The report warns that AI-related threats such as model poisoning are likely to become more widespread and severe, particularly as organisations rush to adopt AI technologies without adequate safeguards. While defenders are incorporating AI into security systems, attackers are doing the same—using the technology to launch automated, adaptive assaults capable of rewriting their own code to evade detection.

Titled “Cyber Risk – Global: 2026 Outlook – Cyber threats will intensify as AI tools proliferate,” the report identifies the rise of adaptive malware as the defining cyber threat of 2026. Unlike traditional malicious software, these AI-native threats can assess a target’s defensive environment in real time.

When confronted with firewalls or detection systems, such malware can autonomously modify its source code on the fly to bypass security signatures. This capability allows attackers to execute the entire attack lifecycle—from initial breach to data exfiltration—at speeds that make human intervention virtually impossible.

The report also highlights the growing use of agentic AI systems, which function as independent operators capable of conducting multi-channel social-engineering campaigns. These systems can simultaneously target senior executives through deepfake video calls while sending highly personalised, context-aware phishing messages to IT administrators across multiple platforms—without any human direction.

Reacting to the findings, Neehar Pathare, MD, CEO and CIO of 63SATS Cybertech Limited, said that cyber threats have now evolved beyond isolated data breaches into systemic economic risks.

“In 2026, we are no longer fighting hackers; we are fighting autonomous, AI-driven systems that execute attacks at speeds no human can match. Machine-speed attacks, economic fragility and the end of reactive security define today’s systemic cyber risks,” Pathare said.

Addressing these vulnerabilities, he pointed to new-age tools such as CYBX, the company’s B2C cybersecurity super app. “We built CYBX to move beyond merely ‘patching holes’. Our platform uses proactive intelligence to alert users to threats before they materialise. By combining real-time monitoring with automated intervention, we help users shift from basic protection to true digital resilience,” he added.

On cloud infrastructure fragility, Moody’s cited major outages at AWS and Azure in late 2025, noting that these incidents exposed the risks of cloud concentration. According to the report, a single-day outage can cost customers up to 1% of their annual revenue, prompting organisations to adopt multi-regional and hybrid architectures to avoid operational collapse.

The report also referenced the $1.46-billion Ethereum-related crypto breach, highlighting a surge in cryptocurrency theft as attackers increasingly move “off-chain” to target asset management systems rather than blockchain protocols. The breach refers to a North Korea-linked hack on crypto exchange Bybit in February 2025, which drained nearly half of its reserves and triggered a bank-run-like crisis that forced the platform to seek emergency funding.

In the Decentralised Finance (DeFi) sector, Moody’s flagged a significant security vacuum, noting that nearly 90% of value lost stems from unaudited code launched without formal reviews. In DeFi ecosystems, even minor coding flaws in self-executing smart contracts can lead to catastrophic and irreversible losses due to the absence of a central authority.

The report presents a mixed picture on ransomware trends. While 44% of ransomware attempts in 2025 were detected and stopped before encryption—up from 27% in 2024—large enterprises remain prime targets. Organisations with 3,000–5,000 employees still experienced encryption in 65% of attacks, largely due to network complexity and higher ransom-paying capacity.

Mid-sized firms, employing between 1,001 and 3,000 people, appear to occupy a “sweet spot”: large enough to deploy advanced cyber defences, yet not so complex as to impede rapid detection and response. Meanwhile, extortion-only attacks doubled in 2025, accounting for around 6% of incidents.

Moody’s concludes that cyber threats will intensify further in 2026 as AI tools proliferate, while also warning of regulatory gridlock. With attackers exploiting vulnerabilities faster than regulators can close gaps across jurisdictions, the challenge lies in achieving regulatory harmonisation that strengthens resilience rather than diluting it. Duplicate audits and redundant compliance requirements, the report notes, often divert critical resources away from actual defence and toward paperwork.