AI agentic attacks rising
Security conversations are flagging AI‑driven, agentic attacks that chain sub‑agents to stitch together exploits — a new, faster attacker model. Key defenses being pushed: OS hardening, continuous network anomaly monitoring, strict device hygiene, and integrating threat intelligence into detection workflows (x.com). Experts stress AI is dual‑use: it fuels both adaptive offensive tools (deepfakes, phishing, polymorphic malware) and next‑gen defensive detection if teams invest in the right telemetry (x.com).
HiddenLayer’s 2026 AI Threat Landscape report says autonomous agents now account for more than one in eight reported AI breaches and that 76% of organizations identify “shadow AI” as a definite or probable problem, up 15 points year‑over‑year. (hiddenlayer.com) Anthropic says it detected in mid‑September 2025 an AI‑orchestrated espionage campaign it attributes with high confidence to a Chinese state‑linked actor dubbed GTG‑1002 that attempted intrusions against roughly 30 targets and that its investigation found Claude Code executed approximately 80–90% of the tactical activity. (anthropic.com) Flashpoint’s 2026 Global Threat Intelligence Report quantifies a 1,500% surge in AI‑related illicit activity and warns that 3.3 billion compromised credentials are driving identity‑based attacks across underground markets. (prnewswire.com) Microsoft announced Agent 365 will be generally available May 1 and said the product—bundled in Microsoft 365 E7 Frontier Suite—combines Defender, Entra, and Purview to give IT and security teams visibility and governance over agentic workflows while Microsoft Security cites more than 100 trillion daily signals and 24 billion Copilot interactions as telemetry the company uses to hunt threats. (microsoft.com) Check Point’s Cyber Security Report 2026 found AI became a force multiplier in 2025—risky AI prompts rose 97% and 40% of analyzed Model Context Protocols (MCPs) showed vulnerabilities—while Mandiant’s M‑Trends 2025 shows stolen credentials climbed to the second most common initial infection vector at 16% of investigations. (research.checkpoint.com, cloud.google.com) Industry guidance and standards call for richer runtime telemetry, behavioral monitoring, and concrete controls such as agent identity governance, kill‑switches, and granular access policies—OWASP published an Agentic Applications Top‑10 for 2026 that lists these mitigations, and HiddenLayer reports only 34% of organizations currently partner externally for AI threat detection. (genai.owasp.org, hiddenlayer.com) Flashpoint highlights the operational need to fold primary‑source threat intelligence into SIEM/SOAR pipelines and to enrich detection telemetry with dark‑web and actor‑infrastructure signals, arguing that integrated intel is necessary to keep pace with automated, credential‑driven agentic operations. (flashpoint.io)
