- Flashpoint warns of AI-driven “era of total convergence” in cybercrime
- 1,500% Increase in Illegal AI Discussions, 3.3B Credentials Stolen by 2025
- Ransomware is shifting to insider-enabled, identity-focused attacks
Cybercrime has entered the “era of total convergence”, where everything from reconnaissance, phishing generation to credential testing and infrastructure rotation is done through agentic AI frameworks without any human control, exoerts has warned.
The 2026 Global Threat Intelligence Report (GTIG) by security researchers Flashpoint noted that this “high-velocity threat engine” lowers the barrier to entry and accelerates threats, forcing defenders to adapt or face the consequences.
According to the report, there are four converging forces currently reshaping the global threat landscape: autonomous systems that can execute end-to-end attacks at machine speed, identities as primary exploitation vectors, vulnerabilities that are exploited within hours rather than days, and ransomware shifting towards identity-driven and insider-enabled models.
The article continues below
Log in instead of breaking in
Flashpoint bases these conclusions on proprietary data that has apparently identified a 1,500% increase in AI-related illegal discussions between November and December 2025, rising from around 360,000 to more than six million.
At the same time, the company observed 11.1 million devices infected with infostealers in 2025, stealing approximately 3.3 billion credentials and cloud tokens.
It says that hackers are no longer interested in “breaking in” as much as they are interested in “logging in”. “The reality of identity data and the potential for its automation necessitates a shift in how organizations must view their attack surface,” the researchers said. “Infostealers have shown that it is no longer limited to corporate infrastructure; it now includes employee browsers, personal devices, SaaS platforms and third-party access.”
The researchers also said that the window between vulnerability disclosure and exploitation is “disappearing”, as they observe several powerful vulnerabilities being mass exploited “within hours of disclosure”.
Finally, ransomware incidents increased by 53% in 2025, with RaaS groups responsible for more than 87% of attacks. But instead of relying solely on encryption payloads, they are now recruiting malicious insiders, abusing authorized access, and exploiting credential theft.
To stay secure, organizations should focus on ensuring they patch their vulnerabilities as quickly as possible, Flashpoint said in the report. They should also focus on monitoring stolen credentials and compromised endpoints, strengthening identity security, and combining automated detection with human-driven threat intelligence to identify emerging risks early.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
