AI-driven cyberattacks surge in Asia-Pacific, IBM warns

IBM's latest X-Force Threat Intelligence Index points to a rise in cyberattacks that begin with basic security weaknesses, as attackers use AI tools to find and exploit gaps faster. The report ranks Asia-Pacific as the second most-attacked region, accounting for 27% of cases observed by IBM X-Force.

The findings come as regional governments and operators contend with threats to critical services. In Singapore, all four telecoms operators were recently targeted by threat actor UNC3886, prompting what was described as the country's largest coordinated cyber response. Separate research cited alongside the index, from Thales using S&P Global 451 Research, found 71% of Asia-Pacific organisations now rank AI as their top data security risk.

Across X-Force observations, attacks that began with exploitation of public-facing applications rose 44% globally. IBM attributes much of the increase to missing authentication controls and AI-assisted vulnerability discovery. Vulnerability exploitation also became the leading cause of attacks, accounting for 40% of incidents observed by X-Force in 2025.

Ransomware shifts

The index also describes a more crowded ransomware landscape. X-Force observed a 49% year-on-year increase in active ransomware and extortion groups, while publicly disclosed victim counts rose by roughly 12%. IBM describes the ecosystem as more fragmented, with smaller, more transient operators running lower-volume campaigns that complicate attribution.

Part of the shift is driven by re-used leaked tooling, established playbooks and AI that automates parts of operations. IBM adds that multimodal AI models are likely to change attacker workflows further, increasing automation in reconnaissance and enabling more complex ransomware activity.

"Attackers aren't reinventing playbooks, they're speeding them up with AI," said Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM.

"The core issue is the same: businesses are overwhelmed by software vulnerabilities. The difference now is speed. With so many vulnerabilities requiring no credentials, attackers can bypass humans and move straight from scanning to impact. Security leaders need to shift to a more proactive approach, using agentic-powered threat detection and response to identify gaps and catch threats before they escalate," Hughes said.

Asia-Pacific picture

In Asia-Pacific, attackers most frequently used malware as their primary action on objective, representing 45% of observed activity. Spam accounted for 15%, the use of legitimate tools for 15%, and server access for 10%.

Exploitation of public-facing applications and the use of valid accounts were the leading initial access vectors in the region, at 50% and 30% respectively. IBM frames these routes as signs of weaknesses in managing internet-facing exposure and in protecting identities and credentials.

Data theft and brand reputation damage were the top recorded impacts in the region, each at 14%. Credential harvesting accounted for 7% of impacts cited in the Asia-Pacific findings.

"Asia-Pacific continues to face a sharp increase in cyber threats, with attackers increasingly leveraging AI and exploiting gaps in basic security. This underscores the scale and sophistication of risks facing critical infrastructure, and highlights the need for organisations to prioritise identity protection, secure configurations, and visibility across cloud and application environments to stay ahead of increasingly automated and adaptive threats," said Catherine Lian, General Manager and Technology Leader at IBM ASEAN.

Manufacturing targeted

Manufacturing remained the most targeted industry in the index for the fifth consecutive year, representing 27.7% of incidents observed by X-Force. Data theft was the most common listed outcome.

Asia-Pacific was the main theatre for manufacturing-focused incidents, accounting for 68% of all manufacturing cases observed by X-Force. In the regional breakdown, manufacturing represented 65% of targeted sectors, followed by finance and insurance at 17% and transportation at 7%.

AI credential exposure

The index also highlights identity risks linked to workplace use of AI services. X-Force reports that infostealer malware led to the exposure of more than 300,000 ChatGPT credentials in 2025, suggesting AI platforms now face credential risks similar to other widely used software-as-a-service tools.

Compromised chatbot credentials can carry risks beyond account access, including output manipulation, data exfiltration and malicious prompt injection. IBM points to strong authentication and conditional access controls as key to reducing exposure.

Supply chain pressure

Alongside endpoint and identity-driven attacks, X-Force flags supply chain compromise as a growing concern. It identified a nearly fourfold increase in large supply chain or third-party compromises since 2020, linking the trend to attackers exploiting trust relationships, development automation and software-as-a-service integrations.

IBM also describes a narrowing gap between nation-state and financially motivated actors. It says tactics and techniques have spread across underground forums and that AI is streamlining reconnaissance and exploitation, with methods once associated with state-backed groups appearing more often among profit-driven operators.

IBM expects pressure on development pipelines and open-source ecosystems to grow further in 2026 as AI coding tools increase software output and can introduce unvetted code into workflows.