Fortinet’s 2026 Global Threat Landscape Report Exposes Surge in AI-Enabled Cybercrime

Fortinet’s latest report highlights a significant shift in the cybercrime landscape, revealing that malicious actors are increasingly leveraging AI-driven tools and sophisticated attack ecosystems. This evolution in tactics compels organizations to reassess their security frameworks and governance strategies in the face of modern digital threats.

The 2026 Global Threat Landscape Report from FortiGuard Labs provides an in-depth analysis of the threat landscape as observed in 2025. This annual report, based exclusively on telemetry data from FortiGuard Labs, offers a comprehensive overview of the tactics employed in cyberattacks, aligning with the MITRE ATT&CK framework.

The Evolving Nature of Cybercrime

The findings indicate that cybercrime is no longer a series of isolated incidents but rather a cohesive system. Cybercriminals are now operating within an end-to-end lifecycle, utilizing shadow agents to compress the attack timeline significantly. This systemic approach allows for more coordinated and rapid attacks, posing a substantial challenge for cybersecurity professionals.

Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence at Fortinet FortiGuard Labs, emphasized the urgency of adapting to these changes. He stated that as cybercriminals harness AI to enhance their strategies, defenders must evolve their cybersecurity operations into an industrialized defense model. This includes adopting AI-enabled tools capable of responding at the same speed as emerging threats.

Key Findings on Attack Techniques and Targeted Sectors

The report outlines several critical insights regarding the current threat landscape:

• Velocity Defines Risk: The time-to-exploit (TTE) for critical vulnerabilities has drastically decreased, now ranging from 24 to 48 hours. This marks a significant reduction from previous reports, which indicated a TTE of approximately 4.76 days.
• Real-World Impact: The report notes that exploitation attempts often occur within hours of a vulnerability’s public disclosure, underscoring the urgency for organizations to act swiftly.
• Ransomware Victims on the Rise: FortiRecon’s intelligence identified 7,831 confirmed ransomware victims globally, a staggering increase from the 1,600 victims reported in the 2025 report. The availability of crime service kits, such as WormGPT, FraudGPT, and BruteForceAI, has contributed to this 389% year-over-year increase. The manufacturing, business services, and retail sectors are among the most targeted, with the United States, Canada, and Germany experiencing the highest concentrations of attacks.
• Identity Sprawl and Cloud Exposure: FortiCNAPP intelligence reveals that most cloud incidents in 2025 stemmed from stolen, exposed, or misused credentials rather than direct infrastructure exploitation. Hospitals, physician clinics, and retail establishments have emerged as prime targets due to their large identity populations and complex cloud integrations.

The report also highlights the emergence of semi-autonomous cybercriminal enterprises, supported by shadow agents, access brokers, and botnet operators who provide on-demand services.

Insights into AI-Enabled Cybercrime

The report provides additional insights into the tools and techniques employed by modern cybercriminals:

• Shadow Agents: These entities reduce the skill requirements for operators while enhancing workflow efficiency. FortiRecon has detected AI-enabled offensive tools being marketed as services, including advanced versions of WormGPT and FraudGPT, as well as new offerings like HexStrike AI, which automates reconnaissance and attack path generation.
• Efficiency Gains: Telemetry data indicates a 22% decrease in brute force attempts year-over-year, suggesting that cybercriminals are becoming more selective and efficient in their attacks. This shift translates to approximately 67.65 billion brute force events globally, with 185 million attempts occurring daily.
• Shift in Data Theft: The report notes a 500% increase in logs from systems compromised by infostealer malware in 2025, with an additional 79% increase observed in 2026. The focus has shifted toward stealing comprehensive datasets, facilitated by Agentic AI. Stealer logs now dominate dark web activity, comprising 67.12% of shared datasets.
• Persistence of Credential-Stealer Malware: Credential-stealer malware remains a significant threat, with RedLine, Lumma, and Vidar being the most prevalent variants.

Disrupting Cybercriminal Ecosystems

Fortinet is actively engaged in efforts to disrupt cybercrime through threat intelligence sharing and collaborative initiatives. A notable example is Operation Red Card 2.0, a joint effort with INTERPOL and the World Economic Forum Cybercrime Atlas, which successfully dismantled a cybercriminal network involved in online scams and fraud in Africa.

As a founding member of the Cybercrime Atlas, Fortinet utilizes open-source intelligence to map cybercriminal networks and identify vulnerabilities. This collaboration supports joint operations with law enforcement to combat cyber threats effectively.

The 2026 Global Threat Landscape Report underscores the critical need for incentivizing the disruption of cybercrime. To empower defenders, Fortinet and Crime Stoppers International have launched the Cybercrime Bounty program, providing a secure and anonymous channel for individuals to report cyber threats.

FortiGuard Outbreak Alerts serve as a vital resource, offering real-time information about ongoing cybersecurity incidents and their potential impacts on organizations. In the event of an attack, FortiGuard Labs is prepared to deliver swift responses and thorough forensic analyses to mitigate damage and prevent future breaches.

For further insights into the evolving landscape of cyber threats, visit the source: www.intelligentciso.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.