In 2026, cybercriminals will focus extensively on autonomous, AI-driven attacks. Trend Micro warns of this in its annual Security Predictions Report, which outlines a further industrialization of cybercrime.
According to Trend Micro researchers, cybercrime is shifting towards fully automated chains. Artificial intelligence and agent systems conduct entire campaigns, from reconnaissance and infiltration to extortion. Human intervention becomes more limited, while speed and scale increase. Security teams must therefore adapt not only to new attack techniques but also to the pace at which they succeed each other.
AI automates criminal chain
The report describes how generative AI and autonomous agents are changing the economy of cybercrime. Attacks adapt in real-time, malware continuously rewrites its own code, and deepfake-driven social engineering becomes standard.
The same automation also threatens the software chain. Organizations risk an influx of synthetic code, poisoned AI models, and vulnerable modules hidden in legitimate development and deployment workflows. This makes it harder to clearly distinguish between legitimate innovation and abuse.
read also
Fortinet expects record peak in online fraud during the holidays
According to the researchers, ransomware is evolving into a self-driving ecosystem. AI systems independently search for vulnerable targets, exploit weaknesses, and even negotiate via automated extortion bots. Campaigns thus become faster, harder to trace, and more data-driven.
New targets
Hybrid cloud environments, software supply chains, and AI infrastructures are considered primary targets in 2026. Common attack vectors include poisoned open-source packages, malicious container images, and overprivileged cloud identities. State-sponsored groups are reportedly more often employing a ‘harvest now, decrypt later’ strategy in anticipation of future breakthroughs in quantum computing.
Trend Micro advises organizations to evolve from reactive defense to proactive resilience. Security must be present at every layer of AI implementations, cloud activities, and supply chains.