AI-fuelled cyberattacks put Canadian businesses at risk

IBM has published its 2026 X-Force Threat Intelligence Index, warning that criminals' growing use of artificial intelligence is accelerating cyberattacks and increasing risks for Canadian organisations.

The report names North America as the most targeted region globally, accounting for nearly a third of incidents IBM X-Force responded to over the past year. That concentration matters for Canadian businesses that share cloud infrastructure and depend on cross-border supply chains.

Attackers are also changing how they gain access. IBM recorded a 44% rise in attacks that begin by exploiting public-facing applications, a trend it links to missing authentication controls and AI-enabled vulnerability discovery.

Globally, vulnerability exploitation became the leading cause of cyberattacks in 2025. This shift increases pressure on organisations running older technology, facing patching delays, and managing a growing number of software-as-a-service applications.

Identity pressure

Credential theft remains central to cybercrime. In North America, credential harvesting was the most common impact observed by IBM X-Force. Compromised accounts continue to provide a reliable route into corporate networks and cloud services.

The report also highlights increasing attention on AI tools themselves. In 2025, infostealer malware exposed more than 300,000 ChatGPT credentials globally, underscoring the risks of deploying AI services without strong controls for access and data handling.

IBM describes a "perfect storm" for Canadian organisations: legacy technology alongside rapid AI adoption, with AI reducing the time and effort needed to find and exploit weaknesses.

"Canadian organizations are facing a perfect storm: legacy systems, rapid AI adoption, and increasingly automated threats," said Chris Sicard, Security Leader, IBM Canada. "The speed at which attackers can now identify and exploit vulnerabilities means traditional, reactive security models are no longer enough. Organisations across Canada need to modernize authentication, secure their AI adoption, and continuously hunt for vulnerabilities before attackers do."

Sector exposure

The report maps trends by industry and ties them to Canada's economic profile. Manufacturing was the most attacked sector globally in 2025, representing 27.7% of incidents in IBM's dataset. That matters in Canada, where manufacturers operate complex supply chains and large operational footprints that often connect to corporate IT systems.

Finance and insurance accounted for 27% of global attacks in 2025. Financial services firms typically hold high-value personal and transaction data and rely on extensive third-party relationships, expanding potential points of entry.

Globally, attacks on government and public sector organisations were driven by phishing and the use of valid accounts. This pattern often points to gaps in identity and access controls rather than the exploitation of a single software flaw.

AI playbooks

Attackers are using AI to shorten decision cycles, scale phishing, and manipulate digital identities. These tactics can increase attack volume and lower the skill required to carry them out.

The result is a threat environment in which defenders face more frequent attempts against exposed systems and human targets. It also raises the importance of fast detection and response, as criminals can move from reconnaissance to exploitation more quickly.

Security priorities

IBM recommends treating AI platforms as core enterprise infrastructure, protected with conditional access and stronger identity controls.

It also calls for modernised authentication and a broader view of identity as critical infrastructure, along with continuous vulnerability hunting across cloud infrastructure, applications, and networks.

Other measures include mapping external attack-surface exposure, including leaked credentials and organisation-specific internet-facing assets. The report also emphasises patching and configuration hygiene to reduce common attack paths tied to exposed applications and unaddressed vulnerabilities.

IBM expects AI-driven gains in speed and scale to keep shaping attack patterns across North America, with direct implications for Canadian organisations that share infrastructure and operate through connected supply chains.