CYBERCRIME is evolving into an industrialised, high-speed operation, driven by artificial intelligence (AI), automation, and increasingly sophisticated underground markets, according to Fortinet’s 2026 Cyberthreat Predictions Report released today.
The FortiGuard Labs analysis warns that the defining factor for both attackers and defenders in the coming year will be throughput — the speed at which intelligence can be transformed into action — rather than purely innovative methods.
Fortinet’s report reveals that AI and automation will allow cybercriminals to scale successful techniques instead of inventing new ones, while autonomous agents on the dark web execute attack stages with minimal human supervision.
“Attackers will spend less time inventing tools and more time refining automated techniques,” the report notes. A ransomware affiliate that previously handled a handful of campaigns could soon launch dozens simultaneously, reducing the time between intrusion and impact from days to minutes, creating unprecedented urgency for organisations worldwide.
The report forecasts the rise of specialised AI agents designed to support criminal activity, automating key stages such as credential theft, lateral movement, and data monetisation.
AI will also accelerate exploitation, instantly analysing stolen databases, identifying high-value targets, and generating personalised extortion demands.
Cybercrime marketplaces are expected to become increasingly structured, offering highly customised access packages with industry, geography, and system-specific filters, complete with reputation scoring, customer support, and automated escrow — signalling a full industrialisation of criminal operations.
Fortinet urges defenders to respond with equal velocity, implementing machine-speed defence to compress threat detection, validation, and containment from hours to minutes.
Frameworks like continuous threat exposure management (CTEM) and MITRE ATT&CK will enable rapid mapping of active threats and prioritisation of mitigation measures.
The report highlights the growing importance of identity security, including the authentication of non-human actors such as AI processes and machine-to-machine systems, to prevent large-scale privilege escalation and data exposure.
As cybercrime industrialises, coordinated global action is essential. Fortinet cited initiatives such as INTERPOL’s Operation Serengeti 2.0 and the Fortinet–Crime Stoppers International Cybercrime Bounty programme as examples of collaborative intelligence-sharing and targeted disruption strategies.
The report also emphasises investment in youth intervention programmes to prevent at-risk populations from entering cybercriminal networks.
By 2027, FortiGuard Labs predicts cybercrime will operate at a scale comparable to legitimate industries, with agentic AI enabling semi-autonomous swarm attacks and increasingly complex supply-chain intrusions targeting AI and embedded systems.
“Velocity and scale will define the decade,” the report concludes, noting that organisations integrating intelligence, automation, and human expertise into a single adaptive system will be best positioned to withstand escalating threats.
Fortinet Vice-President for Marketing & Communications, Asia & ANZ Rashish Pandey (pic) said today: “The findings clearly show that cybercrime is no longer an opportunistic activity, it is an industrialised system operating at machine speed.
“The road ahead will be shaped by how quickly defenders can adapt. Cybersecurity has become a race of systems, not individuals, and organisations will need integrated intelligence, continuous validation, and real-time response to stay ahead of adversaries who measure success by throughput, not novelty.”
Meanwhile, Fortinet Malaysia Country Manager Kevin Wong added: “Static configurations and periodic assessments cannot keep pace with attackers who automate reconnaissance, privilege escalation, and extortion in minutes.
He said organisations need a unified, adaptive security posture that integrates threat intelligence, exposure management, and incident response into a continuous, AI-enabled workflow.
H expressed that At Fortinet, their focus is to help customers act at the same speed as threats and strengthen their ability to contain attacks before disruption occurs. - December 9, 2025
.jpg)
