Over the past year, the main topic at the intersection of AI and cybersecurity has been speed. While speed is important, it is not the biggest change in today’s threat landscape. Threat actors, from nation-states to cybercrime groups, now use AI to plan, refine, and maintain their cyberattacks. Their goals remain the same, but the pace, repetition, and scale of AI-powered attacks raise the stakes.
Still, just like defenders, most attackers today have a human involved, not fully autonomous AI running the show. AI is making every stage of the attack process easier, helping attackers research faster, write more convincing vectors, create malware, and sort through stolen data. Security leaders I met at RSAC 2026 this week are now shifting their resources and strategies to stay ahead of these changes.
The Operational Reality: Embedded, Not Emerging
The scale of current threats is too big to ignore. VC activity in every region. The United States accounts for almost 25% of what we have, with the United Kingdom, Israel, and Germany following. The volume reflects real economic and geopolitical factors.
The major shift isn’t location but attackers’ methods; they use AI throughout their processfrom information gathering to malware development and post-breach actions. Stealing credentials, making money, or spying remain the aims, but attacks are now more precise, persistent, and larger in scale.
Email Is Still the Fastest Inroad
Email is still the quickest and most affordable way for attackers to get in. What’s different now is how much better AI makes the messages that trick people into clicking.
With AI in phishing campaigns, click-through rates have jumped to 54% from about 12% with older methods, resulting in a 450% boost in effectiveness. Not because there are more emails, but because the messages are more precise. AI helps attackers fine-tune content and adjust messages for certain roles, making it easier to trick people. When this improved targeting is paired with tools that implement multi-factor authentication (MFA), phishing becomes more resilient, more focused, and much harder to stop on a large scale.
A450% jump in click-through rates redefines organizational risk, showing that AI enables not just more but better attacks.
Tycoon2FA: What Industrial Scale Cybercrime Looks Like
Tycoon 2FA shows how the group we call Storm-1747 has become more refined and resilient. Learning how this operation worked helps us see where threats are going. It also sparked discussions at RSSC 2026 about the broader ecosystem rather than just individual attackers.
Typhoon 2FA was not a phishing kit; it was a subscription platform that generated tens of millions of phishing emails per month. It was linked to nearly 100,000compromised organizations since 2023. At its peak, it accounted for roughly 62% of all phishing incidents Microsoft blocked each month. This operation specializes in adversary-in-the-middle attacks aimed at defeating MFA. It intercepted credentials and session tokens in real time, allowing attackers to authenticate as legitimate users without triggering alerts even after passwords were reset.
However, the bigger shift is in group organization. Storm 1747 used specialized services for fishing templates, infrastructure, and email sending. Access, sales, and creating an assembly-line–like approach to identity theft. Services could be mixed, scaled, and subscribed to as needed.
This model has shifted the conversation. It’s no longer about one skilled attacker but about an entire ecosystem that makes access easier for anyone who joins in. That’s what AI is doing across the threat landscape giving advanced tools to everyone. Key takeaway: AI-driven ecosystems democratize attack capabilities for all threat actors.
Disruption: Closing the Threat Intelligence Loop
Earlier this month, our digital crimes unit, working with Europol and industry partners, took down Tycoon 2FA and seized 330 domains. But the real goal wasn’t just to remove websites; it was to put pressure on the supply chain. Today’s cybercrime relies on scalable service models that make it easier for more people to get involved. Identity is the main target, and bypassing MFA is now a standard feature. Shutting down one service forces attackers to adapt, and ongoing pressure breaks up their ecosystem. By hitting the financial side of a tax, we can change the landscape. Key takeaway: Disruption efforts should target criminal supply chains to reduce future risk.
Every time we disrupt an attack, it generates a signal. The signal feeds intelligence. Each time we stop an attack, we get new information. The information enhances our intelligence, improving our detection. Better detection leads to faster responses. This is how we turn attacker actions into stronger defenses and how our efforts add up over time. Microsoft stands out because we can observe, act, and share intelligence at scale and we have a significant impact when we put it into practice. AI doesn’t appear in just one phase of an attack; it spans the entire life cycle. At RCC 2026, this week, I offered a frame to help defenders rank their response:
- In reconnaissance, AI accelerates infrastructure discovery and persona development, compressing the time between target selection and first contact.
- In resource development, AI generates forged documents, polishes, social engineering, narratives, and supports infrastructure at scale.
- For initial access, AI refines voice-overlays, deepfakes, and message customization using scraped data, producing lures that are increasingly difficult to distinguish from authentic communications.
- In persistence and evasion, AI scales fake identities and automates communication, preserving the attacker’s presence while blending into normal activity.
- In weaponization, AI enables malware development, payload regeneration, and real-time debugging, producing tooling that adapts to the victim’s environment rather than relying on static signatures.
- In post-compromise operations, AI adapts tooling to the specific victim environment and, in some cases, automates ransom negotiation.
The goals remain: Dash stealing credentials, making money, and spying. What’s new is the pace and scale. Column attackers repeat and improve. Test and refine much more quickly. AI isn’t just enabling faster attacks; it’s making them better.
What Comes Next
During my sessions at RSSC 2026 this week, I discussed several key themes. That shows how AI is changing the threat landscape, a threat model. The scenarios we prepare for have changed. The barrier to launching sophisticated attacks has collapsed. What once required the resources of a nation-state or well-organized criminal enterprise is now available to a motivated individual with the right tools and the patience to use them. The techniques have not fundamentally changed; the precision, velocity, and volume have.
The second theme is the software supply chain. It’s not only about compliance, you need to know what software and agents you have and how they behave. The agent ecosystem will soon be the most targeted part of any business. If organizations can’t answer basic questions about their software, they won’t be able to protect it.
The third theme highlights the value of human talent in security operations using agency systems at scale. The traditional security analyst role is shifting from practitioner to orchestrator; talent models must catch up, and technology now helps prevent errors. Auditability of agent decisions is a governance standard, not just a goal. The future security operations center needs different defenders.
Now is the time to guide with a clear strategy, set priorities, and build stronger accountability for agentic systems.
If AI is present throughout the attack life cycle, our intelligence and defenses must be there too. Microsoft threat intelligence will continue to track, share, and act on what we see in real time. The patterns are clear, and the intelligence is available. Key takeaway: Ongoing monitoring and response are essential in the AI-driven threat landscape.
To find out more about Microsoft security solutions, visit our website. You can also bookmark our security blog for security expert updates and follow us on LinkedIn (Microsoft Security) and X (@MSFTsecurity) for the latest cybersecurity news.
Source: Threat actor abuse of AI accelerates from tool to cyberattack surface
