AI-Powered Cyber Threats Reshape the Security Landscape
The rapid adoption of artificial intelligence (AI) has escalated cyber threats, enabling more sophisticated, automated, and damaging attacks. According to the Global Cybersecurity Outlook 2026 from the World Economic Forum, AI has introduced new attack vectors, increasing both the frequency and severity of cyber incidents.
A stark example emerged in April when Anthropic opted not to publicly release its Claude Mythos large language model after tests revealed thousands of critical vulnerabilities in major operating systems and browsers. Instead, the company launched Project Glasswing, restricting Mythos to vetted partners like Apple, Microsoft, and Cisco to develop defensive measures against potential misuse by threat actors.
Rising Risks and Financial Fallout
Corporate concerns over cyber risk are intensifying. The Bank of England’s Systemic Risk Report for late 2025 found that 86% of companies ranked cyber risk among their top five threats up from 72% earlier in the year. A Proofpoint survey of 1,600 CISOs revealed that 66% experienced material data losses in the past year, a jump from 46% in 2024. In India, 99% of CISOs reported system compromises in the last 12 months.
The financial toll is staggering. Cybercrime costs reached $10.5 trillion in 2025, with projections hitting $15.6 trillion by 2029. Ransomware payments surged, with the median demand increasing 368% between 2025 and 2026 to nearly $60,000. Despite stagnant ransom payments post-2023, the number of reported attacks continued to climb.
Key Vulnerabilities: Identity, Supply Chains, and Human Error
Cyber threats exploit three primary weaknesses:
- Legitimate Identity Abuse – CrowdStrike’s 2026 Global Threat Report found that 82% of intrusions involved no malware, instead relying on stolen credentials or trusted systems to blend into normal activity.
- Supply Chain and Third-Party Risks – The Verizon Data Breach Investigations Report 2025 noted that 30% of breaches involved third parties, double the previous year’s rate. High-profile incidents, like the 2020 SolarWinds attack, demonstrated how compromised software updates can create widespread backdoors.
- Internet-Facing Systems – Exploits of public-facing applications rose 44% in a year, with 40% of initial breaches originating from such systems. Many vulnerabilities required no authentication, making them prime targets.
Human error remains a persistent weak point. The Verizon report found that 60% of breaches involved human factors, from phishing to poor digital hygiene. Remote work has further complicated security, with 40% of UK workers operating in hybrid or fully remote setups, expanding attack surfaces beyond traditional firewalls.
AI’s Dual Role: Accelerating Attacks and Defenses
AI has lowered the barrier for cybercriminals, enabling faster, more automated attacks. CrowdStrike reported an 89% year-over-year increase in AI-driven adversary activity, with average eCrime breakout times dropping to 29 minutes (down from 98 minutes in 2020). Some intrusions achieved data exfiltration in just four minutes.
AI also aids defenders. Anthropic’s Mythos, though withheld from public release, helps vetted partners identify and patch vulnerabilities. However, the cat-and-mouse dynamic persists Sumsub’s CTO warned of potential gaps where new fraud techniques temporarily outpace detection systems.
Notable Incidents and Lessons
- Marks & Spencer (April 2025) – A breach by the hacking group Scattered Spider cost the retailer £300 million in lost profits and £600 million in market value. The attack reportedly exploited IT help desk workers through social engineering.
- ByBit (February 2025) – A supply-chain compromise led to $1.5 billion in stolen cryptocurrency after North Korean attackers distributed trojanized software.
- CrowdStrike Outage (2024) – A faulty software update caused the largest global IT disruption to date, affecting 8.5 million Windows systems across airlines, hospitals, and governments highlighting the risks of over-reliance on single vendors.
Emerging Threats and Defensive Shifts
AI-generated deepfakes and synthetic identities are becoming more convincing, with Sumsub noting that LLMs can now fabricate entire identities for verification bypass. Meanwhile, state-sponsored actors, like North Korea’s operatives, have used fake job applications to infiltrate Western companies.
To counter these threats, experts emphasize:
- Zero-trust architecture – Treating identity systems as critical infrastructure.
- Supply chain scrutiny – Contracts with third parties must include breach notifications, AI usage disclosures, and liability clauses.
- AI-driven defenses – Leveraging AI for vulnerability detection while maintaining human oversight to avoid over-reliance on automated systems.
As AI continues to reshape cyber warfare, organizations must prioritize speed, resilience, and foundational security balancing innovation with the risks of an increasingly interconnected digital landscape.
Source: https://www.ft.com/content/25471824-4c63-4644-9d29-0e548087ca05
Marks and Spencer cybersecurity rating report: https://www.rankiteo.com/company/marks-and-spencer
Bybit cybersecurity rating report: https://www.rankiteo.com/company/bybitexchange
CrowdStrike cybersecurity rating report: https://www.rankiteo.com/company/crowdstrike
"id": "MARBYBCRO1777746530",
"linkid": "marks-and-spencer, bybitexchange, crowdstrike",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Retail',
'location': 'United Kingdom',
'name': 'Marks & Spencer',
'type': 'Retailer'},
{'industry': 'Finance (Cryptocurrency)',
'name': 'ByBit',
'type': 'Cryptocurrency Exchange'},
{'customers_affected': '8.5 million Windows systems',
'industry': 'Technology (Cybersecurity)',
'location': 'Global',
'name': 'CrowdStrike',
'type': 'Cybersecurity Firm'},
{'industry': 'Technology',
'location': 'Global',
'name': 'Apple, Microsoft, Cisco (via Project '
'Glasswing)',
'type': 'Technology Companies'}],
'attack_vector': ['Stolen Credentials',
'Social Engineering',
'Trojanized Software',
'Faulty Software Update',
'Internet-Facing Systems Exploits'],
'data_breach': {'data_exfiltration': 'Yes (ByBit incident)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, financial data, '
'cryptocurrency wallets)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Corporate Credentials',
'Cryptocurrency Wallet Data']},
'description': 'The rapid adoption of artificial intelligence (AI) has '
'escalated cyber threats, enabling more sophisticated, '
'automated, and damaging attacks. This includes high-profile '
'incidents like the Marks & Spencer breach, ByBit '
'cryptocurrency theft, and the CrowdStrike outage, alongside '
'rising risks from identity abuse, supply chain compromises, '
'and AI-driven attacks.',
'impact': {'brand_reputation_impact': ['Marks & Spencer',
'CrowdStrike',
'ByBit'],
'data_compromised': ['Material data losses (66% of CISOs in 2025)',
'Personally Identifiable Information (PII)',
'Corporate Credentials',
'Cryptocurrency Wallets'],
'financial_loss': ['$10.5 trillion (global cybercrime costs in '
'2025)',
'$15.6 trillion (projected by 2029)',
'£300 million (Marks & Spencer lost profits)',
'$1.5 billion (ByBit cryptocurrency theft)'],
'identity_theft_risk': 'High (due to PII exposure and synthetic '
'identities)',
'operational_impact': ['Global IT disruptions (CrowdStrike outage)',
'Retail operations (Marks & Spencer)',
'Cryptocurrency exchange operations '
'(ByBit)'],
'payment_information_risk': 'High (cryptocurrency theft and '
'payment system compromises)',
'revenue_loss': ['£600 million (Marks & Spencer market value '
'loss)'],
'systems_affected': ['8.5 million Windows systems (CrowdStrike '
'outage)',
'Major operating systems and browsers (Claude '
'Mythos vulnerabilities)',
'IT help desk systems (Marks & Spencer)']},
'lessons_learned': ['AI lowers the barrier for cybercriminals, enabling '
'faster and more automated attacks.',
'Legitimate identity abuse and supply chain risks are '
'critical vulnerabilities.',
'Human error remains a persistent weak point in '
'cybersecurity.',
'Zero-trust architecture and supply chain scrutiny are '
'essential defensive measures.',
'AI-driven defenses must be balanced with human oversight '
'to avoid over-reliance.'],
'motivation': ['Financial Gain',
'Espionage',
'Disruption',
'Data Exfiltration'],
'post_incident_analysis': {'corrective_actions': ['Project Glasswing '
'(AI-driven vulnerability '
'patching)',
'Zero-trust architecture '
'adoption',
'Enhanced supply chain '
'scrutiny',
'Improved monitoring of '
'internet-facing systems',
'Employee training on '
'digital hygiene and '
'phishing'],
'root_causes': ['AI-driven automation of attacks',
'Legitimate identity abuse (82% of '
'intrusions)',
'Supply chain and third-party '
'risks (30% of breaches)',
'Exploits of internet-facing '
'systems (44% increase)',
'Human error (60% of breaches)']},
'ransomware': {'ransom_demanded': 'Median demand of nearly $60,000 (2026)'},
'recommendations': ['Adopt zero-trust architecture and treat identity systems '
'as critical infrastructure.',
'Scrutinize supply chains with breach notifications, AI '
'usage disclosures, and liability clauses in contracts.',
'Leverage AI for vulnerability detection while '
'maintaining human oversight.',
'Enhance monitoring and segmentation of internet-facing '
'systems.',
'Improve digital hygiene and phishing awareness among '
'employees.'],
'references': [{'source': 'World Economic Forum - Global Cybersecurity '
'Outlook 2026'},
{'source': 'Bank of England - Systemic Risk Report (Late '
'2025)'},
{'source': 'Proofpoint CISO Survey (2025)'},
{'source': 'CrowdStrike - 2026 Global Threat Report'},
{'source': 'Verizon Data Breach Investigations Report 2025'}],
'response': {'remediation_measures': ['AI-driven vulnerability patching '
'(Project Glasswing)',
'Zero-trust architecture adoption',
'Supply chain scrutiny']},
'threat_actor': ['Scattered Spider',
'North Korean State-Sponsored Actors',
'eCrime Groups',
'Unknown (CrowdStrike Outage)'],
'title': 'AI-Powered Cyber Threats and Major Cyber Incidents (2025-2026)',
'type': ['Data Breach',
'Ransomware',
'Supply Chain Attack',
'AI-Driven Attack',
'System Outage'],
'vulnerability_exploited': ['Legitimate Identity Abuse',
'Third-Party Risks',
'Public-Facing Application Vulnerabilities',
'Human Error',
'AI-Generated Deepfakes']}