AI and Automation Transforming Cyber Threats and Defenses
Cybercriminals are increasingly leveraging automation and generative AI to amplify traditional fraud and attack techniques, enabling them to scale operations and evade detection with unprecedented speed. Phishing, credential theft, and document forgery are being supercharged by machine-driven campaigns, while organizations struggle to keep pace as bots and AI-powered tools probe for vulnerabilities across digital ecosystems. The rise of AI has also lowered the barrier to entry for attackers, allowing even those with limited technical skills to orchestrate sophisticated attacks, including large-scale DDoS campaigns and polymorphic malware that can evade signature-based defenses.
Security leaders are responding by rethinking their strategies for 2026, focusing on adaptive, real-time defenses that integrate behavioral, document, and biometric signals. The convergence of cloud security and SOC operations is accelerating as cloud-native alerts become a primary driver of incident response, and the economic pressures of SaaS adoption and third-party risk reshape security priorities. While some vendor claims about AI-driven malware are exaggerated, there is consensus that AI is fundamentally changing both the threat landscape and the tools available to defenders, requiring a shift from static rules to dynamic, orchestrated security measures.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Akamai reports 2025 surge in AI-, API-, and DDoS-driven attacks
Akamai's 2025 year-in-review says AI lowered the barrier for threat actors, while multi-terabit DDoS attacks, API-targeted breaches, RaaS activity, and Mirai-related IoT exploitation all increased during the year. The report urges organizations to strengthen resilience, incident response, and preparation for 2026 regulatory and post-quantum security demands.
Security leaders forecast 2026 shifts in budgets, SOC operations, and cloud security
December 2025 industry outlooks predict security spending will move toward efficiency and headcount, SOC functions will be reshaped by AI and MDR, and cloud security and SOC workflows will increasingly converge as cloud-native alerts dominate enterprise detection. These forecasts also highlight growing pressure from SaaS sprawl, third-party risk, and the need to express cyber risk in business terms.
AI-assisted malware seen as accelerating attacks rather than creating autonomous threats
Across the referenced December 2025 analyses, experts describe attackers using LLMs to speed malware development, social engineering, and fraud at greater scale, while rejecting claims that truly autonomous self-rewriting AI malware is a major real-world threat. The consensus is that the main impact is lower barriers to entry and faster attack execution, not fundamentally new malware behavior.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Adapt or be deceived: The shape-shifting nature of fraud
cio.com
Open sourceWhat's Next in Cyber Economics: 2026 Security Strategies from Industry Leaders
securitysenses.com
Open sourceThe Year in Review 2025: AI, APIs, and a Whole Lot of Audacity
akamai.com
Open sourceThe Convergence of Cloud Security and the SOC Into 2026
softwareanalyst.substack.com
Open sourceCybersecurity predictions for 2025
franklyspeaking.substack.com
Open sourcePolymorphic AI malware exists — but it’s not what you think
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Cyber Threats and the Evolution of Fraud and Defense Tactics
Cybercriminals are increasingly leveraging artificial intelligence, automation, and stolen credentials to conduct large-scale, sophisticated attacks across multiple sectors. The 2025 holiday season is seeing a surge in fraud campaigns that begin earlier than ever, with attackers using AI to mimic legitimate consumer behavior, automate credential stuffing, and bypass traditional detection systems. Underground marketplaces now efficiently trade automation kits and malicious configurations, making fraud a continuous, data-driven threat rather than one limited to peak shopping periods. Security experts warn that organizations relying solely on heightened monitoring during traditional high-risk windows are at greater risk, as adversaries pre-position and refine their attack infrastructure well in advance. To counter these evolving threats, cybersecurity leaders emphasize the need for predictive and adaptive defense systems powered by AI. Rather than relying on reactive measures, organizations are urged to operationalize threat intelligence by integrating machine learning, behavioral analytics, and automation into their security operations. This approach enables real-time detection, contextual analysis, and rapid response, bridging the gap between intelligence collection and incident containment. However, experts caution that AI must be paired with human oversight and strong governance to ensure trust, transparency, and effective decision-making in the face of increasingly polymorphic and evasive attacks.
Mar 21, 2026
AI-Driven Evolution of Cybersecurity Threats and Defenses
The rapid integration of artificial intelligence into both cyberattack and defense strategies has fundamentally altered the cybersecurity landscape in 2025. Security leaders and experts highlight that attackers are leveraging AI to automate vulnerability exploitation, craft more convincing phishing campaigns, and accelerate reconnaissance, resulting in a drastically reduced window between vulnerability disclosure and exploitation. Defenders, in turn, are increasingly relying on AI to process massive volumes of attack data, prioritize threats, and automate incident response, but must also contend with new risks such as data leakage from large language models and the expanded attack surface created by enterprise AI adoption. Industry reflections emphasize that the arms race between cybercriminals and defenders is intensifying, with AI-driven deception and deepfakes posing immediate threats to enterprise trust and decision-making. The shift from a prevention-focused approach to one centered on resilience is driven by the recognition that attacks—especially those targeting critical infrastructure—are inevitable and often exploit human factors. Experts stress the need for organizations to adapt tabletop exercises and incident response plans to account for the speed and sophistication of AI-enabled threats, while also addressing the limitations of cyber deterrence in an era of escalating geopolitical tensions.
Mar 21, 2026
AI-Driven Cybersecurity Risks and Strategies for Enterprise Defense
Artificial intelligence is rapidly transforming both the threat landscape and defensive strategies in cybersecurity, prompting CISOs and security leaders to rethink their approaches. A global study by Gigamon found that 86% of CISOs now view metadata and packet-level data as essential for detecting threats in complex hybrid cloud environments, but 97% admit to making trade-offs that leave visibility gaps. The rise of AI-driven attacks is fueling demand for real-time visibility and observability tools, with 75% of CISOs regarding public cloud as their highest security risk and 73% considering moving workloads back to private clouds. Security teams are investing heavily in AI-specific security tools, with 73% of companies spending over $1 million annually, yet 70% cite the rapid pace of AI development as their top concern. Recent high-profile breaches, such as those at LexisNexis Risk Solutions and McLaren Health Care, illustrate the increasing scale and sophistication of attacks, often amplified by AI. AI is accelerating the reconnaissance phase of attacks, enabling adversaries to map environments and identify vulnerabilities with unprecedented speed and precision, though human direction remains necessary for effective exploitation. The proliferation of AI-generated code, including through practices like 'vibe coding,' introduces new risks as less experienced developers may overlook security fundamentals, leading to insecure applications. Agentic AI systems, which act autonomously or on behalf of users, present urgent challenges in authentication, authorization, and identity management, with experts calling for scalable frameworks and robust credentials to prevent security lapses. CISOs are urged to build security into the design phase of software development, leveraging platform-native controls and enforcing policies like Row Level Security to minimize risk. The integration of AI into security operations is seen as both an opportunity and a challenge, requiring adaptive access solutions, post-quantum cryptography, and continuous monitoring. As AI reshapes digital transformation, organizations must balance the benefits of rapid innovation with the imperative to secure their environments against increasingly sophisticated, AI-powered threats. The consensus among experts is that security must evolve in tandem with AI capabilities, emphasizing proactive risk management, cryptographic agility, and a culture of security awareness across all levels of the organization.
Mar 21, 2026