您的浏览器禁用了JavaScript(一种计算机语言,用以实现您与网页的交互),请解除该禁用,或者联系我们。 [KELA]:2026年年中AI威胁态势报告 - 发现报告

2026年年中AI威胁态势报告

信息技术 2026-07-06 - KELA 爱吃胡萝卜的猫 
报告封面

July 2026 Table of contents Executive Summary..................................................................................................................................3The Agentic Shift and Machine-Speed Exploitation...........................................................................5Introduction: The Commoditization of the Agentic Threat.................................................................................. 5Technical Foundations of Autonomous Vulnerability Discovery & Exploitation (AVDE)..................9Agentic Cyber Espionage: Subversion and Autonomous Execution...........................................................10AI-Driven Execution Across the Attack Chain............................................................................................................... 11The Dual Threat of AI Manipulation: Vibe Hacking vs. AI-Enhanced Social Engineering........... 12Attacking the AI: The Rise of “Vibe Hacking”................................................................................................................. 13The Insider AI Threat (Inter-Agent Trust Exploitation).......................................................................................... 20The Infostealer Evolution: Harvesting the Agentic Plaintext Layer................................................ 22Threat Actor Chatter and Observed Cybercrime Activity................................................................................. 23AI Session Hijacking: The High-Leverage Entry Point.............................................................................................24Cognitive Context Theft - The Rise of Local AI Memories...................................................................................30Darknet Data Lake Insights: Tracking the Autonomous Underground.........................................39Active Reconnaissance & Surface Mapping...............................................................................................................39Enterprise Defense: Hardening for the Agentic Era.......................................................................... 43The Imperative of CTI-Driven Posture Hardening................................................................................................... 43Threat Detection: Identifying the "Tells" of Agentic Execution......................................................................... 43Strategic Hardening & Architectural Containment............................................................................................... 44 Executive Summary The Commoditization of the Agentic Threat The year 2026 marks a structural inflection point in the cyber threat landscape, driven by therapid commoditization of open-source agentic AI within the cybercriminal underground. Whileproprietary frontier models initiated this paradigm shift - most notably Anthropic's ClaudeMythos, which pioneered Autonomous Vulnerability Discovery and Exploitation (AVDE), and itsequivalent,OpenAI's GPT-5.5-Cyber-the immediate,operational threat originates fromopen-sourcealternatives.Threat actors are aggressively adopting decentralized,locallyhosted models (such as Qwen, DeepSeek, and Kimi) because they lack safety guardrails andcan be modified to bypass censorship. This accessibility enables AI systems to autonomouslyexecute complex, multi-stage operations, reducing the vulnerability-to-exploit timeline frommonths or years to mere hours. The Dual Threat Landscape & The Underground Economy The cybercriminal underground has heavily commoditized AI, bypassing the restrictions ofcommercialplatforms.ThreatactorsarecommercializingAIthroughadvancedPhishing-as-a-Serviceplatforms(such as Bluekit)and automated deepfake bot tools.Ransomware groups, like "TheGentlemen," are actively integrating permissive, under-aligned AImodels into their workflows for script development, log analysis, and extortion negotiations. Tofurtheraccelerate these operations and find vulnerable targets,attackers are deployingautomatedreconnaissance platforms,such as MONST3R,to systematically scan for andharvest exposed AI infrastructure and API keys. Cognitive Context Theft and Infostealer Evolution As AI adoption accelerates, infostealer malware has evolved to target the "cognitive layer" of AIinteractions. Infostealers actively exfiltrate local AI memory files (e.g., MEMORY.md), promptlibraries,and cached chat histories,exposing highly sensitive business logic.This threatoperates at a massive scale, with KELA observing over 1 million unique machines infectedgloballybetween January 1 and May 1,2026,accompanied by a sharp surge in macOStargeting that resulted in over 7,140 compromised macOS endpoints. The Trust Collapse The traditional “Trust by Default” security model has become a critical liability as adversariesincreasinglyweaponize identity infrastructure and internal agentic workflows.AttackersmanipulateAI agents through"Vibe Hacking,"coercing systems into