to Alice’s Red Queen Race, where continuous effort is required just to maintain the status quo.
The advent of artificial intelligence (AI) is further intensifying this challenge. A recent collaborative study by the Verizon Data Breach Investigations Report (DBIR) and Anthropic uncovered the activities of 793 threat actors who misused AI platforms for malicious purposes from March 2025 to February 2026. These actors demonstrated varying levels of sophistication, utilizing a median of 15 different ATT&CK techniques to gain initial access. Notably, 32% of these activities specifically targeted vulnerability exploitation.
The findings from this report highlight an indispensable truth: the development and deployment of exploit tools, as well as the adaptation of these tools across various programming languages, has become vastly more achievable due to current AI coding assistance capabilities. This alarming trend culminated in the documentation of VoidLink, the first known malware framework entirely created by an AI agent in a mere six days. By December 2025, researchers reported that 29% of the CISA Known Exploited Vulnerabilities were exploited before they were disclosed publicly, underscoring the urgent threat posed by AI-assisted cybercriminals.
This swift evolution in the tactics and capabilities of cyber adversaries necessitates an urgent reevaluation of how organizations approach their incident response strategies. The National Institute of Standards and Technology (NIST) Special Publication 800-84 has long advocated for formal testing, training, and exercise programs designed to assess and improve incident response preparedness. Given the rapidly changing landscape of cyber threats, this guidance has never been more critical.
Teams must prioritize technical tabletop exercises that focus on real-world triage scenarios rather than hypothetical discussions. These exercises enable participants to practice identifying affected systems, determining the blast radius of an intrusion, executing pre-established containment playbooks, and coordinating remediation efforts across departments—all under realistic time constraints. The rapidly shrinking window between initial compromise and a full-blown breach means that the speed at which technical teams can triage and contain incidents directly influences the severity of the outcomes organizations experience.
The consequences of unpreparedness cannot be understated. Organizations that are forced to confront these challenges for the first time during a live incident often find themselves unable to respond swiftly enough to mitigate damage. Comprehensive training and strategic exercises could spell the difference between a contained incident and a catastrophic breach.
Furthermore, as organizations grapple with these escalating threats and vulnerabilities, it becomes clear that a multi-faceted approach to cybersecurity is essential. Collaboration across departments—IT, security, human resources, and legal—will be critical in crafting an effective response strategy. Equipping teams with not just the technical know-how but also the interpersonal skills necessary to work cohesively during crises will fortify an organization’s defenses against an evolving cyber adversary landscape.
Moreover, investment in advanced cybersecurity solutions that leverage AI for defensive measures will be key. While AI is used by threat actors to devise new kinds of attacks, it can also be deployed to strengthen an organization’s security posture, identifying vulnerabilities and anomalies more efficiently than traditional methods. The dual-use nature of AI presents both a challenge and an opportunity, one that organizations must navigate thoughtfully.
In conclusion, as the frequency and sophistication of cyber threats escalate at an unprecedented rate, organizations must act swiftly to improve their incident response capabilities. The need for realistic training scenarios, comprehensive coordination among departments, and the strategic use of AI technology are paramount. Those who adapt and prepare now may not only withstand the mounting attacks but also emerge from them stronger and more resilient.