Identity and social engineering scams have been a time-honored way to gain unauthorized access to systems. Cybercriminals typically use email to trick users into clicking links, opening malicious attachments, or revealing their bank account details, online passwords, or other vital information over the phone.
Now add AI into the mix.
The crooks are using AI to find weaknesses and vulnerabilities at light speed and to fine-tune and automate email campaigns based on real-time success metrics. On the other hand, cybersecurity vendors and in-house security teams are harnessing AI to bolster their defenses, detect intrusions in real time, and contain damage.
While the contest rages across the enterprise and consumer landscape, consulting firm PWC has revealed in its “Annual Threat Dynamics 2026: Cyber threats in motion” report that edge devices have emerged as a hot spot in this struggle.
Threat actors are using AI to identify exploitable areas on edge devices as a way into corporate networks. By targeting those devices, they set off fewer red flags than when they directly attack enterprise systems or users.
“The cyber threat landscape has shifted into high gear, with identity-centric attacks taking pole position as adversaries choose to log in rather than break in,” Kris McConkey, Global Threat Intelligence lead partner at PwC, said in the report. “Threat actors across a wide range of motivations have found new ways to accelerate through the blind corners of edge devices, supply chains, and cloud ecosystems.”
Record levels of ransomware
In the past month, I’ve personally come across two small-business associates who have been held to ransom — their systems were shut down during the attack.
Both operate beyond the IT field, implying that attackers are using AI to comb further afield for likely candidates. PwC notes record levels of ransomware. Adversaries are fluidly “navigating identity, cloud, edge, and application layers with unprecedented precision,” according to McConkey.
AI has accelerated the pace and expanded the range of attack vectors being exploited at warp speed. Cybercriminals are finding it easier to log in to systems rather than break in, exploiting credentials and session tokens and subverting federated access as the best way to circumvent traditional perimeter defenses.
“Social engineering is evolving in sophistication, with AI-generated deepfakes, IT helpdesk impersonation, stolen identities for illicit remote worker operations, and multi-stage phishing campaigns targeting human and machine identities alike,” said McConkey. “A single compromised identity is capable of unlocking cascading access across entire environments.”
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
Fighting back
What is to be done in response to this new wave of AI exploitation?
PwC recommends adopting zero-trust architectures and adding security safeguards wherever organizations institute automated, agentic AI workflows. Identity governance, in particular, should be regarded as a strategic priority and fully supported from the top.
In tandem, cybersecurity tools should be beefed up, and personnel should be trained in agentic AI defense and offense. After all, the bad guys can now weaponize exploits in seconds and unleash autonomous AI agents to carry out the dirty work.
These cybercrime agents are capable of executing complex, multi-vector attack sequences. Cybersecurity teams need to match their AI capabilities and remain constantly alert for the first signs of a breach.
“AI represents the single greatest opportunity for defenders to match the pace, enabling faster detection, automated containment, and intelligence-led decision-making at scale,” said McConkey.
If AI can be programmed to anticipate cyber-defense responses and outpace traditional detection and response models as it targets high-value data, those within the enterprise should reciprocate – investing in AI-enhanced defenses that can spot those with a financial motive, as well as geopolitical actors and corporate spies.
“Financial crime, insider threats, digital-to-physical security concerns, and supply chain compromise are converging into a single pressure point, with threat actors simultaneously targeting executives, developers, vendors, hiring processes, and financial workflows from multiple angles,” said McConkey.
“In an identity-driven, AI-accelerated threat landscape, resilience belongs to organizations that govern identity at speed, validate trust continuously, and treat cyber risk as inseparable from business and geopolitical strategy.”
Also read: Google’s Chrome 149 security update fixes 18 browser vulnerabilities, including critical flaws in WebGL, Autofill, and Blink.