Trend Micro expects cybercriminals to use fully automated attacks, powered by AI agents, by 2026.
The time for new year’s lists and predictions is slowly drawing to a close. Security company Trend Micro predicts that by 2026, cybercrime will no longer be a human act, but a self-sustaining automated system. Thanks to artificial intelligence and automation, attackers can carry out entire campaigns without human intervention. From reconnaissance to extortion: everything proceeds automatically and at scale.
AI Makes Cyberattacks Faster and more Complex
Among other things, the cybersecurity specialist observes how generative AI and so-called agentic systems are fundamentally changing the cybercrime business model. Polymorphic malware that rewrites itself, social engineering based on deepfakes, and automated extortion bots are becoming common tools. At the same time, organizations risk compromised AI models, synthetic code, and infected modules within legitimate software processes.
The main targets in 2026 are hybrid cloud environments, software supply chains, and AI infrastructures. Trend Micro warns against the increasing use of compromised open-source packages, malicious container images, and cloud identities with excessive privileges.
AI agents are not the only ones dominating the prediction. According to Trend Micro, nation-state actors are already switching to ‘harvest-now, decrypt-later’ strategies. Encrypted data is collected in anticipation of the arrival of quantum technology to decrypt it later.
Ransomware Becomes an Autonomous Ecosystem
Ransomware continues to evolve, developing into a self-governing ecosystem. These attacks identify their victims, exploit vulnerabilities, and conduct negotiations via automated systems. Such campaigns will be faster, harder to trace, and more persistent. Instead of merely encrypting, the focus is more on data theft and extortion.
Trend Micro advises organizations to shift their focus from reactive defense to proactive resilience. This involves embedding security into every layer of AI applications, cloud management, and the supply chain. According to the report, companies that handle AI ethically, apply adaptive defense, and maintain human oversight are better prepared for tomorrow’s threats.