AI-powered cyber threats are attacks that use artificial intelligence to automate, accelerate, or adapt an attacker’s capabilities, not just AI-assisted tools bolted onto an old playbook, but attack techniques AI makes possible for the first time. That includes AI-generated phishing at scale, malware that rewrites itself to dodge detection, automated vulnerability discovery, deepfake-enabled fraud, and early agentic AI campaigns that run with limited human input.
Key takeaways
- AI-powered means AI is doing real attack work—writing malware, discovering vulnerabilities, running a campaign—not just cleaning up an attacker’s grammar.
- AI-generated phishing surged from under 5% to 56% of detected attacks in a single month at the end of 2025, according to Hoxhunt’s 2026 phishing trends data.
- In September 2025, Anthropic disrupted a Chinese state-sponsored group that used its Claude Code tool to run 80–90% of a cyber espionage campaign autonomously.
- Deepfakes now account for roughly 11% of global fraud activity, and people can only spot AI-generated audio and video correctly about half the time.
- AI shifts the old attacker-defender math: attackers only need to succeed once, and AI now lets them try more times, faster, more convincingly, with less skill required.
Most conversations about AI and security jump straight to defense, and how AI helps a security operations center catch more threats, faster. That’s a real and growing part of the picture. But attackers are using the same technology, and it’s changing what a cyberattack looks like in 2026: faster to build, more convincing, and harder to fingerprint with the signature-based tools most security teams still lean on.
What makes a cyber threat “AI-powered” instead of just AI-assisted?
An attacker using ChatGPT to fix typos in a phishing email is AI-assisted. That’s a productivity boost, not a new threat category. A cyber threat becomes AI-powered when AI does real attack work: writing functional malware, adapting code on the fly to dodge a specific defense, discovering a vulnerability, or running steps of a campaign with little human direction.
Our own threat research shows how far that gap can stretch. A North Korean state-sponsored group Expel tracks as HexagonalRodent used commercial AI tools, including ChatGPT and Cursor, to write malware and build phishing sites targeting Web3 developers, reportedly exfiltrating around $12 million in cryptocurrency across thousands of infected systems in three months. Researchers noted the group’s own prompts were full of spelling and grammar mistakes. The humans behind the campaign couldn’t write working code without AI. AI didn’t just speed up the attack. It made the attack possible.
What are the top AI-powered cyber threats in 2026?
Six patterns show up most often in current threat research:
1. AI-generated phishing and social engineering at scale
AI lets one attacker personalize thousands of phishing attempts instead of sending one generic template to everyone. Hoxhunt’s 2026 phishing trends data found AI-generated phishing jumped from under 5% of detected attacks to 56% in a single month at the end of 2025, before settling near 40% in January 2026.
IBM X-Force tested this directly: attackers needed just 5 prompts and 5 minutes to generate a phishing email nearly as effective as one that took a skilled team 16 hours to write by hand. It’s worth noting that in the same test, the human-written email still edged out the AI version on click-through rate. Speed and scale are AI’s real advantage here, not superhuman persuasion, at least for now.
2. Polymorphic and adaptive malware
Polymorphic malware rewrites parts of its own code to look different to signature-based detection tools every time it runs. AI accelerates this by generating variations faster than a human malware author could. That said, Expel’s own 2026 Annual Threat Report found that most endpoint attacks last year were “less about innovation and more about refinement”—well-tested delivery methods like ClickFix and backdoored productivity apps, not exotic AI-mutated code. The bigger near-term risk is AI making existing techniques cheaper to run at scale, not necessarily inventing malware nobody has seen before.
3. Automated vulnerability discovery and exploit generation
AI can scan code and infrastructure for weaknesses and draft exploit code far faster than a person doing the same work manually. In the Anthropic espionage case described below, the AI agent discovered and tested vulnerabilities at a rate—thousands of requests per second—no human operator could match.
4. Deepfake-enabled fraud
Deepfake audio and video are now good enough to impersonate an executive on a phone call or a video request for a wire transfer. Sumsub’s 2025–2026 Identity Fraud Report found deepfakes now account for roughly 11% of global fraud activity, up sharply from just a few years ago. People aren’t well-equipped to catch this by eye or ear — studies on human detection of AI-generated audio and video put accuracy at only slightly better than a coin flip.
5. Agentic AI attack campaigns
This is the newest and most consequential category: AI agents that plan, execute, and adapt across an entire attack with minimal human involvement, rather than just answering a question or writing one piece of code. In September 2025, Anthropic disrupted a Chinese state-sponsored group that manipulated its Claude Code tool into running roughly 80–90% of a cyber espionage campaign autonomously, targeting around 30 organizations across tech, finance, and government.
The attackers broke the operation into small tasks and misrepresented their intent to get around the model’s safeguards. Anthropic has called it the first documented large-scale cyberattack executed with minimal human involvement, and it’s a preview of what end-to-end autonomous attack campaigns can look like as the technology matures.
6. AI-powered credential stuffing and account takeover
Identity-based attacks are already the most common threat MDR providers see. Expel’s 2026 Annual Threat Report found that nearly half—47.7%—of identity-related incidents last year involved an attacker successfully gaining account access with stolen credentials. AI speeds up the front end of this problem: testing large volumes of leaked credentials faster, and generating the follow-on phishing or social engineering needed to get past multifactor authentication once a password alone isn’t enough.
Why does AI change the balance between attackers and defenders?
Security has always had an uneven fight built into it: an attacker only needs one attempt to work, while a defender has to stop every attempt, every time. AI tilts that further in the attacker’s favor in four ways. It automates attacks at scale, so one person can run thousands of personalized phishing campaigns instead of one. It accelerates timelines, shrinking the window between a vulnerability going public and someone exploiting it. It lets attacks adapt in real time instead of running the same static playbook. And it lowers the skill floor, putting capabilities that once needed a skilled operator within reach of attackers who couldn’t build them on their own.
How are defenders countering AI-powered threats?
The short version: with AI of their own. AI-powered defenses analyze far more data than a human team could review manually, use behavioral analysis to flag anomalies regardless of which specific technique an attacker used, and draw on threat intelligence gathered across many customer environments to recognize a pattern the moment it shows up anywhere in the network.
Expel’s take
The scariest AI threat headlines skip a detail that matters: most AI-enabled attacks succeeding right now aren’t inventing new attack types out of thin air. They’re making existing playbooks—phishing, credential theft, malware delivery—cheaper, faster, and available to attackers who couldn’t have pulled them off unassisted. That’s still a real problem worth taking seriously. It’s also a more useful problem to plan for than a hypothetical AI supervillain, because it tells you where to actually put your attention: email security, identity, and the speed of your own detection and response.
Frequently asked questions
What are the top AI-powered cyber threats in 2026?
The top AI-powered threats include highly personalized AI-generated phishing campaigns, polymorphic malware that rewrites itself to evade detection, automated vulnerability scanning and exploit development, deepfake-based fraud targeting executives and financial systems, and early-stage agentic AI attack campaigns capable of multi-step autonomous intrusion.
How does AI make cyberattacks more dangerous?
AI makes attacks more dangerous by enabling automation at scale (one attacker can run thousands of personalized phishing campaigns), acceleration of attack timelines (vulnerabilities found and exploited faster), adaptation (malware that evolves to evade specific defenses), and lower barriers to entry (sophisticated attacks accessible to less-skilled attackers).
What is AI-generated phishing?
AI-generated phishing uses large language models to create highly personalized, contextually accurate phishing emails that are harder to detect than traditional mass phishing. AI can research targets, mimic writing styles, generate convincing pretexts, and scale attacks that previously required a skilled social engineer for each target.
How are defenders using AI to counter AI-powered threats?
AI-powered defenses analyze patterns across massive data volumes to detect AI-generated attacks that evade signature-based tools, use behavioral analysis to identify anomalous activity regardless of attack method, and draw on cross-customer threat intelligence to detect attack patterns seen elsewhere in the network.
What should security teams prioritize to defend against AI-powered threats?
Priorities include strengthening email security with AI-powered phishing detection, implementing behavioral analytics to catch threats that evade signatures, maintaining 24×7 monitoring coverage to match the speed of automated attacks, educating employees on AI-enhanced social engineering, and working with an MDR provider that uses AI defensively at scale.

