Shadow AI, double extortion, deepfakes, phishing-wishing and more: Cyber Forecasts 2026

Mass and targeted attacks: boundaries are blurred

Traditionally, mass attacks were based on extensive distribution of malware or phishing emails, while targeted attacks required significant resources, reconnaissance, and development "for a specific victim." The automation of malicious tools, availability of AI models, and commercialization of criminal infrastructure have made the line between mass and targeted cyberattacks less distinguishable. Previously, we noted that in the mass campaigns of 2025, advanced code obfuscation techniques, automated malicious file creation, and botnets with dynamic logic, typically characteristic of targeted attacks, are increasingly being used. This trend we have observed in phishing: mass attacks are becoming more prepared, higher quality, and more plausible. It is noteworthy that the main targets in both cases are government institutions, industry, and IT companies.

Forecast

In 2026, this trend will only intensify, and the division into mass and targeted attacks will lose practical significance. As a result, protection systems based on detecting attacks through simple and static features and signatures will become ineffective.

Trust as an Attack Vector

By 2025, supply chain attacks and trusted relationship exploitation had taken a significant place in the global landscape of cyber threats. Against the backdrop of increasing complexity of digital infrastructure, expansion of contractor ecosystems, and heightened interdependence among organizations, trust has become a risk factor.

Modern software resembles a complex constructor, assembled from numerous components: libraries, modules, and third-party services. Developers increasingly write less code from scratch — they integrate ready-made frameworks and use open-source products. All of this creates risks associated with supply chain attacks; in such an attack, an attacker embeds a malicious component into the software, which will subsequently be downloaded by the victim. According to Cyble, in October 2025, the number of attacks on software supply chains reached a new peak, exceeding the previous record set in April by more than 30%.

No less dangerous are attacks through trust relationships. Attackers use legitimate connections between organizations (for example, between a company and its contractor, supplier, or external service provider) as an entry point into the target's infrastructure.

According to our data over six months, this vector of penetration was used in 28% of cyberattacks (an increase of 15% compared to the previous period).

Instead of directly hacking a secure company, criminals use a "backdoor" — they hack a partner, contractor, or supplier, and then, taking advantage of their access, penetrate into the network of the ultimate target.

Forecast

In 2026, supply chain attacks and those through trust relationships will firmly establish themselves as one of the key paths for infiltration into corporate networks. Instead of storming the well-protected "facade" of a company, attackers will target it through weak links in the ecosystem.

Supply chain attacks will become more targeted. For example, criminals will intentionally hack popular open-source libraries used in specific industries.

Read also:

• How we revived DPED: An AI project to enhance mobile photos to DSLR-quality images

Attacks through trust relationships will allow attackers to paralyze the operations of an entire industry. They will target organizations that serve multiple clients at once: one successful hack will grant access to dozens of networks.

AI — a source of risks

People are increasingly using artificial intelligence at work.

According to Netskope, there was a fifty percent increase in the use of genAI platforms among end users in organizations during the first three months of 2025, with more than half of the use cases involving shadow AI. This means that employees are using artificial intelligence tools and applications without official approval or oversight from IT departments.

What risks does the practice of working with shadow AI pose to organizations? First and foremost — the leakage of confidential information. Employees may inadvertently enter personal or commercial data into public AI services, which can subsequently be used for training models and become accessible to third parties.

It seems that a complete ban on employees using shadow AI could be a solution to the problem. However, in practice, this approach may prove difficult to implement for several reasons:

• Employees find workarounds when they believe that AI will help improve productivity.

• The number of AI tools is growing every day, and blocking each one is a labor-intensive process.

• Staff may use personal devices and networks, which can become alternative access points.

• Instead of completely banning employees from using AI, it's worth significantly reducing the risks:
  

  • Develop policies regarding AI. Define approved tools and rules for their use.

  • Offer secure alternatives.

  • Prioritize employee training: many AI-related risks arise from ignorance rather than malicious intent.

  • Implement technical control measures.

With the introduction of AI in organizations, security risks also increase. According to a study by the World Economic Forum, 63% of companies do not assess the security of artificial intelligence tools before their implementation, which creates a number of risks for their operations. Meanwhile, according to Cisco, 86% of companies have encountered security incidents related to AI in the past 12 months.

Serious risks are posed by vulnerabilities at the model level, which have been thoroughly described by OWASP. Attacks on AI models are often discussed by our colleagues in their articles and research: memory poisoning, input data manipulation, reverse engineering, or denial of service can lead to leaks of confidential data, the spread of misinformation, significant financial losses, or even risks to human life and health.

! Important! The implementation of AI should not be viewed solely as a tool for increasing efficiency. This is a field that requires special attention to security issues, without which artificial intelligence technologies can become sources of serious threats.

Products created using neural networks also carry security risks. For example, AI is often used for writing code: according to a survey, 97% of surveyed developers reported that they had used AI in some capacity for their work. In a study conducted by Veracode, it was found that 45% of the code (almost half!) generated by AI contains security vulnerabilities.

Forecast

Shadow AI will become one of the key sources of corporate risks in the coming years. As employees increasingly use third-party AI tools, companies will more frequently encounter data leaks, particularly leaks of trade secrets. Organizations that build a management and training system for their personnel will be able to minimize the risks associated with shadow AI.

The expanding adoption of AI inevitably generates risks, increasing the number of points of contact between corporate infrastructure and automated systems. The deeper AI is integrated into business processes, the more serious the impact of model errors, data leaks, or manipulations by malicious actors becomes. Integration with corporate systems without proper attention to security creates new vectors for penetrating the company's infrastructure.

At the same time, small and medium-sized enterprises may find themselves at maximum risk in the new landscape of AI threats. In an effort to cut costs, automate routine processes, and increase competitiveness, they will increasingly resort to using AI-based solutions. However, unlike large corporations that have the resources to establish a high level of protection and hire qualified cybersecurity specialists, small and medium-sized businesses implement AI solutions without proper analysis of the associated risks. Moreover, employees in such organizations often inadvertently violate security policies: they are not always trained in the safe use of AI tools.

Read also:

• How we revived DPED: An AI project to enhance mobile photos to DSLR-quality images

In the long term, small and medium-sized businesses risk finding themselves trapped: on one hand, without AI tools, they will not be able to build workflows effectively; on the other hand, using AI without appropriate protective measures will expose them to constant threats. This could lead to a wave of bankruptcies: companies will either face exorbitant costs for mitigating the consequences of AI-related incidents or will not survive them at all.

The widespread use of vibe coding will result in a large amount of functional but insecure code. This will lead to an increase in vulnerabilities in applications, data leaks containing keys, passwords, internal logic, and architecture, among other types of damage.

Double Extortion

In 2025, the situation with extortionists became more complex and unstable. In successful attacks on organizations, we note an increase in the share of ransomware usage, and a significant portion of these cases is indeed related to extortion. This trend is reflected in financial forecasts: Cybersecurity Ventures expects that by 2031, victims of extortionists will lose about $275 billion annually, with a new attack occurring every 2 seconds. It is worth noting that losses from ransomware attacks are influenced not only by ransom payments. Other budget-impacting factors include recovery costs, downtime, lost profits, and reputational damage.

1. No guarantee of data recovery
   
   The decryption key may not be sent. Even if it is sent, it may not work. Additionally, the data may be irreversibly damaged.

2. No guarantee that data will not be published or sold to third parties
   
   This applies even in cases where the data was not encrypted, but the attackers demanded money for non-disclosure.

3. You become a target for repeat attacks
   
   By paying, you become a financially viable victim in the eyes of cybercriminals, and the risk of repeat attacks increases.

4. You are funding criminal activity
   
   The willingness of organizations to pay only encourages cybercriminals to develop and carry out new attacks. With the proceeds, criminals enhance their malicious arsenal — thus, you contribute to the complexity and increase in the number of cyberattacks.

   Instead, it is better to invest funds in strengthening your own IT infrastructure. These investments will create long-term protection against future attacks, and in the event of an attack, help avoid unacceptable incidents and restore system functionality quickly.

Today, we are witnessing cases not only of triple extortion but also of quadruple extortion. However, the prevailing tactic remains double extortion — reports indicate that in 87% of ransomware incidents, attackers first extract data.

An interesting deviation from standard ransomware is the tactic employed by the SecP0 group, which demands ransom not for encrypted data but for undisclosed software vulnerabilities.

Pressure on the victim is one of the most important practices for extortionists, into which they invest significant resources. Recently, the same Qilin offers legal consultations to their partners so they can exert more pressure on victims and force them to pay. Operators of the Anubis ransomware increase the level of panic by adding wiper functionality — this forces victims to pay faster rather than delaying or ignoring the demands.

There are incidents where extortionists report attacks that never occurred. These cases were noted in the outcomes of incident investigation projects from Q4 2024 to Q3 2025. This was mentioned by experts from Unit42: in March 2025, attackers sent letters to company executives threatening to publish confidential data. The authors of these letters posed as a well-known extortion group. However, the recipients had no other proof of a breach. Cybercriminals may also threaten data leaks from previous extortion campaigns.

Forecast

Double extortion will remain prevalent, with the emphasis primarily on stealing confidential data. This is due to organizations increasingly unwilling to pay ransoms. According to Coware, the "ransom" across all impact scenarios — encryption, data theft, and other forms of extortion — has fallen to a historic low of 23% in Q3 2025. However, stolen data still holds value in the underground market, so even if an organization does not pay the ransom, criminals have a chance to profit. According to our estimates, just under half (45%) of leaked data in the second half of 2024 was sold for prices ranging from $1,000 to $50,000 and above. The price for information varies depending on its type and importance. In this regard, criminals will embed themselves in the victim's infrastructure until they obtain valuable data in the required volume.

However, some victims are still willing to pay — this motivates criminals using ransomware to demand more money. An example can be seen in the attacks by the Bearlyfy group: while the ransoms in the early campaigns were only a few thousand dollars, in the latest known attack, the criminals demanded 80,000 euros.

To achieve ransom payments, criminals will use increasingly aggressive pressure tactics. For example, they may refrain from encrypting some data, focusing instead on its complete destruction. Additionally, criminals will leverage the legislation of the victim's country for extra pressure through fines imposed by regulatory authorities. For instance, increased fines in Russia for violations in the processing and protection of personal data could be used for blackmail: criminals could threaten to disclose the violation or publish data, promising that if the ransom is not paid, they will report the violation to Roskomnadzor.

In 2026, criminal groups will target less protected suppliers and contractors to extort money from large companies. This will save effort and yield payments from solvent victims.

AI at the Service of Attackers: Not Just Vibe Coding

When discussing the application of artificial intelligence in cyberattacks, it is important to pay attention to its role in malicious software.

Firstly, LLM is used to create and enhance malware, as we discussed in our research. For example, the ransomware group FunkSec has likely used AI to create its toolkit, including an encryptor. However, as noted by researchers, the AI-generated malware is immature, and attackers often have to manually refine the results. More often, LLM is used as an assistant for cybercriminals – for generating individual parts of code or scripts. Thus, PT ESC researchers discovered a number of attacks where attackers stored intermediate scripts and leaked victim data directly in public GitHub repositories. The attacks were notable for their structure: long chains of simple scripts were clearly created using AI, judging by the style of the code and comments. It is not uncommon to notice the use of AI to disguise malware.

Secondly, malware leveraging LLM capabilities has begun to emerge, with AI becoming a component of malware. An example is the ransomware PromptLock, discovered by ESET. Although it later turned out that this encryptor was the result of the work of a team of scientists from New York University, it can be confidently assumed that there will always be those willing to implement a dangerous version of the same idea. The malware is written in Go and uses the local model gpt-oss:20b from OpenAI through the Ollama interface to generate malicious Lua scripts in real-time. The scripts are executed directly on the device, allowing for file enumeration on the disk, analysis of their contents, theft of selected data, and encryption of files. The program operates on Windows, Linux, and macOS, making the threat cross-platform.

Similar malware has also been observed in real attacks. For instance, the use of malware LameHug was noted, which directly utilized LLM models to generate and execute shell commands for the purpose of gathering information of interest.

Another striking example of AI application in 2025 was the attack on users of the Nx package. The criminals not only compromised the supply chain—they demonstrated ingenuity in developing malicious code. The styler created by the criminals exploited already established AI agents, taking into account three versions (Gemini, Claude, and Q from Amazon). The cyber attack resulted in the exposure of data from 2180 accounts and affected 7200 repositories.

Forecast

For malicious actors, AI significantly lowers the entry threshold into cybercrime, and of course, they will continue to use this technology to accelerate and optimize various stages of an attack—script development, code writing, or malware obfuscation. However, the emergence of malware utilizing LLM capabilities illustrates a shift: AI is no longer just a "hint" for attackers but is turning into an autonomous component of the infrastructure. It is quite likely that there will be more such attacks in the future.

Not by Windows alone: cross-platform threats

A few years ago, attacks by malicious actors were exclusively aimed at Windows users: according to our data, in 2022, 86% of all incidents affected this operating system. In recent years, there has been a gradual decrease in the number of incidents related to it, and by 2025, the share of incidents in organizations with devices running Windows accounted for 84% (an 8 percentage point decrease compared to 2022). This is due to the active use of other operating systems.

The macOS operating system has long been considered more secure compared to Windows. Although historically macOS faced fewer malware threats, the growing popularity of Apple devices among professionals and large companies has made this platform more attractive to cybercriminals. For instance, Red Canary noted a 400% increase in threats to macOS from 2023 to 2024, and researchers from JAMF reported that there was a sharp rise in the detections of Atomic Stealer (AMOS) — one of the most common malware for macOS, which recently gained a backdoor function.

Linux platforms are no less attractive targets for cybercriminals, and a mass transition to these platforms has been observed not only in Russia but also in other countries due to the growth of server Linux infrastructures.

In a cyberattack on one of the chemical plants in the USA, attackers uploaded the Linux backdoor Auto-Color to the server, capable of executing commands remotely, modifying files, concealing activity from protective measures, and much more. During the incident, a critical vulnerability in SAP NetWeaver (PT-2025-17845) was exploited, which we detailed in our digest of trending vulnerabilities.

Attacks on specialized distributions were also observed. For example, the target of the APT group Transparent Tribe became systems based on BOSS Linux — a domestic Indian operating system. During the incident, cybercriminals used a new malicious tool called DeskRAT, created in the Go language.

It is worth noting the increased interest of cybercriminals in hypervisors, such as VMware ESXi. The goal of such attacks is to compromise all virtual machines running on the hypervisor. Since a large part of modern corporate infrastructures is virtualized, this gives attackers the opportunity to effectively destroy them entirely. This method was adopted by the Ignoble Scorpius group: in one of the incidents, they deployed the BlackSuit ransomware, controlled via Ansible, while simultaneously encrypting hundreds of virtual machines on approximately 60 VMware ESXi nodes, disrupting the entire infrastructure.

Today, many attackers are adapting Windows-oriented tools for other environments, thereby expanding the pool of potential victims.

The ransomware Albabat has acquired Linux and macOS configurations, while the new version of LockBit — 5.0 — targets Windows, Linux, and ESXi. A similar trend can be seen in the dark web. For instance, cybercriminals have published an advertisement on one of the shadow platforms for selling the Linux version of the CyberVolk ransomware, originally developed for Windows.

Forecast

We anticipate that the trend of increasing attacks on other OSs and environments will continue in 2026. A large number of malware will become cross-platform — for this, cybercriminals will switch to programming languages like Go. It becomes especially important for Russia to focus on protecting Linux platforms due to the mass transition to them. According to our forecasts, the number of attacks and, consequently, the amount of malware targeting hypervisors will increase, as the damage from such actions can be exponentially higher. This represents a fundamental shift from damaging data on individual devices to completely paralyzing the entire IT infrastructure.

Transformer viruses: one malicious program can do it all

The production of malware is primarily a business, where developers strive to make their product of higher quality and versatility so that the "client" chooses their product. A step forward in this trend is the active development of hybrid malware, providing the functionality of several types of malicious software at once. For cybercriminals, such a product is convenient: the "all-in-one" design simplifies management (through a centralized C2 server), allows adaptation to different types of environments, and ensures high scalability — the same malware can be used in attacks on different targets.

The ideal foundation for hybrid malware is remote access malware, allowing cybercriminals to maintain persistent access to compromised devices, conduct long-term reconnaissance, monitor victims' actions, and use infected systems as entry points for subsequent attacks. A broad basic functionality becomes a solid foundation for adding modules.

In addition to the long-existing and progressing RATs, new solutions continue to emerge in the market.

Forecast

In 2026, transformer malware will become the standard in the development of malware, likely blurring the lines between different types. Due to the universality and modularity of RATs, they will continue to be the foundation for hybrid malware, keeping their share in attacks at a high level.

It is quite possible that such malware will be segmented depending on the criminal's objectives. For example, simpler tools with relatively low cost will be chosen for attacks on small and medium businesses and ordinary users, while more expensive ones with additional modules will be used for larger targets.

Breaking the Shield: AV/EDR Killers

Almost every company, regardless of scale and industry, uses various protective measures, particularly antivirus programs and EDR-class systems, which have become the standard of corporate security. These measures have not been to everyone's liking: life has become much more complicated for criminals. As a result, attackers have added AV/EDR killers to their arsenal—solutions that allow them to remain undetected within the victim's infrastructure and have become an integral part of attacks.

One of the popular techniques used in "killers" is BYOVD (Bring Your Own Vulnerable Driver). The approach is that criminals install a legitimate but vulnerable driver on the target system. By exploiting known vulnerabilities in such a driver, the attacker escalates privileges and can disable antivirus or EDR. For example, a new EDR Killer, which is an evolution of the EDRKillShifter utility, has been recorded in the arsenal of eight different ransomware groups.

The vulnerable drivers that can be used in Bring Your Own Vulnerable Driver (BYOVD) type attacks can be viewed here.

The interest of criminals is also reflected in the appearance of offers for the sale of EDR and AV killers on shadow forums.

For example, one of the advertisements circulated a tool that, according to the seller's claims, effectively disables many popular antivirus solutions. The author asserts that functionality to disable all popular EDR systems will be added soon. The price of such a tool is $1500 for a build for one antivirus.

Forecast

In 2026, the steady trend towards the growth and complexity of AV/EDR killers will continue. More such tools will appear on the shadow market, as well as malware with similar functional modules.

Malicious actors will continue to actively apply the BYOVD technique to bypass AV/EDR, using not only known vulnerable drivers but also drivers that have not yet been marked as vulnerable. It is quite likely that information about such drivers will be sold on the darknet market, allowing potential buyers to remain unnoticed.

Arming with fishkits

Phishing as a service (PhaaS) platforms are often used to conduct phishing attacks. Over the past year, PhaaS platforms have actively developed: the functionality of existing tools has expanded, and new players have emerged in the market. For example, among the newcomers of 2025, we can note VoidProxy, Salty2FA, and Whisper 2FA. The attractiveness of such platforms in the eyes of criminals can be explained by several reasons. They provide user-friendly dashboards, templates, and automation, allowing unskilled criminals to quickly move on to complex attacks, thereby lowering the entry barrier to cybercrime. An important factor is economic efficiency: subscription-based models offer high profitability compared to maintaining one's own infrastructure. The price for subscription phishing services in 2024 was approximately $250. In addition, the competitive environment stimulates continuous integration of innovations — providers update new methods and features in their "shadow products".

PhaaS platforms typically include the following functionality:

• MFA Bypass.
  According to a report by Barracuda, published in June, the most common toolsets since the beginning of 2025 are Tycoon 2FA (76% of attacks using PhaaS), EvilProxy (8%), as well as Mamba 2FA and Sneaky 2FA, which together accounted for 6% of attacks using PhaaS. All of them have the capability to bypass MFA. Newcomers in the market are also integrating and expanding this capability in their tools. For example, the recently discovered Salty 2FA can bypass several two-factor authentication methods: push notifications, SMS, and voice authentication.

  We have detailed how attackers bypass MFA in our research dedicated to phishing attacks.

• Phishing Templates.
  In a study dedicated to trends in phishing attacks, we discussed how phishing messages sent on behalf of well-known companies are widely used year after year. In such cases, attackers can exploit the trust in the organization from which the phishing attack is conducted. This is why phishing kits cannot do without adding templates of websites from well-known and reputable companies. The phishing platform Morphing Meerkat, for example, allows imitation of 114 different services and service providers, including Gmail, Outlook, Yahoo, DHL, and others.

• Tools for Generating or Cloning Websites.
  Such tools allow the creation of an exact copy of a legitimate website. In 2025, their functionality significantly improved — now attackers integrate support for generative AI into them. For example, this happened with the Darcula platform. Thanks to the update, it is now possible not only to copy brand websites but also to adapt forms to the required language and region, which sharply increases the potential number of attacks.

• Use of CAPTCHA.
  To protect the created malicious website from checks by automated security measures, attackers implement CAPTCHA tests. The use of such verification can create an illusion of trust for the victim, as such tests are typically found on legitimate websites. This capability is used in both the favorite tools of attackers Tycoon 2FA and Sneaky 2FA, as well as in the recently emerged SessionShark.

• Methods for Bypassing Protective Mechanisms and Avoiding Detection.
  Today, there are many ways to combat phishing attacks. For criminals, it is very important to bypass these protective mechanisms, and there are many techniques for doing this. This principle also applies to PhaaS platforms.
  One method for bypassing spam filters is QR codes. A person cannot read them visually, and they do not raise suspicion. However, some security tools have adapted to this threat, so attackers began modifying existing techniques. For example, in the Gabagool phishing kit, one malicious QR code was split into two — as a result, email protection saw two separate seemingly harmless images instead of a complete QR code. In the Tycoon 2FA tool, attackers used another interesting technique: the malicious QR code was embedded inside or around a legitimate QR code.

Phishing tool creators actively monitor trends and incorporate them into their own products.

Forecast

Based on current trends, it can be confidently asserted: in 2026, PhaaS tools will participate in a significant portion of phishing campaigns. As a result, the number of incidents where phishing serves as initial access will increase; at the same time, a significant portion of attacks will be carried out by technically unskilled perpetrators.

At the same time, PhaaS platforms may also attract more organized financially motivated groups. The reason is simple: why spend resources and time developing one's own phishing campaigns when this process can be automated using ready-made platforms? This allows criminals to enhance the efficiency of their operations, increasing the number of potential victims.

We anticipate that functionalities related to generating deepfakes and deepvoices will be integrated into phishing kits, which we will discuss in more detail later.

The Era of Deepfakes

The use of deepfakes and deepvoices in cyberattacks significantly increased in 2025. According to a new Gartner survey, nearly two-thirds (62%) of organizations experienced attacks using deepfakes in the past 12 months. According to Keepnet, there were 179 reported incidents of their use just in Q1 2025, which is 19% higher than the total number of incidents for all of 2024. This trend also affects Russia: according to some reports, the number of deepfakes in the Russian internet segment has increased by one third since the beginning of 2025 compared to the figure for the entire previous year. An interesting indirect confirmation of this trend is the interest of malicious actors in stealing audio data: according to our research, techniques related to audio stream capture (T1123 Audio Capture) ranked first, even though it was not even in the top 10 in 2023.

Although most users encounter deepfakes through short videos on social media, these technologies have long gone beyond entertainment and fallen into criminal hands.

In 2025, an attack was recorded on a cryptocurrency company. In this incident, the attackers deceived an employee by organizing a Zoom video conference using deepfakes that mimicked well-known top managers. They convinced him to install a "Zoom extension," which served as the start of the attack.

Another example includes incidents reported in May by the FBI: criminals impersonated high-ranking US officials and sent AI-generated voice messages to government employees to establish contact and then gain access to their personal accounts.

Deepfakes and deepvoices have been used in fraud related to the theft of funds.

High-profile incident: criminals used AI to forge the voices of Italy's Defense Minister Guido Crosetto and several other government officials. With their help, they convinced some serious Italian entrepreneurs to transfer money to fraudulent accounts.

The most widespread area of malicious use of deepfakes is public opinion manipulation. Generated videos and audio recordings allow for the creation of false statements, staging events, or attributing words and actions to public figures that never occurred.

According to the media, on August 25, 2025, a fake video featuring the mayor was circulated in one of the Russian cities, where he allegedly announced a 50% increase in public transport fares due to fuel shortages. The video quickly spread across social networks, causing concern among residents, and even local media initially picked up the news.

The additional danger lies in the fact that creating a deepfake is not difficult. As early as 2024, advertisements for deepfake as a service (DaaS) began to appear, and if desired, a criminal could also use an open-source version from GitHub. In 2025, ads were discovered offering real-time deepfake creation services starting at $50 for videos and $30 for voice messages.

• In audio, unnatural changes in intonation or speech patterns, especially at the junctions of phrases, as well as atypical expressions and words may indicate a synthetic origin of the audio track.

• Fakes in video can often be noticeable due to unnatural movements of the face or body, especially of the mouth and eyes. Deepfakes often poorly portray teeth, blinking, and gaze direction, making the facial expressions look strange.

• Quality of connection. An indirect sign of a fake can be poor quality of video or audio. Criminals often deliberately imitate communication problems to conceal defects in the synthetic image or voice.

• To verify the obtained recording, photograph, or voice message you can use programs for recognizing generated content. There are deepfake detectors based on AI, whose recognition accuracy reaches up to 90%

• Generation of realistic content. Thanks to AI, criminals can create grammatically correct phishing emails, sound in the right tone, imitate corporate style, localize messages, and create copies of fake websites indistinguishable from the original. For example, the APT35 group took advantage of AI to generate phishing emails targeting journalists, well-known cybersecurity experts, and computer science professors in Israel.
  For malicious activities, attackers can use legitimate platforms, as happened in the case of Lovable — a service for generating web applications using text prompts. The platform turned out to be vulnerable to jailbreak attacks, allowing bypassing built-in restrictions and creating phishing pages virtually indistinguishable from real ones. Experts named the emerging technique VibeScamming.

• Mass automation. AI can generate thousands of unique phishing email variants with minimal effort. In an experiment conducted by IBM security experts, a neural network competed with humans in creating a phishing campaign. It took only 5 prompts and 5 minutes to develop emails as effective as those that required 16 hours from human experts.
  AI tools with similar functionality are also sold on shadow forums. For instance, an advertisement was found selling a tool called SpamGPT — a mass mailing service aimed at bypassing modern anti-spam systems. According to the author, SpamGPT guarantees uninterrupted delivery of messages directly to Outlook, Yahoo, Office 365, Gmail, and other services.

• Deepfakes and deepvoices, which we discussed earlier.

• Personalization. AI models can analyze open data — social networks, websites, publications, company news — and create emails that mention real names of colleagues, projects, events, or even the style of internal correspondence.

Forecast

In 2026, the spread of phishing attacks will continue, in which cybercriminals are assisted by AI: almost all stages of conducting such attacks will be automated. Chatbots that generate real-time responses will develop — AI will be able to maintain a conversation until the victim is ready to click on a malicious link, download a file, or share information of interest.

The AlSaaS model will continue to evolve. All main stages — from preparing the infrastructure to writing personalized prompts for generative neural networks — will be represented in shadow formulas. Such offers will likely include ancillary services: support for phishing websites, reputation management of fake numbers (for example, through boosting reviews or traffic to enhance their credibility in AI aggregators), as well as instructions on how to bypass fraud detection systems. These services will differ in low cost per campaign and be accessible even to novice criminals.

Vishing — calls to be feared

In 2025, the share of voice phishing (vishing) in attacks on organizations increased by 2 percentage points over the year. Although the figure remains relatively small, this method is confidently gaining popularity, and attacks using it have serious consequences — vishing was noted in a number of high-profile cyber incidents last year.

The ransomware group ShinyHunters organized a series of attacks on major companies, including Adidas, Allianz Life, LVMH, and Qantas. All incidents are related to attempts to penetrate client systems of Salesforce through vishing.

The growing popularity of this method is inevitable: it is explained by the combination of several factors, one of which is the prevalence of remote work. For example, in the US, according to data from August 2025, 52% of personnel worked on a hybrid schedule, while in January 2019, this figure was 32%. Employees often interact with colleagues, gain access to corporate resources, and quite frequently receive IT support through calls, chats, and other remote technologies. All of this expands the attack surface. At the same time, under remote work conditions, employees increasingly interact with people they do not know personally, which opens opportunities for cybercrime. Malicious actors can impersonate colleagues or support representatives, successfully using social engineering techniques for deception and manipulation.

This is why one of the key tasks in enhancing a company's security becomes training employees on current phishing and social engineering methods.

The second reason is the increase in email security levels, as well as the improvement of digital literacy among staff—some companies actively implement test phishing campaigns for employees. These factors force malicious actors to evolve.

Forecast

All of this makes vishing a tactic that is unlikely to disappear from the horizon in the near future. We expect that in 2026, the use of this technique in attacks may rise, partly due to the integration of deepfakes. AI will make vishing more convincing and harder to detect.

Playing with Formats

Familiarity and appearance of the file reduce suspicion. Thus, in 2025, we observed a real boom in the use of SVG format files. According to our data, in 2024 this format was used in less than 1% of attacks, while by December 2025, its share in attachments reached almost 5%. To the user, SVG files simply look like images; in reality, they are written in XML and can contain HTML and JavaScript code that cybercriminals can exploit for malicious purposes.

Most often, SVG attachments are used for credential theft.

If a few years ago organizations had weeks to address vulnerabilities, today attackers begin to exploit security gaps within days of information being published about them.

One of the key factors reducing the TTE (Time To Exploit) metric is not so much the speed of attackers, but rather the overall ineffectiveness of vulnerability management processes.

The speed of exploitation is also influenced by the rapid growth of the shadow market for vulnerabilities and exploits. Such offers are highly valued by attackers: nearly 30% of listings in this category are dedicated to purchasing, with the cost of exploits averaging from $1,000 to $20,000, and reaching millions of dollars. In 2025, a listing was published on the dark web for the sale of a PoC exploit for a certain zero-day vulnerability in JavaScript, which, according to the author, is present on almost 99% of websites. The price for such an offer was set at $800,000.

Read more about the cybercriminal market in our recent article.

The EaaS (exploit as a service) model will also help reduce the TTE, predictions for which are already being confirmed in the current cyber threat landscape. In particular, services that allow one-click attacks are rapidly gaining popularity, lowering the entry threshold for attackers who lack sufficient knowledge or skills. The EaaS model makes exploiting vulnerabilities a more accessible method of attack: instead of a one-time sale of an exploit to a single buyer, developers are beginning to offer short-term rentals or subscriptions. This not only increases the income of creators of malicious tools but also greatly expands the circle of attackers capable of exploiting complex vulnerabilities.

Modern exploit kits already demonstrate how effective automated exploitation of vulnerabilities can be. According to a study by Trend Micro, the Earth Minotaur group actively used the MOONSHINE exploit kit, which by 2024 had grown into a large-scale infrastructure of over 55 servers and significantly expanded its functionality compared to the version recorded in 2019. MOONSHINE exploited known vulnerabilities in Chromium-based applications, including messengers for Android, and was used to deliver the previously unknown backdoor DarkNimbus, existing in both Android and Windows versions.

Another driver influencing the reduction of TTE is undoubtedly the automation of exploit development processes using artificial intelligence.

Forecast

The mass availability of information about exploits, increased interest in such offerings on the dark market, and the influence of AI create a favorable environment for reducing TTE, leading to a rise in the number and scale of automated attacks. In 2026, organizations that do not have a vulnerability management process in place will find themselves in an extremely vulnerable position.

We expect that the EaaS model will become the most sought-after form of monetization of exploits in the cybercrime market. Additionally, there is likely to be the emergence of frameworks that combine exploit catalogs, the installation of additional malware modules, and analytics on attack effectiveness.

Vulnerabilities in products from well-known vendors, such as Cisco, TP-Link, or DrayTek, will quickly integrate into botnet attacks and be used for mass breaches of both corporate and user devices. As a result, attackers will be able to build a resilient malicious infrastructure that will be utilized not only for conducting DDoS attacks but also for traffic anonymization or covert cryptocurrency mining.

Exploit - an AI-based service

AI has already become an effective and powerful tool for detecting vulnerabilities. Machine learning models are trained on vast datasets of vulnerabilities, enabling them to predict the likelihood of similar flaws in new code with near-perfect accuracy. For example, Google's Big Sleep tool successfully detected a vulnerability in the SQLite database management system before it could be exploited by malicious actors. According to the president of global affairs at Google and Alphabet, this was the first instance where an AI tool found a zero-day vulnerability in widely used software and prevented its exploitation in real attacks. AI can also be used for automated internet scanning and identifying vulnerable systems.

GreyNoise has already demonstrated the effectiveness of this approach: the company successfully applied LLM to detect vulnerabilities in internet-connected streaming cameras.

However, particularly impressive are the achievements of AI in developing unique exploits. The PwnGPT framework, which uses LLM to create exploits, allows the implementation of three main stages of exploitation: vulnerability analysis, exploit generation, and proof of concept. Experimental results showed that using PwnGPT compared to directly inputting data into LLM increases the likelihood of vulnerability disclosure: for the OpenAI o1-preview model, this value rose from 26.3% to 57.9%, and for GPT-4o — from 21.1% to 36.8%.

Attackers are attempting to leverage the primary advantage of LLM-based frameworks in real attacks — they generate working exploits for known vulnerabilities at an unprecedented speed.

The platform HexStrike AI was originally developed as a legitimate tool for automating penetration testing. However, within the first few hours after the tool's release, reports emerged about its use for exploiting vulnerabilities recently discovered in Citrix NetScaler ADC and Gateway products. In one of the discussions, attackers claim that the exploitation time is reduced from several days to 10 minutes.

Forecast

We expect that one of the key trends shaping the cyber threat landscape in 2026 will be the widespread and increasingly deep integration of AI into the lifecycle of cyberattacks. The emergence of tools like HexStrike AI marks the beginning of an era of cyberattacks that are automated and significantly enhanced with the help of AI. Such AI frameworks are expected to become standard tools in the arsenal of cybercriminals.

New risks on the perimeter

In the first half of 2025, more than 23,600 vulnerabilities were publicly disclosed, which is 16% more than in the same period of 2024. At the same time, in recent years, there has been a significant increase in the interest of attackers in perimeter devices, such as VPN servers and network gateways. According to research by Verizon, the share of these devices in incidents related to the exploitation of vulnerabilities was 22%, which is nearly eight times higher than last year. As a result of the first half of 2025, among the most vulnerable were solutions from major vendors such as Cisco, Citrix, Fortinet, Sonicwall, Zyxel, and others.

Peripheral devices are at the intersection of protected and external networks. A successful attack on a VPN gateway or firewall allows an attacker to gain direct access to the company's internal network and use it for further development of the attack. Thus, by the end of 2024, Google Mandiant noted the vulnerability PT-2024-2752 (CVE-2024-3400) in Palo Alto Networks' network gateways as the most exploited in incidents investigated by the company. After disclosure, it was almost immediately used in attacks by both APT groups and affiliates of ransomware. Among recent examples are vulnerabilities PT-2025-39420 (CVE-2025-20333) and PT-2025-39421 (CVE-2025-20362) in Cisco solutions, the exploitation of which has been recorded in several criminal campaigns, including for spreading families of previously unknown malware and cyber espionage.

Organizations often consider perimeter defenses and network equipment to be inherently secure and underestimate the risks associated with their operation in cyberattacks. In reality, the situation is often the opposite—manufacturers release millions of devices, and even one vulnerability in a popular model can provide access to numerous corporate networks around the world.

Forecast

Exploitation of vulnerabilities in network equipment provides attackers with broad opportunities, allowing them to remain undetected for long periods, gain access to protected systems, and conceal their activities. We expect that in 2026, vulnerabilities in routers, VPN gateways, firewalls, and other components of network infrastructure at the perimeter will be increasingly used in both targeted and mass attacks. Organizations that continue to ignore this threat will face a high risk of breach and loss of control over their systems.

One to many: vulnerabilities in RMM solutions

In the context of the widespread adoption of remote work and decentralized corporate environments, where employees work from offices, homes, and other locations, RMM tools (remote monitoring and management) have become indispensable for maintaining operational efficiency and security. According to Verified Market Research, the RMM market was valued at $918.51 million in 2023, and it is projected to reach $1,548.94 million by 2030, with a compound annual growth rate of about 9%.

The compromise of an RMM tool is not just the compromise of a single node, but obtaining remote privileged access to the entire infrastructure managed by that tool. This very characteristic makes them a valuable asset for attackers. Exploiting vulnerabilities in RMM solutions is a universal technique actively used by attackers. For instance, Microsoft Defender Experts observed the exploitation of zero-day vulnerabilities in many popular RMM tools, including BeyondTrust Remote Support, ConnectWise ScreenConnect, and SimpleHelp. In another campaign, researchers from Arctic Wolf discovered the use of SimpleHelp to gain unauthorized access to secured devices.

Forecast

Vulnerable RMM solutions are an effective tool for attackers looking to develop large-scale attacks with minimal effort. In 2026, they will increasingly utilize tactics where the exploitation of vulnerabilities in RMM tools is combined with other vulnerabilities within the corporate network. Additionally, such attacks may extend beyond the infrastructure of a single company and impact other organizations for which it was an IT service provider. Increased interest from attackers in vulnerable RMM solutions is also expected to lead to a rise in attacks using T1199 techniques related to the compromise of trusted relationships.

IAB 2.0: Transition from "Access as a Commodity" to "Access as a Service"

Some of the most numerous participants in the shadow market are sellers of illegal goods and services. On dark web forums, one can find a wide variety of offers, and one of the most profitable among them is the sale of access. This task is performed by Initial Access Brokers (IABs), whose sole purpose is to penetrate corporate networks and monetize this access by selling it to other hackers. The activity of IABs is rapidly growing: according to SOCRadar, over two years (from Q1 2023 to Q1 2025), the number of advertisements for the sale of access has increased by more than 100%, making this segment of the shadow market one of the fastest-growing.

IABs focus on bypassing perimeter defenses through vulnerable services, stolen credentials, or unsecured remote access points. Moreover, most accesses are still based on data collected through infostealers. If an organization does not use MFA, such data instantly grant access to its corporate resources.

After gaining access, IABs establish themselves in the compromised infrastructure through hidden administrator accounts or

Addressing IABs is beneficial for all participants in the shadow market. Thus, RaaS service operators can focus on developing new encryptors and negotiating with victims, without spending time and resources on finding and obtaining initial access. IABs, in turn, receive stable income while minimizing the risks of detection: they rarely remain in the system longer than necessary to confirm access. The results of the study by FortiGuard confirm this trend: financially motivated attackers increasingly use stolen or purchased credentials to gain access to the corporate network of the targeted organization and avoid detection by protective measures. Moreover, this collaboration model demonstrates high economic efficiency: the cost of access to a corporate network can range from several hundred to tens of thousands of dollars depending on the size of the company, the type of infrastructure, and the level of security. For ransomware groups, this is a relatively small price for the opportunity to attack an organization from which a large ransom can potentially be demanded.

Forecast

In 2026, the initial access broker market will continue to be in demand. Offers in this market may become more personalized, and the final price will depend on the capabilities offered.

Thank you for reading the text to the end. More examples, as well as recommendations for protection against cyberattacks, can be found in the full version of the study in the analytics section on our website.

Valeria Besedina

Analyst of the PT Cyber Analytics research group

Anastasia Osipova

Junior analyst of the PT Cyber Analytics research group