AI-Driven Cybersecurity Threats and Defenses in 2026
Artificial intelligence is rapidly transforming the cybersecurity landscape, with both attackers and defenders leveraging AI to gain an edge. According to Google's Cybersecurity Forecast 2026, AI is now central to cybercrime, enabling adversaries to automate phishing, clone voices for social engineering, and launch sophisticated prompt injection attacks against large language models (LLMs). The rise of AI agents—autonomous systems acting on behalf of users—introduces new identity and access management challenges, as traditional security controls designed for humans are no longer sufficient. Security operations are also evolving, with analysts increasingly relying on AI tools for faster incident response, though this shift brings new oversight and risk management concerns. The criminal underground is developing unrestricted AI models, further lowering the barrier for less advanced threat actors.
The proliferation of AI-generated code and agentic workflows is reshaping software development and supply chain security, as highlighted by Endor Labs' 2025 State of Dependency Management and industry commentary. Studies show that a significant portion of AI-generated code is vulnerable, raising concerns about the security of modern applications. The Model Context Protocol (MCP) is emerging as a standard for enabling AI agents to interact with external tools, but introduces new attack surfaces that require a "Triple Gate Pattern" of defense across the AI, MCP, and API layers. Despite these risks, recent analyses reveal that startups and enterprises are prioritizing productivity and automation over security in their AI investments, often adopting a "build first, secure later" mentality. As AI becomes ubiquitous in both offensive and defensive cyber operations, organizations must adapt their security architectures and practices to address these evolving threats and opportunities.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Google publishes Cybersecurity Forecast 2026 on AI-driven threats
Google released its Cybersecurity Forecast 2026, warning that AI will significantly accelerate cybercrime and reshape both attacker and defender operations. The report highlighted risks including AI-enabled phishing, voice cloning, prompt injection, ransomware, supply-chain attacks, and growing nation-state activity.
a16z and Mercury data report highlights lack of explicit AI security tool spending
A spending report based on Mercury fintech platform data and published by Andreessen Horowitz found that startups were primarily buying AI tools for productivity, development, automation, and content generation, with no explicit security tools in the top 50. Commentary in the report coverage said this reflects either a build-first-secure-later mindset or the embedding of security features into broader SaaS and AI platforms.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Google says 2026 will be the year AI supercharges cybercrime
helpnetsecurity.com
Open sourceSoftware Dependency Dilemma's in the AI Era
resilientcyber.io
Open sourceAI App Spending Report: Where Are the Security Tools?
darkreading.com
Open sourceTransforming Frontline Workflows with Passwordless Access, AI costs, and the News – Joel Burleson-Davis – ESW #431
scworld.com
Open sourceDefense in Depth for AI: The MCP Security Architecture You’re Missing
securityboulevard.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Threats and Security Challenges in 2026
The rapid adoption of AI agents and large language models (LLMs) by software developers is transforming the software development pipeline, increasing productivity but also introducing significant security risks. As organizations integrate AI tools for code generation, debugging, and architectural design, the quality and security of code have become inconsistent, with vulnerabilities in legacy code often being propagated. Experts warn that while AI can enhance bug detection and triage, the sheer volume and complexity of AI-generated code may outpace human oversight, making it easier for insecure code to reach production. Additionally, the use of AI in privileged access management is expected to shift from passive monitoring to proactive, autonomous governance, with machine learning models enforcing real-time policies and detecting anomalous behavior to prevent insider threats and account takeovers. The evolving threat landscape is further complicated by attackers leveraging AI-powered tools and deepfakes to conduct sophisticated scams and social engineering campaigns. For example, the Nomani investment scam has surged by 62%, using AI-generated video testimonials and deepfake ads on social media to deceive victims. Security researchers also highlight the abuse of legitimate open-source tools and the use of synthetic data in cyber deception, as well as the need for organizations to address the growing trust gap in AI technologies. As AI becomes more deeply embedded in both offensive and defensive cybersecurity operations, organizations must prioritize secure development practices, adaptive authentication, and continuous monitoring to mitigate emerging risks.
Mar 21, 2026
AI-Driven Threats and Security Operations in 2025
The cybersecurity landscape in 2025 saw a significant evolution in both the use and abuse of artificial intelligence. Threat actors increasingly leveraged AI-powered tools, such as uncensored darknet assistants like DIG AI, to automate and scale malicious activities, including cybercrime, extremism, and privacy violations. Security researchers observed a surge in the adoption of "dark LLMs" and jailbroken AI chatbots, which lowered the barrier for cybercriminals and enabled more sophisticated attacks. At the same time, defenders began integrating generative AI and agentic systems into security operations centers (SOCs), with AI agents handling alert triage and detection tasks, but also introducing new risks related to trust, explainability, and operational complexity. Security leaders and experts highlighted the need for transparency, traceability, and risk-based prioritization in AI-powered SOC platforms, as well as the importance of addressing alert fatigue and ensuring that AI outputs are auditable. Looking ahead to 2026, the security of AI models and the potential for agentic AI to introduce insider risks are expected to become key challenges. The rapid adoption of AI in both offensive and defensive cyber operations underscores the urgency for organizations to adapt their security strategies, focusing on the unique risks and opportunities presented by AI technologies.
Mar 21, 2026
AI-Driven Evolution of Cybersecurity Threats and Defenses
The rapid integration of artificial intelligence into both cyberattack and defense strategies has fundamentally altered the cybersecurity landscape in 2025. Security leaders and experts highlight that attackers are leveraging AI to automate vulnerability exploitation, craft more convincing phishing campaigns, and accelerate reconnaissance, resulting in a drastically reduced window between vulnerability disclosure and exploitation. Defenders, in turn, are increasingly relying on AI to process massive volumes of attack data, prioritize threats, and automate incident response, but must also contend with new risks such as data leakage from large language models and the expanded attack surface created by enterprise AI adoption. Industry reflections emphasize that the arms race between cybercriminals and defenders is intensifying, with AI-driven deception and deepfakes posing immediate threats to enterprise trust and decision-making. The shift from a prevention-focused approach to one centered on resilience is driven by the recognition that attacks—especially those targeting critical infrastructure—are inevitable and often exploit human factors. Experts stress the need for organizations to adapt tabletop exercises and incident response plans to account for the speed and sophistication of AI-enabled threats, while also addressing the limitations of cyber deterrence in an era of escalating geopolitical tensions.
Mar 21, 2026