Here’s What the Verizon DBIR Tells Us, and How RAD Security Can Help

Evolving Threats Require Faster, Smarter Response

The latest Verizon Data Breach Investigations Report paints a sobering picture for defenders. Ransomware is surging, edge devices are getting hammered, and attackers are bypassing MFA using increasingly clever social engineering techniques. More than half of all breaches start with human error, and the rise of unsanctioned GenAI usage is creating a new class of threats most organizations are unprepared for.

RAD Security is uniquely positioned to help security teams respond to these evolving risks. By combining real-time detection, behavioral analysis, and agentic automation, RAD enables teams to move faster, focus on what matters, and cut through the noise.

Initial Access and Infostealer Trends

One of the most important sections in this year’s DBIR is the breakdown of how attackers are getting in. Stolen credentials were responsible for 22 percent of initial access incidents, followed closely by vulnerability exploitation and phishing. The report also highlights a major increase in the use of infostealers to harvest secrets from public repos and developer environments. RAD tackles these issues head-on. Our Cloud-Aware Detection and Response (CADR) platform identifies compromised secrets across code, runtime, and cloud systems, and can automatically revoke or rotate them. Combined with our agentic SOAR, teams can respond immediately to signs of credential abuse or infostealer behavior without waiting on manual triage.

Ransomware and Lateral Movement Detection

The report also flags a major jump in ransomware, now present in 44 percent of breaches. Small organizations are hit hardest, but even large enterprises are not immune. At the same time, espionage-related incidents are rising, with sophisticated actors targeting vulnerable edge services. RAD addresses both problems by analyzing workload behavior in real time, detecting early signs of lateral movement and ransomware staging. We do not just stop at detection. Our automation engine can initiate preemptive containment steps, like isolating risky assets or flagging suspicious identity activity, all with minimal human intervention.

The Growing Impact of Human Error and Shadow AI

Another clear trend in the DBIR is the growing role of the human element in security failures. Sixty percent of breaches involve some form of user error, misconfiguration, or misuse. Shadow AI usage is a particularly timely concern. Fifteen percent of employees are using GenAI tools like ChatGPT from corporate devices, often in insecure or unsanctioned ways. RADBot detects and governs AI activity in real time. It flags when sensitive data flows through external LLMs and helps enforce policy without disrupting innovation. Combined with CADR, we can surface risky patterns like unsanctioned AI model use or prompt injection threats, so security teams stay ahead of emerging attack vectors.