2026年趋势科技安全预测：网络威胁的AI化

CONTENTS AI APTs Enterprise Cloud Ransomware Vulnerabilities Conclusion References As we enter 2026, the cybersecurity landscape is being reshaped by the convergence ofAI, automation, interconnected systems, and large-scale operations. The tools, tactics,and procedures that once required coordinated human effort can now be executed AI has become a critical component of many core business workflows across industries.But while enterprises have been busy integrating AI into their systems for productivity,threat actors have been doing the same, but for malicious activities. What beganas simple automation to assist with phishing and basic intrusion tasks has evolved At the same time, the growing complexity of enterprise systems and the pace oftechnological change are amplifying existing risks. Modern organizations depend ona web of digital platforms, third-party services, and interconnected supply chains thatextend well beyond their direct control. A single weak link — be it a misconfigured In 2026, the threat landscape will be defined not only by what attackers do but also byhow efficiently they can scale and adapt their operations.Enterprises will need to shiftfrom reactive defense to anticipatory resilience, embedding security into every stage ofAI adoption and automation. The winners of this new era will be those who can innovate In this report, we explore how cyberthreats are transforming across key attack surfaces,from the escalation of advanced persistent threats (APTs) and the continued evolutionof ransomware to increasingly targeted supply chain compromises and cloud-native AI •AI will become both a transformative force and a top attack vector, driving fullyautonomous, adaptive, and scalable threats across digital and physical systems. •Agentic AI will act with growing autonomy, executing multi-step operations andinteracting with real systems, turning compromised agents into operational attack •The growth of vibe coding will accelerate innovation while simultaneously increasingthe risk of unsecure code in organizations that do not implement proper review •AI-powered deception will reach new heights as deepfakes, hallucinations, andautomated social engineering campaigns erode trust and overwhelm traditional APTs •Emerging collaboration models will enable APTs to share access, infrastructure, andpayloads, obscuring attribution and accelerating global operations.•Supply chain and insider threats will converge as state-sponsored operativesinfiltrate vendors and enterprises, embedding malicious code or exploiting privilegedaccess from within.•AI-driven tactics will bypass traditional defenses, while compromised pipelines andopen-source repositories will become key attack vectors. •Geopolitical tensions will drive targeted attacks against critical infrastructure,defense, and strategic industries, heightening risks of espionage, disruption, and Enterprise •Legacy systems, outdated software, and hidden IT debt will remain major enterpriserisks, providing attackers with persistent entry points beyond the reach of moderndefenses. •Identity-based and trust-driven attacks will surge as AI automates phishing, sessionhijacking, and social engineering, making deception more convincing and detection •AI-driven agents and generative scams will outpace traditional identity and accessmanagement (IAM) and phishing defenses, potentially exposing organizations to •The line between human and machine insiders will blur as compromised employees,AI agents, and third-party tools alike become vectors for espionage, data theft, and Cloud •Cloud environments will remain prime targets as adoption continues to grow, withattackers exploiting high-value workloads, operational dependencies, and hybrid •Cloud-native phishing campaigns — blending email, SMS, voice, and AI-driven tactics— will become more sophisticated, targeting users and organizations. •Misconfigurations, overprivileged credentials, exposed APIs, and unsecurecontainers will remain primary attack vectors, enabling lateral movement, data •Multi-cloud and hybrid setups will introduce new blind spots, while GPU-based cloud Ransomware •Ransomware will evolve into AI-driven, fully automated operations that scan, exploit,and extort with minimal human input. •Attackers will shift from pure encryption to intelligent data exploitation, using AI to •Supply chains, open-source components, and AI-integrated workflows will becomekey entry points, allowing ransomware to infiltrate trusted systems while blending •Increasing automation and ransomware-as-a-service (RaaS) tools will democratizeattacks, enabling even low-skill actors to launch complex, adaptive campaigns. Vulnerabilities •AI will accelerate both the discovery and exploitation of zero-day vulnerabilities,enabling faster reconnaissance, automated exploitation, and broader attack reach.•New risks will emerge from AI-enabled environments, including prompt injectionattacks, model backdoors, a