Core Insights - The Unit 42 2026 Global Incident Response Report highlights that AI, attack surface complexity, and identity weaknesses are primary drivers of cyber breaches, with adversaries leveraging AI to accelerate attack speeds by 4x over the past year [1] Group 1: Attack Trends - Attacks involving third-party SaaS applications have surged 3.8x since 2022, now accounting for 23% of all attacks as threat actors exploit OAuth tokens and API keys for lateral movement [1] - 48% of attacks involve the browser, indicating that routine web sessions are weaponized to harvest credentials and bypass local controls [1] - 65% of initial access is driven by identity-based techniques, such as social engineering and credential misuse, while vulnerabilities account for initial access in 22% of all attacks [1] Group 2: Attack Complexity - 87% of attacks span two or more attack surfaces, blending activities across endpoints, cloud, SaaS platforms, and identity systems, with Unit 42 tracking activity across as many as 10 different fronts simultaneously [1] - The time from initial access to data exfiltration has plummeted to just 72 minutes in the fastest attacks, representing a 4x increase in speed over the past year [1] Group 3: Recommendations for Defense - To counter the increasing complexity of attacks, organizations are advised to adopt a unified platform approach that eliminates implicit trust and continuously verifies every interaction [1] - It is recommended to use secure browser technology and active exposure management to protect the modern workspace and unmanaged devices [1] - Centralizing the management of human, machine, and agentic identities is crucial to close governance gaps and stop credential-based exploits [1]