KELA REPORT
2026 AI Threat Landscape:
Offensive AI Has Gone Autonomous
From assistant to operator — the agentic shift already rewriting the threat landscape

In 2026, AI stopped waiting for instructions.
Autonomous, goal-directed agents now run intrusions end to end — finding vulnerabilities, writing exploits, hijacking sessions, and moving laterally at machine speed. Drawing on KELA’s dark-web and infostealer telemetry, this report maps how this transition is already operational across the threat ecosystem, and what defending against it now requires.
Key Report Highlights:
- Commoditized offensive AI: threat actors pivoting from gated frontier models to self-hosted, under-aligned open-source LLMs (DeepSeek, Qwen, Kimi), lowering the barrier to machine-speed intrusion.
- Autonomous Vulnerability Discovery & Exploitation (AVDE): the vulnerability-to-exploit window compressing from months to minutes.
- Vibe Hacking: attackers reframing malicious goals as routine tasks to turn AI agents into confused deputies.
- The cognitive layer under attack: infostealers now harvesting local AI memory files, prompt libraries, and chat histories — not just credentials – with more than 1 million machines infected in 2026 so far.
- AI session hijacking: 49,700+ active AI-platform session cookies observed on dark-web markets, bypassing MFA entirely.
- Defending the agentic era: the behavioral “tells” of machine-speed attacks and the controls that contain them.