KELA REPORT / 2026 FIFA World Cup: Threats & Predictions

Read more

Resource

KELA REPORT

2026 AI Threat Landscape:
Offensive AI Has Gone Autonomous

 

From assistant to operator — the agentic shift already rewriting the threat landscape

In 2026, AI stopped waiting for instructions.
Autonomous, goal-directed agents now run intrusions end to end — finding vulnerabilities, writing exploits, hijacking sessions, and moving laterally at machine speed. Drawing on KELA’s dark-web and infostealer telemetry, this report maps how this transition is already operational across the threat ecosystem, and what defending against it now requires.

 

 

Key Report Highlights:

  • Commoditized offensive AI: threat actors pivoting from gated frontier models to self-hosted, under-aligned open-source LLMs (DeepSeek, Qwen, Kimi), lowering the barrier to machine-speed intrusion.
  • Autonomous Vulnerability Discovery & Exploitation (AVDE): the vulnerability-to-exploit window compressing from months to minutes.
  • Vibe Hacking: attackers reframing malicious goals as routine tasks to turn AI agents into confused deputies.
  • The cognitive layer under attack: infostealers now harvesting local AI memory files, prompt libraries, and chat histories — not just credentials – with more than 1 million machines infected in 2026 so far.
  • AI session hijacking: 49,700+ active AI-platform session cookies observed on dark-web markets, bypassing MFA entirely.
  • Defending the agentic era: the behavioral “tells” of machine-speed attacks and the controls that contain them.

 

Download the Report