Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal forums, illicit marketplaces, and underground chat services shows a threat environment where stolen identity data, unpatched vulnerabilities, and ransomware operations are interdependent.
The findings come from Flashpoint’s 2026 Global Threat Intelligence Report, pulling data directly from sources across open and restricted online spaces.
AI is moving from a tool to an infrastructure
Criminal interest in AI grew sharply over the course of 2025. Flashpoint tracked over 1.5 billion illicit discussions referencing AI across forums and chat services. Activity peaked in December 2025 at a 1,500% increase over the prior month, with roughly 6 million discussions recorded in that single month alone, up from approximately 362,000 in November.
The topics in those discussions focused on weaponizing AI for specific attack types, including deepfake technology, jailbreak prompts, phishing lures, and malware development.
Ian Gray, VP of Intelligence at Flashpoint, told Help Net Security that the surge in discussions is a meaningful signal even if widespread operational deployment has not yet arrived. “The conversations we are seeing today resemble the early stages of most cybercrime-as-a-service markets, where experimentation and tool building eventually led to highly scalable criminal ecosystems,” Gray said.
Threat actors are exploring systems that can scrape data about targets, generate tailored phishing lures, test stolen credentials across multiple services, and adjust tactics based on failed attempts without human input. Building those systems into a coherent operational workflow remains constrained by reliability and integration challenges, Gray noted, because coordinating multiple attack stages requires stitching together tools that were not originally designed to function as a single automated process. Many actors are still working with modular components.
“AI is accelerating the speed and scale at which existing tactics can be executed,” Gray said.
Defenders are also creating new exposure by connecting AI tools into production environments faster than they can assess the downstream risks. APIs, plugins, identity services, and internal tools are being integrated in ways that expand attack surface. Many of those connections were not designed with adversarial pressure in mind.
Specific attack techniques now targeting AI workflows include slopsquatting, where fake software packages are created to trick AI coding assistants into recommending malware; steganographic prompting, where hidden instructions are embedded into an AI model to override normal behavior; and AI sidebar spoofing, where fake assistant interfaces redirect users to malicious destinations.
The Langflow vulnerability was exploited within days of discovery to build the Flodrix Botnet, targeting users of a platform built for constructing AI-powered agents. Separately, self-replicating supply chain attacks called Shai-Hulud targeted the npm ecosystem.
Stolen credentials are now the primary entry point
Infostealers infected 11.1 million machines in 2025, producing a stockpile of 3.3 billion stolen credentials, session cookies, cloud tokens, and personal records traded openly on illicit forums and marketplaces.
The top five most active infostealers by infected hosts were Lumma, Acreed, Rhadamanthys, Vidar, and StealC. India, Brazil, Indonesia, Vietnam, the Philippines, and the United States were the six most affected countries.
Attackers are using stolen session cookies to authenticate as legitimate users, bypassing traditional perimeter defenses without needing to escalate privileges or deploy additional malware. The attack surface now includes employee browsers, personal devices, SaaS platforms, and third-party vendor access.
The infostealer market went through significant disruption following law enforcement action against Lumma in May 2025. Authorities seized 2,500 domains, wiped centralized servers, and later doxxed Lumma’s administrators in August 2025. Rhadamanthys was taken down in November 2025. In the resulting vacuum, Vidar and Rhadamanthys gained market share throughout 2025. By January 2026, Vidar 2.0 was the most widely used infostealer among threat actors.
If paired with an agentic AI system, stolen credentials could be tested against thousands of endpoints simultaneously, including corporate VPNs, SaaS providers, and cloud services, at a speed and scale that outpaces conventional detection.
Vulnerability windows are shrinking
Flashpoint catalogued 44,509 vulnerability disclosures in 2025, a 12% increase year over year. Of those, 466 were confirmed as exploited in the wild. Nearly 33%, or 14,593 vulnerabilities, had publicly available exploit code.
Mass exploitation of vulnerabilities like Citrix Bleed 2 and React2Shell occurred within hours of discovery, prompting CISA to issue a one-day remediation deadline.
The CVE program’s contract was set to expire in March 2026, adding systemic risk for organizations that rely on the National Vulnerability Database as their primary source of vulnerability intelligence. Gray described what a disruption would mean in practice for a mid-sized organization without a supplemental vendor: visibility gaps where newly disclosed vulnerabilities go undetected until they are actively exploited; prioritization failure when teams lack enrichment data such as exploit availability or ransomware likelihood and are forced to treat thousands of disclosures with equal urgency; and longer exposure windows as remediation slows and attackers have more time to weaponize newly disclosed flaws.
“If the primary public reference system for tracking those vulnerabilities becomes unstable or unavailable, organizations that rely on it exclusively would be forced into a far more manual and fragmented process, exactly at a time when attackers are weaponizing vulnerabilities faster than ever,” Gray said.
Ransomware groups are targeting people, not just systems
Ransomware attacks increased 53% year over year in 2025, with 8,835 total attacks recorded. RaaS groups were responsible for more than 87% of those attacks. The United States accounted for approximately 53% of named victim organizations, driven by the perceived value of U.S. data and a demonstrated pattern of ransom payment.
The top RaaS groups by attack volume in 2025 were Qilin at 1,213 attacks, Akira at 1,044, Clop at 529, Safepay Ransomware at 452, and Play at 395. Manufacturing was the most targeted industry with 1,564 attacks, followed by technology at 987 and healthcare at 905.
Groups have moved toward pure extortion models that rely on social engineering. Access is gained through trusted relationships: help desks, third-party vendors, identity systems, and employees under pressure.
Insider recruitment has become a documented tactic. Flashpoint recorded 91,321 instances of insider recruiting, advertising, and related discussions in 2025. Telecom accounted for 42% of insider-targeted posts by industry, followed by retail at 23.1% and financial services at 15%. Documented incidents include military contractors bribed to share confidential information, North Korean actors posing as employees, and an insider at a cybersecurity organization who shared internal dashboard screenshots with the Scattered Lapsus$ Hunters group.
Gray said recruitment posts on criminal forums often function like job listings, with threat actors specifying the type of access they want, such as VPN credentials, help-desk tools, cloud administration panels, or corporate dashboards, and naming the industries or regions they are targeting. Recruitment can begin with broad public solicitation in criminal communities or move selectively, with actors approaching individuals directly via encrypted messaging platforms or social media.
Gray pointed to several detectable signals: external inquiries about internal systems such as help-desk processes or identity management platforms, behavioral anomalies tied to legitimate accounts attempting access outside their normal role or geographic pattern, and recruitment posts on illicit forums that reference specific industries or technologies. “These posts often include surprisingly detailed criteria about the types of systems attackers want access to,” Gray said.
“The broader shift we’re observing is that ransomware groups are moving toward identity-driven extortion models, where attacks begin with legitimate access,” Gray said. “That trend reflects the reality that in many cases, it is faster to recruit an insider or co-opt an unwitting person with administrative privileges than to bypass a mature security stack.”
What organizations are being advised to do
Across all four threat categories, the report points toward the same set of operational gaps: overreliance on static intelligence feeds, insufficient visibility into illicit markets, and security architectures that were not built to account for the speed of automated attacks.
For ransomware defense, organizations are advised to monitor for compromised credentials, track dark web mentions of their supply chains and partners, and conduct regular tabletop exercises and extortion playbook reviews.
For vulnerability management, teams are urged to move beyond CVE-only programs and add enrichment that includes exploit maturity, ransomware likelihood scoring, and MITRE ATT&CK mapping.
For infostealer defense, raw logs require parsing and enrichment before they produce actionable intelligence. Generic feeds provide insufficient context about inflection points, intent, and scope.
For AI-related threats, the organizations that perform best will be those that use automation as support for human-led analysis.
Webinar: The True State of Security 2026
