The hackers aren’t necessarily getting smarter. The attack surface is just getting bigger.
That’s the central finding from a new report by cloud security firm Wiz, which analyzed breach data from 2025 and landed on a conclusion that security professionals will find either reassuring or deeply frustrating depending on the day: eight out of ten cloud breaches last year came down to basic, preventable mistakes. Misconfigurations, exposed credentials, and overlooked vulnerabilities accounted for the bulk of incidents, not sophisticated zero-day exploits or novel intrusion techniques.
What has changed, according to Wiz, is the environment where those old mistakes are now showing up. AI adoption is the main driver. With more than 85% of organizations now running some form of AI in their operations, security teams are managing a dramatically larger and more interconnected set of systems. Many of those systems sit adjacent to sensitive data, privileged identities, and high-value compute resources. A misconfiguration that might have been a minor headache in a simpler environment can carry far heavier consequences when it exists inside an AI pipeline.
The report also adds nuance to a conversation the industry has been having for months about hackers using AI as a weapon. Wiz confirms that yes, threat actors are incorporating AI tools into their operations, using them to speed up reconnaissance, automate repetitive attack steps, and craft more convincing phishing attempts. Researchers observed adversaries using AI to reverse engineer malware and dissect threat intelligence reports. Some even abused AI-based command-line tools to probe environments after gaining initial access.
But the key detail is that AI hasn’t replaced the fundamentals of how attacks work. Threat actors are still relying on the same entry points they always have. The technology is just letting them move through those entry points faster and at greater scale.
Wiz‘s guidance for defenders reflects the same underlying logic. The priority should be knowing which assets are externally visible, catching reconnaissance activity before it progresses, and maintaining clear visibility into trusted relationships across development pipelines, third-party integrations, and identity systems.
The threat landscape isn’t unrecognizable. It’s familiar, stretched thinner, and running faster. For security teams, that distinction matters a great deal.
