Cyberattacks are no longer slow, stealthy operations that take weeks to unfold. According to the latest findings from Palo Alto Networks, today’s attackers are moving at machine speed and using AI to do it.
The newly released Unit 42 2026 Global Incident Response Report reveals that artificial intelligence, identity vulnerabilities, and growing enterprise complexity are now at the center of most major breaches. Based on analysis of more than 750 high-impact incidents, the research shows that attackers are accelerating operations at an alarming rate, reshaping the cybersecurity landscape for businesses worldwide.
AI Is Supercharging Attack Speeds
One of the most striking findings from the Unit 42 report is how dramatically attack timelines have shrunk. In the fastest cases, the time from initial access to data exfiltration dropped to just 72 minutes. That represents a fourfold increase in speed compared to the previous year.
Threat actors are increasingly integrating AI and automation throughout the attack lifecycle. From reconnaissance to credential harvesting and lateral movement, automation allows adversaries to execute campaigns with precision and efficiency that traditional defenses struggle to match.
Identity Weaknesses Remain the Biggest Entry Point
Identity is now the primary gateway for attackers. The report found that 65 percent of initial access incidents were driven by identity-based techniques such as social engineering and credential misuse. In total, identity weaknesses were exploited in 89 percent of investigations.
Sam Rubin, SVP of Unit 42 Consulting and Threat Intelligence at Palo Alto Networks, emphasized that enterprise complexity is giving adversaries a clear advantage. He explained that attackers are increasingly targeting credentials and even deploying autonomous AI agents capable of bridging human and machine identities to act independently. To counter this, organizations need to simplify their environments and adopt unified security platforms that remove implicit trust.
Multi-Surface Attacks Are the New Normal
The traditional idea of defending a single perimeter no longer applies. According to the report, 87 percent of attacks spanned at least two attack surfaces. These included endpoints, cloud environments, SaaS platforms, and identity systems. In some cases, Unit 42 observed activity across as many as ten separate fronts at the same time.
The browser has also emerged as a major battleground. Nearly half of all attacks involved browser-based activity, with threat actors weaponizing routine web sessions to harvest credentials and bypass local security controls.
Meanwhile, SaaS supply chain attacks are rapidly increasing. Incidents involving third-party SaaS applications have surged 3.8 times since 2022 and now account for 23 percent of all attacks. Attackers are abusing OAuth tokens and API keys to move laterally across environments.
Complexity and Misconfigurations Drive 90% of Breaches
Perhaps the most sobering takeaway is that 90 percent of data breaches were linked to misconfigurations or preventable security gaps. Poor visibility, excessive trust, and fragmented systems continue to create opportunities for attackers to exploit.
To address the shrinking attack lifecycle, the report recommends moving beyond traditional perimeter-based defenses. Instead, organizations are urged to adopt a unified platform approach that leverages AI and automation for real-time detection, embeds security into development pipelines, centralizes identity management, strengthens browser security, and embraces zero trust principles to eliminate implicit trust.
For enterprises in the Philippines and across the globe, this report is a wake-up call. AI is not just transforming productivity and innovation. It is also transforming cybercrime.
If your organization relies heavily on cloud platforms, SaaS tools, and digital identities, now is the time to reassess your cybersecurity strategy. Simplifying systems, strengthening identity governance, and adopting zero trust are no longer optional. They are essential for survival in an era of AI-powered attacks.
You can download the full 2026 Unit 42 Global Incident Response Report and Executive Resource Kit from Palo Alto Networks’ official website to explore the complete findings and recommendations.