Webinar Description
Key Takeaways
- Vulnerability exploitation has overtaken credential theft as the leading cause of data breaches according to the 2026 Verizon Data Breach Investigations Report
- Authors from both the Verizon DBIR and Veracode’s State of Software Security report present their findings together
- Discussion covers AI-driven attack techniques and AI-guided remediation strategies for defenders
- Focus on actionable metrics including time-to-remediation, exploitability exposure and security debt accumulation
- Designed for CISOs, application security professionals, threat intelligence analysts and security leaders across enterprise sectors
Introduction
A significant shift in the threat landscape has emerged in 2026, with vulnerability exploitation now representing the primary vector through which attackers breach organisational defences. This webinar brings together the authors of two influential industry reports—the Verizon Data Breach Investigations Report and Veracode’s State of Software Security—to examine what this change means for security programmes and how organisations can adapt their remediation strategies accordingly. The session is aimed at application security professionals, CISOs and security leaders seeking data-driven approaches to vulnerability management in an environment where attackers are increasingly leveraging artificial intelligence to scale their operations.
About This Event
This virtual webinar offers a collaborative analysis from researchers behind two of the most widely referenced publications in cybersecurity. The Verizon DBIR has served as a benchmark for understanding breach patterns for nearly two decades, while Veracode’s annual software security research provides complementary insights into application-layer vulnerabilities and remediation trends. By presenting these perspectives together, the session aims to provide attendees with a comprehensive view of how exploitation patterns are evolving and what defensive measures are proving effective.
The format is a live webinar with a recording made available for those unable to attend the live session. This approach allows security teams across different time zones and with varying schedules to access the material at their convenience.
The Rise of Vulnerability Exploitation as the Primary Breach Vector
For years, credential theft dominated breach statistics. Phishing campaigns, password reuse and inadequate authentication controls provided attackers with reliable entry points into corporate environments. The 2026 Verizon DBIR marks a turning point: vulnerability exploitation has now surpassed credential-based attacks as the most common method by which breaches occur.
This shift reflects several converging factors. The attack surface has expanded considerably as organisations adopt cloud-native architectures, deploy containerised workloads and integrate third-party components into their software supply chains. Each additional dependency introduces potential vulnerabilities that must be tracked, assessed and remediated. Meanwhile, the window between vulnerability disclosure and active exploitation has compressed dramatically. Attackers monitor the same vulnerability databases and security advisories that defenders use, and they have become adept at weaponising newly disclosed flaws before patches can be widely deployed.
The CISA Known Exploited Vulnerabilities catalogue has become an essential reference for prioritisation, cataloguing flaws that are confirmed to be under active exploitation in the wild. However, the sheer volume of vulnerabilities disclosed each year—combined with limited remediation resources—means that organisations must make difficult decisions about which issues to address first.
Security Debt and the Remediation Challenge
One of the central themes explored in this webinar is the concept of security debt: the accumulated backlog of known vulnerabilities that remain unresolved within an organisation’s software portfolio. Much like technical debt in software development, security debt compounds over time. Older vulnerabilities that were deprioritised in favour of more urgent issues do not disappear; they persist in codebases and infrastructure, creating latent risk that attackers can exploit.
The challenge is not simply identifying vulnerabilities—modern scanning tools generate extensive findings. The difficulty lies in translating those findings into timely remediation. Development teams face competing priorities, and security fixes must often be balanced against feature delivery, performance improvements and other business objectives. Without clear prioritisation frameworks, organisations risk addressing lower-severity issues while critical exploitable flaws remain open.
The webinar examines metrics that can help security leaders measure and communicate remediation effectiveness. Time-to-remediation captures how quickly teams resolve identified issues. Exploitability exposure assesses the proportion of the vulnerability backlog that represents genuine risk based on factors such as network accessibility, exploit availability and asset criticality. Security debt accumulation tracks whether the organisation is reducing its backlog over time or falling further behind.
Artificial Intelligence in Attack and Defence
The role of artificial intelligence in cybersecurity has evolved from theoretical discussion to operational reality. Attackers are using AI to automate reconnaissance, generate convincing phishing content and identify exploitable patterns across large datasets. These capabilities allow threat actors to operate at scale, probing more targets and iterating on attack techniques more rapidly than manual methods would permit.
Defenders, however, are not without their own AI-assisted tools. The webinar explores how AI-guided remediation can help close the gap between vulnerability discovery and resolution. These systems can analyse vulnerability characteristics, correlate them with threat intelligence and recommend prioritisation based on actual exploitability rather than raw severity scores alone. Some platforms can suggest or even generate remediation code, reducing the burden on development teams and accelerating fix rates.
The discussion acknowledges that AI is not a panacea. Automated recommendations require human oversight, and the effectiveness of AI-guided tools depends heavily on the quality of underlying data and the context in which they are deployed. Nevertheless, as attackers adopt AI to scale their operations, defenders who fail to leverage similar capabilities may find themselves at a structural disadvantage.
Who Should Attend
The webinar is designed for professionals responsible for application security strategy and operations. This includes CISOs and security leaders who must allocate resources and communicate risk to executive stakeholders, as well as application security engineers and architects who implement vulnerability management programmes. Threat intelligence analysts will find value in the discussion of exploitation trends, while developers involved in secure coding practices can gain insight into how their remediation efforts contribute to broader organisational security posture.
Industries with significant regulatory obligations—such as financial services, healthcare, government and energy—face particular pressure to demonstrate effective vulnerability management. The metrics and prioritisation frameworks discussed in this session are directly applicable to compliance reporting and risk management activities in these sectors.
Translating Data into Defensive Action
The central premise of this webinar is that data alone is insufficient; what matters is how organisations respond to it. The Verizon DBIR and Veracode research provide empirical evidence of how breaches occur and where defensive efforts are succeeding or failing. The session aims to help attendees interpret this data in the context of their own environments and translate findings into concrete improvements to their security programmes.
For security leaders, this means understanding which metrics to track, how to benchmark performance against industry data and how to make the case for remediation investments. For practitioners, it means adopting prioritisation approaches that focus effort where it will have the greatest impact on reducing exploitability exposure. The shift to vulnerability exploitation as the leading breach vector is not merely a statistical curiosity—it represents a fundamental change in how organisations must approach defensive security.

