The industrialization of cybercrime has reached a new peak, driven by the integration of artificial intelligence and automation. The traditional boundaries between nation-state attacks and criminal operations are blurring as malicious actors adopt business-like efficiency. This shift is not merely a trend but a fundamental transformation in how attacks are conceived, executed, and scaled.

Historically, cybercrime was the domain of individual hackers or small groups operating with limited resources. The 1990s saw the rise of organized crime in the digital space, but the tools were rudimentary. Today, AI has become the force multiplier that enables even low-skill actors to launch sophisticated campaigns. Tools such as WormGPT and FraudGPT, which are unconstrained by ethical safeguards, allow attackers to craft convincing phishing emails, generate malicious code, and conduct social engineering at a scale previously unimaginable.

The report from FortiGuard Labs highlights that the time-to-exploit for critical vulnerabilities has collapsed from nearly a week to 24–48 hours, and in some cases, exploitation begins within hours of public disclosure. This acceleration is directly attributable to AI-powered reconnaissance and weaponization. Attackers now use automated scanners like Qualys, Nmap, and Nessus to identify vulnerable systems, and then deploy exploit kits that can be tailored on the fly.

The Role of Agentic AI

Agentic AI represents the next evolution, where AI systems can autonomously plan and execute multi-step attacks. FortiGuard's chief security strategist, Derek Manky, notes that malicious actors are beginning to leverage this technology for more sophisticated operations. Tools like HexStrike AI provide automated reconnaissance, attack-path generation, and malicious content creation, while APEX AI simulates advanced persistent threat (APT)-style attacks with automated OSINT and kill-chain generation.

BruteForceAI is another example, designed to identify login form selectors and execute multi-threaded attacks with human-like behavior patterns. These tools do not create new vulnerabilities but drastically reduce the time required to exploit existing ones. The cumulative effect is an ongoing collapse of predictive security, as defenders struggle to keep pace with the speed of AI-driven attacks.

The Underground Supply Chain

Cybercriminals have also perfected the art of data sharing. Underground markets are flooded with databases, credentials, and validated access paths. Infostealers like RedLine, Lumma, and Vidar are the primary tools for harvesting this data, which is then sold by access brokers. The most frequently advertised access types include corporate VPNs and RDP connections, giving buyers direct entry into target networks.

In 2025, 656 vulnerabilities were actively discussed on the darknet, with 52.44% having publicly available proof-of-concept exploit code. This industrial approach means that CVEs are packaged with scripts, modules, and operational playbooks, allowing exploitation to be run as a repeatable loop rather than a bespoke intrusion. The efficiency gains are staggering, enabling even amateur criminals to execute complex attacks with minimal effort.

Ransomware and the Monetization Machine

Ransomware remains the most lucrative form of cybercrime, with 7,831 confirmed victims globally in 2025. The top three groups—Qilin, Akira, and Safepay—account for a significant portion of attacks. The United States is the most targeted geography, with 3,381 victims, followed by Canada and Europe. The ease of monetization, combined with the availability of ransomware-as-a-service (RaaS), has made this the crime of choice for many.

FortiGuard emphasizes that the global attack surface is already mapped and continuously refreshed. Attackers maintain an operational readiness state, meaning they can strike at any moment with minimal notice. This is a direct result of the industrialization process, where intelligence gathering and exploitation are handled by different specialists in a supply chain model.

To counter this threat, defenders must adopt a similar mindset. Speed is of the essence: detection and response times need to match the machine-speed operations of attackers. AI-powered security tools are no longer optional but essential. FortiGuard recommends prioritizing identity-centric detection, exposure reduction, and automation. Organizations should also invest in AI-based threat intelligence platforms that can analyze vast amounts of data in real time.

International cooperation is also critical. FortiGuard has been involved in several disruption efforts, including INTERPOL's Serengeti 2.0 and Operation Red Card 2.0, as well as initiatives with the World Economic Forum and Cyber Threat Alliance. A new Cybercrime Bounty program, launched with Crime Stoppers International, aims to incentivize reporting of malicious activity.

The trajectory is clear: as AI continues to evolve, the gap between attack and defense will narrow only if defenders embrace similar technological advances. The era of industrial cybercrime is here, and the only way to survive is to fight fire with fire.

Source: SecurityWeek News