AI-powered cybercrime to become fully automated by 2026
Trend Micro predicts that 2026 will mark a major shift in the cybercrime landscape, as artificial intelligence is set to underpin fully autonomous cyber attacks.
The company's latest forecast suggests that AI and automation will allow criminals to orchestrate entire campaigns without human intervention, increasing the tempo, scope and sophistication of online threats.
AI-powered crime
The forecast details how generative AI models and automated agents are now capable of independently conducting reconnaissance, discovering vulnerabilities, exploiting weaknesses, and monetising attacks. Self-rewriting malware and deepfake-driven social engineering are highlighted as tactics that will become standard, making it more difficult for organisations to detect and stop cyber threats at an early stage.
The report points to threats of polymorphic malware that constantly adjusts its code, and the use of deepfake technology to create highly convincing voice and video impersonations. These advancements mean attackers can quickly adapt their techniques, evade detection and achieve persistent access.
Targeted environments
The forecast identifies hybrid cloud environments, complex software supply chains, and AI infrastructure as primary targets for cyber attacks in the coming years. It warns that both open-source package repositories and container images may be poisoned or manipulated, potentially leading to widespread compromise through trusted channels. The rapid adoption of cloud computing and AI accelerates the risk profile, as organisations struggle to maintain visibility and control across interconnected digital ecosystems.
Another anticipated threat is the proliferation of over-privileged cloud identities, which can provide attackers with unauthorised access to sensitive data and systems. The report also notes that state-sponsored groups are expected to increase their use of "harvest-now, decrypt-later" tactics. This approach sees attackers collect encrypted data today, with the intention of decrypting it in the future using advanced quantum computing.
Ransomware evolution
The report suggests that ransomware operations will become fully automated, relying on AI to manage every stage of an attack. Automated systems are expected to identify viable victims, exploit their weak points, and even negotiate terms of extortion through conversational bots. Ransomware is expected to move beyond simple encryption and data theft towards broader business disruption and automated follow-ups.
Researchers warn that these campaigns will become harder to trace, faster in execution and more persistent in nature, with much of the process hidden from defenders until it is too late to respond effectively.
Defensive strategy
The company urges organisations to shift from a reactive posture to proactive resilience by building security into every level of cloud adoption, AI integration, and supply chain operations. Threat experts advise embedding ethical AI usage, adaptive defences and continuous human oversight in future technology deployments. Protecting the enterprise requires a cultural shift that treats cybersecurity as strategic infrastructure rather than a technical afterthought.
"2026 will be remembered as the year cybercrime stopped being a service industry and became a fully automated one. We are entering an era where AI agents will discover, exploit, and monetise weaknesses without human input. The challenge for defenders is no longer simply detecting attacks, it's keeping pace with the machine-driven tempo of threats," said Ryan Flores, Lead of Forward-Looking Threat Research, Trend Micro.