Fortinet Predicts Autonomous AI-Driven Cyberattacks to Surge by 2026

Global cybersecurity leader Fortinet has projected a significant escalation in cyberattacks by 2026, driven by autonomous artificial intelligence (AI) systems that can infiltrate networks, exfiltrate data, and deploy ransomware independently of human direction.

According to Fortinet’s 2026 Cyberthreat Predictions Report, these AI-driven threat agents will evolve well beyond the initial AI crime models such as FraudGPT and WormGPT observed in underground forums during 2025.

The report emphasizes that "velocity now defines risk," noting that threat actors, empowered by automation, can conduct operations on a scale and pace unattainable by defenders. This shift marks a new era where AI-enabled cybercrime agents will autonomously conduct phases of attacks including credential theft, phishing, reconnaissance, and lateral movement.

These sophisticated AI systems enable even low-skilled criminals to launch complex campaigns, while seasoned cybercriminals are expected to expand their campaigns across thousands of targets simultaneously. Industries heavily dependent on interconnected infrastructures, including healthcare, manufacturing, utilities, and cloud services, are poised to face heightened risk.

The document highlights the increasing infiltration of ransomware groups into operational technology (OT) environments where cybercrime now intersects with data theft and disruption. In healthcare, for instance, attack timelines may shrink to moments, potentially crippling critical services or exposing confidential patient information.

Generative AI also poses a new threat vector by accelerating extortion efforts; once databases are stolen, AI can swiftly analyze vast datasets to identify valuable targets, prioritize victims, and craft highly personalized ransom communications.

This report is part of FortiGuard Labs’ global assessment of how technological advancements, economic factors, and behavioral shifts contribute to evolving cyber risks worldwide. Many trends initially forecasted for 2025, including AI-enhanced phishing, expansion of Crime-as-a-Service platforms, and rapid ransomware proliferation, have materialized sooner than anticipated, ushering in what Fortinet describes as an “industrial age” of cybercrime.

Looking ahead to 2027, the global cost of cybercrime is expected to surpass $23 trillion, driven by industrialized ransomware operations, automated fraud networks, and the convergence of traditional and cybercriminal syndicates, according to data cited from the World Economic Forum.

To counteract these accelerated threats, Fortinet recommends that organizations adopt integrated defense strategies combining threat intelligence, continuous vulnerability assessment, and automated incident response to maintain real-time awareness and swift containment across both network and cloud environments.

Identity management is anticipated to become the cornerstone of cybersecurity efforts, as automation and AI increase the number of machine identities such as bots and cloud processes. The report warns that a single compromised account, whether human or machine, could grant attackers extensive access, underscoring the importance of enforcing strict, time-bound access controls coupled with continuous monitoring.

Additional insights include a predicted surge in insider recruitment tactics, with adversaries resorting to bribery and coercion, and the expansion of dark web marketplaces that mimic legitimate e-commerce models.

Ultimately, Fortinet stresses that the principal challenge for organizations in 2026 will not be identifying isolated attacks but keeping pace with adversaries operating at machine speed within automated, large-scale attack ecosystems. Success will depend on effectively integrating human expertise with rapid, AI-driven mechanisms to anticipate, detect, and mitigate threats before they escalate.