AI Cybersecurity Threats: Are Attacks Rising?
Almost every vendor headline this year says the same thing: AI cybersecurity threats are exploding. You've seen the numbers — phishing up 1,265%, 87% of organisations "hit by an AI attack," a coming wave that ends cybersecurity as we know it. Here's the problem: most of those figures don't survive contact with their own primary sources. Some are real and measured. Some are recycled between aggregators until nobody remembers where they came from. And the most important question — are AI-powered cyberattacks actually increasing, or are we being sold fear? — almost never gets answered honestly.
So I did the work. I pulled the primary reports, checked each number against the page it came from, and separated signal from hype. What I found is more interesting than the headlines: the capability is real and cheap, the current wave is mostly overstated, and the gap between those two facts tells you exactly where this is going. Let's get into the data.
The Numbers Everyone Repeats — and Which Ones Survive Scrutiny
Start with what's real, because some of it genuinely is. CrowdStrike's 2026 Global Threat Report is the strongest single source, and the picture it paints is consistent: AI is now woven through how attackers operate, and they're moving faster than defenders can react.
Source: CrowdStrike 2026 Global Threat Report.
Anthropic adds hard numbers from the platform side. It examined accounts it banned for malicious cyber activity over a full year, mapped them to the MITRE ATT&CK framework, and counted how many leaned on AI to do the work.
Source: Anthropic, AI-enabled cyber threats / MITRE ATT&CK.
The honesty caveat that matters
Anthropic calls these 832 "a subset of the total number of accounts banned — those where we had enough detail." That's a self-selected sample with no denominator, not a population count. It proves AI is present in attacker workflows. It does not, on its own, prove a clean step-change in cyber risk. That distinction — present versus causing a measured surge — is the whole article. Hold onto it.
Deepfake Fraud: The One Area That's Genuinely Exploding
If you want the clearest real signal, it's deepfakes.
In May 2024, the British engineering firm Arup confirmed it lost $25 million to a deepfake scam: a finance worker in Hong Kong was duped into a video call with what he believed were the CFO and colleagues — "all of whom turned out to be deepfake re-creations" (CNN). This isn't a survey estimate. It's an attributed, confirmed, eight-figure loss using AI that didn't exist in usable form three years earlier.
The broader deepfake-fraud growth figures (incident counts multiplying year on year, "+2,137% since 2022") are widely reported but I couldn't trace them to a primary dataset — so treat them as directional, not gospel. The Arup case I can stand behind completely. The trend-line percentages, I'll attribute to whoever published them and let you weigh them.
What the Scary Headline Numbers Don't Tell You
Now the hype layer.
"Phishing up 1,265% since ChatGPT." "82.6% of phishing emails are AI-made." "87% of organisations hit by an AI attack." You'll find these everywhere. I chased each one. They trace back to aggregator syntheses — meta-reports blending surveys, anecdotes and other reports — not to a single vendor's telemetry. That doesn't make them false. It makes them unverifiable, which for a number you're about to base a security decision on is the same problem.
Here's the institutional read that does hold up — the World Economic Forum's Global Cybersecurity Outlook 2026, published 12 January 2026. And notice it points at both sides of the fight, not just the scary one:
Source: WEF Global Cybersecurity Outlook 2026.
That's the legitimate version of "everyone's worried": measured, sourced, and showing defenders adopting AI as fast as attackers — not a one-sided panic.
My read
When a number can't survive a click to its origin, it's marketing. The verified data shows AI rising in attacker tooling. The recycled data inflates that into a tidal wave. Both things are true at once — and only one belongs in your threat model.
What AI Can Actually Do Now (And It's Not Hype)
I want to be just as honest about the other direction, because the skeptics overshoot too.
The capability is real, and I've covered the evidence in detail. According to Anthropic's own Mythos Preview research — which I broke down in my Future of Cybersecurity video — the model was pointed at real production code, the software that runs the internet, and found zero-day vulnerabilities including a 27-year-old bug in OpenBSD and a 17-year-old root-access bug in FreeBSD, then wrote the exploits autonomously. Anthropic reports the previous generation managed that twice in hundreds of attempts; this one did it 181 times. That's not an incremental gain. That's a phase change, and it happened in months.
I'm not alone in calling it. Bruce Schneier, October 2025: "AI agents are now hacking computers. They're getting better at all phases of cyberattacks, faster than most of us expected… they can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything." He goes further: "We're potentially looking at a singularity event for cyber attackers." And he names the tools already doing it — HexStrike-AI, and Villager, a Chinese pen-testing tool built on DeepSeek that automates entire attack chains — noting "these tools are increasingly free for anyone to use."
So no — the capability question is settled. AI can do this, cheaply, today.
But "Can" Isn't "Is": Why the Wave Hasn't Broken Yet
Here's where it gets interesting, and where most coverage falls apart. Capable of being mainstream and being mainstream are different claims — and the evidence for the second is thin, from the very companies with the most incentive to hype it.
Read Anthropic's own data again: across the period they studied, AI-assisted phishing actually fell 8.6%, while AI use shifted deeper into the attack chain — account discovery rose 8.9%. Attackers aren't flooding the world with AI phishing; a subset are using AI for harder post-compromise work. Google's Threat Intelligence Group reaches a similar conclusion: advanced, state-backed AI misuse is real but a minority of what they see — most observed activity is unsophisticated (phishing help, translation, coding assistance).
What's holding the wave back isn't that AI can't do it. It's that the most capable models are gated. Anthropic didn't release Mythos publicly, and in June 2026 the US administration issued an Executive Order on advanced AI "innovation and security" — which Amodei himself references — moving the government toward a role in controlling access to the most powerful models. That's a policy brake, not a physical one — and policy brakes can hold or break.
Defenders Have the Structural Advantage — But Only at Machine Speed
Now the part the doom coverage skips: the same AI helps defenders, and arguably helps them more.
Google's Big Sleep agent found the first publicly known previously-unknown exploitable memory-safety bug discovered by an AI in widely-used real-world software — a stack buffer underflow in SQLite, caught before it shipped, that traditional fuzzing missed. Google's framing is explicit: this is "a promising path towards finally turning the tables and achieving an asymmetric advantage for defenders."
Why the advantage? A defender already has the source code, the access, and the knowledge of how the system is built. An attacker has to discover all of it from scratch. Point the same cheap AI at both sides and the defender finds the bug faster — if they're running it at machine speed. Do it manually and you've thrown away the one edge you had.
There's a perfect cautionary tale here. After Mozilla used AI to clear "all" the vulnerabilities it could find in Firefox, Firefox 152 still shipped fixes for 40 more — 13 rated High impact, 18 Moderate, 9 Low (Mozilla advisory mfsa2026-57, June 2026) — found by a diverse international set of human and AI researchers. AI is a powerful finder. It is not yet a magic fixer, and most deployed software never gets patched at all. Discovery is necessary. It isn't sufficient.
So the picture at this moment is clear: the capability is proven and cheap, but gated, and the wave hasn't broken. The obvious question is what happens when the gate comes off — and that's not really a security question. It's an economics one.
The Economics That Make It Inevitable
A note on what follows: this section is my forecast, not measured fact. I'll show you the reasoning so you can judge it yourself.
Here's why I think predominantly AI-driven attacks are coming, even though they're not here yet.
Two curves. First, cost. When Mythos-class capability first appeared, running it cost a few thousand dollars per run. My expectation is that it follows every model tier before it — cheaper and more accessible every quarter, down to a few hundred dollars within a year, then less. Every capability in computing history has leaked downward; there's no reason this one breaks the pattern.
Second, open source. The frontier doesn't stay exclusive. By early 2026, open-weight models were reportedly closing in on the closed frontier on coding tasks at a fraction of the cost — and Schneier already documents free, autonomous attack tools in the wild (HexStrike-AI, Villager on DeepSeek). Gating the best closed model doesn't help much when the open one is eighteen months behind and free to anyone.
Put those together: a proven capability that gets cheaper and more available every quarter, against defenders who mostly don't patch. Capability that cheap always becomes the default method. That's not a security claim — it's an economics one.
The Only Thing That Stops It: International Restriction
The single brake that could change the timeline is binding regulation — and it doesn't meaningfully exist yet.
Dario Amodei, whose own company started this, argues for exactly that: "Frontier AI models, like airplanes, should be required to go through technical testing and auditing, and their release should be blocked or reversed as a threat to public safety if they do not meet high standards of safety." He warns Mythos-class models create "the potential for disruption of the financial sector, critical infrastructure, and national security" — and "will not be the last." Schneier, Hypponen and the WEF are all calling for guardrails too.
But calls aren't controls. Today there's no binding international regime on offensive AI. Until there is, the economics run unopposed.
My Forecast: Direction Certain, Timing Uncertain
So here's where I land, and I'll be precise about my confidence.
The direction is close to certain. Barring binding international controls, cyberattacks will shift to predominantly AI-driven. The capability is proven, the cost is collapsing, and open source removes the gate. "Not here yet" is not "not coming" — and confusing the two is how you get caught flat-footed.
The timing is genuinely uncertain. Anyone giving you a precise date is guessing. It depends on the cost curve, on whether regulation appears with teeth, and on how fast open-weight models close the gap. My honest bet: vendor gating slows it for a couple of years, then open-source parity opens the floodgates.
And it's not game-over. This is the part the fear-merchants leave out. Defenders get the same cheap AI — and structurally, they should win, because they own the code and the access. The future isn't less security; it's security done at machine speed by people who build AI systems rather than run tools by hand. The roles most exposed are the manual ones — on JobZone, the AI-displacement tool I built, a junior penetration tester scores just 6/100 for AI resistance.
The role that survives and thrives is the AI-driven security engineer — the person who builds the infrastructure that defends at the same speed the attacks are coming. The wave isn't here yet. But it's coming, the direction isn't in doubt, and which side of it you're on is something you decide now.
AI Cybersecurity Threats FAQ
Are AI cyberattacks increasing in 2026?
Yes, but with nuance. Verified data (CrowdStrike, Anthropic, WEF) shows AI is increasingly present in attacker tooling and that deepfake fraud is genuinely rising. But many of the scariest headline percentages trace to aggregators, not primary telemetry, and a measured 'wave' of AI-powered attacks has not yet arrived.
What is an AI-powered cyberattack?
An attack where AI does meaningful work in the chain — writing phishing lures or malware, finding vulnerabilities, generating deepfakes for fraud, or automating reconnaissance and exploitation. 'AI-assisted' (AI helps a human) and 'AI-powered/autonomous' (AI runs steps itself) are different levels, and the distinction matters when reading statistics.
Are the AI attack statistics reliable?
Some are. Figures from primary vendor reports (CrowdStrike's +89%, Anthropic's 832 cases, the WEF's 87%) are sourced and checkable. Others — 'phishing +1,265%', '82.6% of phishing is AI-made' — come from aggregator syntheses and should be treated as directional, not authoritative.
Will AI replace cybersecurity jobs?
It will transform them, fastest at the manual end. Running scanners and triaging alerts is highly exposed; building and orchestrating AI-driven security systems is not. The durable skill is AI-driven security engineering, not tool operation.
When will AI attacks become mainstream?
The direction looks near-certain — cost collapse plus open-source parity make predominantly AI-driven attacks likely, barring binding international regulation. The timing is genuinely uncertain; credible reasoning points to vendor gating buying a couple of years before open-weight models close the gap.
About the Author
Nathan House, Founder & CEO of StationX
Nathan House has 30 years of hands-on cybersecurity experience and is Cambridge-educated, holding CISSP, CISA, CISM, OSCP, CEH, and SABSA. He founded StationX in 1999 — one of the UK’s first cybersecurity companies — and has secured £71 billion in UK mobile banking transactions and the London 2012 Olympics, advising clients including Microsoft, Cisco, BP, Vodafone, and VISA. He authored the world’s most popular cybersecurity course — a #1 Udemy bestseller taken by over 500,000 students — and was named Cyber Security Educator of the Year 2020, AI Security Educator of the Year, and a UK Top 25 Security Influencer 2025. A DEF CON speaker and featured expert on CNN, Fox News, NBC, and the BBC, Nathan leads StationX’s training of more than half a million students worldwide.
