Exploits of public-facing apps are surging. Why?
Summary
The 2026 IBM X-Force Threat Intelligence Index reveals a 44% surge in public-facing application exploitations, with 56% not requiring authentication. This reflects a rise in supply chain attacks targeting development ecosystems and trust infrastructure. Credential theft remains a significant threat, accounting for 32% of initial attack vectors, driven by its low cost and high effectiveness for attackers. A new trend shows over 300,000 ChatGPT credentials exposed on the Dark Web, highlighting the increasing targeting of AI agent credentials due to the extensive permissions granted to AI tools. The report also notes that core AI infrastructure components, including model context and agent-to-agent protocols, are vulnerable, with concerns about shadow AI and the lack of cryptographic assurances for model provenance. Common attack patterns still include exploiting misconfigured access controls, scanning for vulnerable software, and password brute-forcing, underscoring persistent weaknesses in basic security hygiene.
Key takeaway
For CTOs and VPs of Engineering assessing their organization's cyber defenses, prioritize strengthening basic security hygiene, especially multi-factor authentication and robust access controls, as these remain primary weaknesses. Your teams must also conduct thorough due diligence on supply chain partners and actively map your external footprint to mitigate the growing risks from public-facing application and AI agent credential exploitations. Consider integrating AI governance early in development cycles to prevent shadow AI and ensure cryptographic assurances for models.
Key insights
Cybersecurity threats are evolving with AI, yet basic hygiene and supply chain vulnerabilities remain critical attack vectors.
Principles
- Security must be built-in, not bolted on.
- Human education is paramount for cybersecurity.
- Understand your external attack surface.
Method
The IBM X-Force Threat Intelligence Index compiles data from incident response, pen testing, and the Dark Web to analyze the cyber threat landscape, categorizing attack patterns using the MITRE CAPEC framework.
In practice
- Implement strong authentication for all applications.
- Conduct regular risk assessments for supply chain partners.
- Inventory all publicly exposed assets and domains.
Topics
- AI Security
- Supply Chain Attacks
- Threat Intelligence
- Public Application Exploits
- Credential Theft
Best for: CTO, VP of Engineering/Data, Director of AI/ML, Security Engineer, AI Security Engineer, MLOps Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.