Autonomous AI systems to drive cyberattacks in 2026, says Fortinet report

Global cybersecurity firm Fortinet warned that cyberattacks in 2026 may be executed by autonomous artificial intelligence (AI) systems capable of infiltrating networks, stealing data, and deploying ransomware without human oversight.

In its 2026 Cyberthreat Predictions Report, the firm said these AI-powered systems will extend far beyond the early FraudGPT, WormGPT, and similar models observed on underground forums in 2025.

“Velocity now defines risk. Attackers are no longer limited by human capability. Automation allows them to operate on a scale and speed that defenders cannot match,” the report said.

It also warned that purpose-built AI cybercrime agents will emerge as the defining threat in 2026.

These agents can perform major stages of intrusion, including credential theft, phishing, reconnaissance, and lateral movement entirely on their own, allowing even low-skilled attackers to run sophisticated campaigns.

Experienced threat actors, meanwhile, are likely to scale their operations across thousands of targets simultaneously.

Sectors that rely heavily on interconnected systems, such as healthcare, manufacturing, utilities, and cloud-dependent industries, are seen as the most vulnerable.

The report noted that ransomware groups have already begun extending operations into operational technology environments, where data theft, disruption, and extortion increasingly converge.

In healthcare, attackers could paralyze operations or expose sensitive patient data within minutes. The report also said that generative AI will accelerate extortion campaigns. Once attackers obtain stolen databases, AI models can analyze massive volumes of information in minutes, identify high-value assets, prioritize victims, and generate personalized ransom messages.

The report is part of FortiGuard Labs’ global outlook on how technology, economics, and behaviors shape cyber risk worldwide.

Many of the trends initially predicted for 2025, including AI-assisted phishing, the expansion of Crime-as-a-Service platforms, and rapid ransomware franchising, have materialized faster than expected, entering what the report describes as an “industrial age.”

In 2027, the global cost of cybercrime is projected to exceed US $23 trillion, driven by industrialized ransomware operations, automated fraud networks, and the merging of traditional crime with cyber syndicates, the report said, citing the World Economic Forum.

To defend against fast cyberattacks, the report urged organizations to adopt a strategy that unifies threat intelligence, vulnerability monitoring, and automated incident response.
This approach provides real-time visibility and rapid containment across networks and cloud environments.

Identity is also expected to become the “operational backbone” of cybersecurity next year.

As organizations use more automation and AI, the number of machine identities such as bots and cloud processes will increase.

The report warned that if even one human or machine account is compromised, attackers could quickly access large amounts of data, urging the need for strict, time-limited access and continuous monitoring of account activity.

Other key findings of the report include a rise in insider recruitment, with attackers bribing or coercing employees, and the growth of dark web marketplaces that operate like legitimate e-commerce sites.

The report said that the defining challenge for organizations is no longer detecting or blocking individual attacks, but instead on how to keep pace with adversaries operating as automated, large-scale ecosystems.

Success in 2026, it said, will depend on how effectively organizations combine human judgment with machine-speed operations to anticipate, detect, and contain threats before they escalate. — Edg Adrian A. Eva