AI-Powered Cyber Threats Reshape the Security Landscape The rapid adoption of artificial intelligence (AI) has escalated cyber threats, enabling more sophisticated, automated, and damaging attacks. According to the Global Cybersecurity Outlook 2026 from the World Economic Forum, AI has introduced new attack vectors, increasing both the frequency and severity of cyber incidents. A stark example emerged in April when Anthropic opted not to publicly release its Claude Mythos large language model after tests revealed thousands of critical vulnerabilities in major operating systems and browsers. Instead, the company launched Project Glasswing, restricting Mythos to vetted partners like Apple, Microsoft, and Cisco to develop defensive measures against potential misuse by threat actors. ### Rising Risks and Financial Fallout Corporate concerns over cyber risk are intensifying. The Bank of England’s Systemic Risk Report for late 2025 found that 86% of companies ranked cyber risk among their top five threats up from 72% earlier in the year. A Proofpoint survey of 1,600 CISOs revealed that 66% experienced material data losses in the past year, a jump from 46% in 2024. In India, 99% of CISOs reported system compromises in the last 12 months. The financial toll is staggering. Cybercrime costs reached $10.5 trillion in 2025, with projections hitting $15.6 trillion by 2029. Ransomware payments surged, with the median demand increasing 368% between 2025 and 2026 to nearly $60,000. Despite stagnant ransom payments post-2023, the number of reported attacks continued to climb. ### Key Vulnerabilities: Identity, Supply Chains, and Human Error Cyber threats exploit three primary weaknesses: 1. Legitimate Identity Abuse – CrowdStrike’s 2026 Global Threat Report found that 82% of intrusions involved no malware, instead relying on stolen credentials or trusted systems to blend into normal activity. 2. Supply Chain and Third-Party Risks – The Verizon Data Breach Investigations Report 2025 noted that 30% of breaches involved third parties, double the previous year’s rate. High-profile incidents, like the 2020 SolarWinds attack, demonstrated how compromised software updates can create widespread backdoors. 3. Internet-Facing Systems – Exploits of public-facing applications rose 44% in a year, with 40% of initial breaches originating from such systems. Many vulnerabilities required no authentication, making them prime targets. Human error remains a persistent weak point. The Verizon report found that 60% of breaches involved human factors, from phishing to poor digital hygiene. Remote work has further complicated security, with 40% of UK workers operating in hybrid or fully remote setups, expanding attack surfaces beyond traditional firewalls. ### AI’s Dual Role: Accelerating Attacks and Defenses AI has lowered the barrier for cybercriminals, enabling faster, more automated attacks. CrowdStrike reported an 89% year-over-year increase in AI-driven adversary activity, with average eCrime breakout times dropping to 29 minutes (down from 98 minutes in 2020). Some intrusions achieved data exfiltration in just four minutes. AI also aids defenders. Anthropic’s Mythos, though withheld from public release, helps vetted partners identify and patch vulnerabilities. However, the cat-and-mouse dynamic persists Sumsub’s CTO warned of potential gaps where new fraud techniques temporarily outpace detection systems. ### Notable Incidents and Lessons - Marks & Spencer (April 2025) – A breach by the hacking group Scattered Spider cost the retailer £300 million in lost profits and £600 million in market value. The attack reportedly exploited IT help desk workers through social engineering. - ByBit (February 2025) – A supply-chain compromise led to $1.5 billion in stolen cryptocurrency after North Korean attackers distributed trojanized software. - CrowdStrike Outage (2024) – A faulty software update caused the largest global IT disruption to date, affecting 8.5 million Windows systems across airlines, hospitals, and governments highlighting the risks of over-reliance on single vendors. ### Emerging Threats and Defensive Shifts AI-generated deepfakes and synthetic identities are becoming more convincing, with Sumsub noting that LLMs can now fabricate entire identities for verification bypass. Meanwhile, state-sponsored actors, like North Korea’s operatives, have used fake job applications to infiltrate Western companies. To counter these threats, experts emphasize: - Zero-trust architecture – Treating identity systems as critical infrastructure. - Supply chain scrutiny – Contracts with third parties must include breach notifications, AI usage disclosures, and liability clauses. - AI-driven defenses – Leveraging AI for vulnerability detection while maintaining human oversight to avoid over-reliance on automated systems. As AI continues to reshape cyber warfare, organizations must prioritize speed, resilience, and foundational security balancing innovation with the risks of an increasingly interconnected digital landscape.

In 2025, North Korean state-sponsored hackers executed a sophisticated cyber attack on Bybit, a major cryptocurrency exchange, resulting in the theft of $1.46 billion in digital assets—the largest single incident in a year where over $2 billion was stolen from crypto platforms. The attack leveraged social engineering tactics, including impersonating recruiters, investors, and fake video calls to deploy malware, compromising both individual high-net-worth targets and organizational systems. The stolen funds are suspected to be funneling into North Korea’s nuclear and missile programs, exacerbating geopolitical tensions. Beyond financial losses, the breach undermined trust in crypto security, exposing vulnerabilities in human-centric defenses rather than technical flaws. The attack’s scale and attribution to a nation-state actor (Lazarus Group) highlight its strategic intent, extending beyond financial gain to fund illicit military ambitions, thereby posing a broader threat to global economic stability and cybersecurity infrastructure.

In February 2025, Bybit, a major cryptocurrency exchange, suffered a catastrophic breach attributed to North Korean state-sponsored hackers (likely the Lazarus Group), resulting in the theft of $1.46 billion in digital assets—the largest single crypto-heist of the year. This incident was part of a broader campaign where North Korean actors stole an estimated $2 billion in 2025 alone, tripling the previous year’s total. The stolen funds are reportedly funneled into North Korea’s nuclear weapons program, as confirmed by the UN and government agencies. The attack leveraged advanced social engineering tactics, targeting exchange employees and high-net-worth individuals rather than exploiting technical vulnerabilities in DeFi protocols. The hackers employed sophisticated laundering methods, including cross-chain transfers, mixing services, and obscure blockchains, to obfuscate the stolen assets. Despite these evasion tactics, blockchain forensics firms like Elliptic traced portions of the funds, though the full extent of the damage remains partially unreported due to underreporting and attribution challenges. The breach underscores the escalating threat of state-sponsored cybercrime in funding illicit regimes, with cryptocurrency exchanges remaining prime targets for high-impact financial theft.

North Korea-backed threat actors executed a sophisticated cyber attack on Bybit, a major cryptocurrency exchange, in February 2025, stealing $1.46 billion in digital assets—the largest single theft of the year. This incident was part of a broader campaign where Pyongyang-linked hackers amassed over $2 billion in 2025 alone, primarily through social engineering attacks targeting exchanges and high-net-worth individuals. The stolen funds are allegedly funneled into North Korea’s missile and nuclear weapons programs, exacerbating geopolitical tensions. The attack underscores a shift from exploiting technical vulnerabilities to manipulating human behavior, highlighting systemic weaknesses in cryptocurrency security. Additionally, the laundering of proceeds involved complex, resource-intensive techniques to obscure transaction trails, leveraging blockchain’s pseudo-anonymity despite its inherent transparency. The breach not only inflicted massive financial damage on Bybit but also contributed to a triple-fold increase in annual crypto thefts compared to 2024, with over 30 additional hacks attributed to the same actors.