The industrialization of cybercrime, which began in the 1990s, has evolved into a highly efficient business model. Today, cybercriminals leverage artificial intelligence, automation, and seamless data sharing to achieve greater speed, scale, and success in their attacks. FortiGuard's latest Global Threat Landscape Report, drawing on telemetry from millions of sensors worldwide, reveals a threat landscape where attackers operate at machine speed, with time-to-exploit shrinking from days to mere hours.

"Malicious actors are beginning to leverage agentic AI to execute more sophisticated attacks," warns Derek Manky, Chief Security Strategist at FortiGuard Labs. This shift is fueled by a suite of AI-enabled malicious tools available on underground markets. Tools like WormGPT and FraudGPT allow attackers to craft compelling phishing campaigns without guardrails, generating malicious code and conducting social engineering at scale. Others, such as HexStrike AI and APEX AI, automate reconnaissance, attack-path generation, and even simulate advanced persistent threat (APT) tactics, enabling end-to-end compromise paths up to payload deployment. BruteForceAI, a pentesting tool repurposed for attacks, identifies login forms and executes multi-threaded attacks with human-like behavior.

These tools do not create new vulnerabilities but significantly reduce the time required to exploit existing ones. Combined with automation that scans for weaknesses using commercial tools like Qualys, Nmap, and Nessus, attackers can rapidly map the global attack surface. Underground markets further streamline the business by offering databases, credentials, and validated access paths. Infostealers like RedLine, Lumma, and Vidar harvest sensitive data, which access brokers then sell—corporate VPNs and RDP access being the most frequently advertised.

The report notes that in 2025, 656 vulnerabilities were actively discussed on the darknet, with over half having publicly available proof-of-concept exploit code. "CVEs become 'industrial' when they are sufficiently packaged with scripts, modules, guides, and operational playbooks, so exploitation can run as a repeatable loop," the report states. This packaging has collapsed the time-to-exploit. "Not long ago, time-to-exploit averaged nearly a week. That window has now collapsed to 24 to 48 hours for most critical vulnerabilities, and in some cases, exploitation begins within hours," says Douglas Santos, director of advanced threat intelligence at FortiGuard. He adds, "As AI accelerates reconnaissance, weaponization, and execution, it’s only a matter of time before 'hours or even minutes, not days' becomes the norm."

Ransomware remains the most monetizable attack type, with 7,831 confirmed victims globally in 2025. The most active groups were Qilin, Akira, and Safepay, targeting primarily the United States (3,381 victims), Canada, and Europe. The global attack surface, the report warns, "is already mapped, continuously refreshed, and maintained in an operational readiness state."

To counter this industrialized threat, defenders must adopt similar AI and automation capabilities. FortiGuard recommends prioritizing identity-centric detection, exposure reduction, and automation to match attacker speed. The firm has engaged in international disruption efforts, including INTERPOL operations and the Cybercrime Atlas initiative with the World Economic Forum, to level the playing field.

AI-Powered Polymorphic Phishing

One of the most concerning developments is the rise of AI-powered polymorphic phishing. Unlike traditional phishing, which uses static templates, polymorphic phishing leverages generative AI to create unique, context-aware messages for each target. These messages can bypass traditional spam filters and security awareness training by adapting language, tone, and structure based on the victim's online footprint. For example, an attacker might scrape a target's LinkedIn profile and craft a spear-phishing email referencing a recent project or mutual connection. AI tools like WormGPT can generate hundreds of variants per minute, making detection and response far more challenging.

Agentic AI in Cyberattacks

Agentic AI represents the next frontier, where autonomous agents plan and execute attacks with minimal human intervention. These agents can conduct reconnaissance, identify vulnerabilities, chain exploits, and deploy payloads automatically. The report highlights tools like APEX AI that simulate full kill chains, from open-source intelligence gathering to lateral movement. This reduces the skill barrier for entry-level criminals while enabling advanced groups to scale up operations. The shift from human-driven to AI-driven attack processes means defenders must now face adversaries that never sleep and can adapt in real time.

Defending Against Industrialized Threats

Traditional perimeter-based defenses are no longer sufficient. Organizations must embrace zero-trust architectures, continuous monitoring, and automated response systems. Machine learning algorithms can analyze network traffic for anomalies, while AI-driven endpoint detection and response (EDR) tools can identify and contain threats before they spread. The report emphasizes exposure reduction—closing known vulnerabilities, limiting access privileges, and hardening VPN and RDP configurations. Identity-centric detection, which focuses on user behavior rather than just network traffic, can help catch credential misuse early. Automation of incident response playbooks ensures that security teams can react at machine speed, containing breaches in minutes rather than hours or days.

The fight against industrial cybercrime is a global effort. FortiGuard's participation in initiatives like the Cyber Threat Alliance and the Cybercrime Bounty program with Crime Stoppers International demonstrates the importance of collaboration. Sharing threat intelligence across sectors and borders allows defenders to stay ahead of emerging tactics, techniques, and procedures.

As cybercriminals continue to industrialize, the only viable defense is to match their speed, scale, and efficiency with AI-driven security operations. The era of manual patching and reactive incident response is over. Organizations must adopt proactive, automated defenses that learn and adapt as fast as the threats they face.

Source: SecurityWeek News