top of page
Search

Verizon reports a surge in AI-related data breaches, raising concerns of user’s data and privacy

  • Human Rights Research Center
  • 2 hours ago
  • 3 min read

Author: Amy Asubonteng

May 22, 2026


HRRC applauds the transparency of Verizon’s report, and emphasizes the need to confront the cybersecurity threat of AI. As the impact of AI systems on human rights remains to be determined, HRRC raises concerns about the impact of AI-related data breaches, especially pertaining to the right to privacy.


[Image credit: Julio Lopez via Pexels]
[Image credit: Julio Lopez via Pexels]

On May 19, 2026, Verizon published a follow-up on a report initially released on April 28, known as the annual Data Breach Investigations Report (DBIR), showing the impacts of artificial intelligence on the cyber threat sector. 


In both the DBIR and the follow-up briefing, it was found that data breaches that take advantage of software flaws, also known as vulnerability exploitation, had surpassed stolen credentials—the usage of personal login details for hacking purposes—as the top data breach entry point for the first time in 19 years. Vulnerability exploitation-based data breaches had increased by over 20% from the previous year’s report, making up 31% of data breaches.


Verizon suggests that AI is being used to locate and exploit these vulnerabilities and speed up the time it takes to exploit them, even as identifying and solving vulnerabilities had stalled: only 26% of vulnerabilities found in cybersecurity were fixed entirely in 2025, a significant drop from 38% in 2024.


Shadow AI, or the usage of unapproved AI tools in the workforce, plays a critical role in data breaches. In the recent Verizon DBIR, shadow AI is the third most common non-malicious data breach-related activity, increasing from 15% to 45% of all data breach activities from the past year. For example, in 2024 RiverSafe report saw that one in five companies in the UK has had potentially sensitive data exposed through their employees' use of generative AI. 


In response, Verizon’s chief information security officer, Nazrin Rezai, said that AI was necessary to fight against AI breaches. “We need to fight AI with AI. We need to incorporate them into our practices,” she said.


Special concern is raised to data breaches’ access to confidential consumer information, for example, in healthcare and with personalized advertising, raising serious concerns surrounding safety and data privacy. The United Nations asserts that international human rights apply to the cyber world, meaning the right to privacy persists in the digital age. With cyberattacks on the rise, digital privacy must be further protected to keep personal information from misuse or manipulation.


Glossary


  • Artificial intelligence: the capability of computer systems or algorithms to imitate intelligent human behavior 

  • Confidentialintended for or restricted to the use of a particular person, group, or class: private, secret

  • Confront: to face especially in challenge: oppose 

  • Consumer: one that utilizes economic goods 

  • CredentialTo provide (a person, organization, etc.) with proof of identity, a qualification, etc. Also: to serve as a recommendation or qualification for (a person, a person's actions, etc.). 

  • Cyber: of, relating to, or involving computers or computer networks (such as the Internet) 

  • Cyberattacks: an attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm 

  • Cybersecurity: measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack

  • Data breach: An instance or situation in which confidential information about a person or organization is exposed, either accidentally or as the result of a cyber attack, to people who do not have permission to access or use it. 

  • Exploit: to make use of meanly or unfairly for one's own advantage 

  • Generative AI: artificial intelligence that is capable of making new content (such as images or text) in response to a submitted prompt (such as a query) by learning from a large reference database of examples 

  • Manipulation: to control or play upon by artful, unfair, or insidious means, especially to one's own advantage

  • Normative: of, relating to, or determining norms or standards; prescribing norms 

  • Software: something used or associated with and usually contrasted with hardware


Sources


  1. Vulnerability Exploitation Top Breach Entry Point, 2026 Industry-Wide DBIR Finds | Markets Insider 

  2. Verizon DBIR: Vulnerability Exploits Overtake Credentials - Infosecurity Magazine 

  3. 2026 Data Breach Investigations Report (DBIR) | Verizon 

  4. Verizon DBIR: 31% of breaches via vulnerabilities | VZ Stock News 

  5. Verizon Warns of AI-Fueled Social Engineering Surge | Let's Data Science 

  6. Businesses Are Collecting Data. How Are They Using It? 

  7. The Cyber World and Human Rights: Perspectives on International Accountability • Stimson Center 

  8. AI-related data breaches surging, says Verizon report | The Straits Times 

  9. AI-related data breaches surging, Verizon report says | Reuters 

  10. Why cybersecurity is a human rights issue, and it is time to start treating it like one | Association for Progressive Communications 

  11. What Is Digital Privacy and Its Importance? - IEEE Digital Privacy 

​Address:

2000 Duke Street, Suite 300, Alexandria, VA 22314, USA

​​Email us:

info@humanrightsresearch.org

Tax exempt 501(c)(3)

EIN: 87-1306523

© 2026 HRRC

bottom of page