In a world filled with automated systems, intelligent data learning by computers (Machine Learning), and universal technologies like AI (Artificial Intelligence) that can mimic human intelligence, solve problems, learn, and even make decisions,
these advancements come with risks as cybercriminals increasingly use AI's intelligence to deceive and attack victims rapidly and more effectively with new methods.
Examples include Deepfake technology that creates highly realistic fake videos and audio; hackers using Generative AI to develop malware that constantly changes its code, making traditional antivirus detection difficult; AI guessing passwords and breaching security systems to analyze victim behavior for faster password discovery; and AI-generated phishing emails that are credible and automatically customized per victim, increasing success rates while reducing attack costs (data from SiriSoft).
The 2026 Cyber Threat Forecast report by FortiGuard Labs, analyzing technology, economic, and human behavior factors, predicts a major shift in 2026 where cybercrime gangs will evolve into an industry with organized management, specialized expertise, and AI as a weapon.
Cybercriminals will spend less time inventing new tricks and more time automating proven techniques. AI will conduct reconnaissance, speed up intrusions, analyze stolen data, and generate ransom negotiation messages. Automated cybercrime agents operating on the Dark Web will perform complete attacks without human control.
These changes exponentially increase attackers' capabilities. Previously, ransomware affiliates had limited operational time, but soon they will run dozens of campaigns simultaneously. Also, the time from intrusion to damage will shrink from days to minutes. This increased speed raises risks for victims, making speed a critical risk factor for organizations in 2026.
FortiGuard Labs anticipates seeing specialized AI agents designed for cybercrime gangs that automate key attack phases, improving efficiency in credential theft, lateral movement within networks, and monetizing stolen data.
AI also accelerates converting stolen data into money. Once attackers access a stolen database, AI tools immediately analyze and prioritize victims to identify the most profitable targets and create personalized ransom threat messages, enabling faster monetization than ever before.
The underground economy will become more structured, with tailored botnet rental services and targeted stolen personal data sales. Enhanced data value and automation will allow data sellers to offer highly specific packages designed for particular industries and regions, replacing generic underground market offerings. The dark market will adopt customer service concepts, including trust scoring and automated transaction intermediaries. These innovations will accelerate cybercrime's evolution into a fully-fledged industry.
Managing non-human attackers (Non-Human Identities) will be crucial to preventing widespread attacks and data leaks. As cybercrime industrializes, increased global cooperation and coordination will be necessary.
Dr. Supakorn Kangpisdan, Country Manager for Thailand and Laos at Fortinet, commented that the study clearly shows cybercrime will no longer be opportunistic but will evolve into an industrial system operating like a machine. Automation, specialized expertise, and AI will assist every attack cycle, shortening the time from breach to damage.
Cybersecurity will thus become a competition between systems rather than individuals. It is essential for relevant agencies to centralize and share threat intelligence, continuously monitor, anticipate attacker behavior in advance, and respond in real time. Humans and technology must collaborate efficiently and adapt continuously.
Follow economic and government policy information with ThairathMoney athttps://www.thairath.co.th/money/economics/thailand_econ
Follow the Facebook page: Thairath Money at this linkhttps://www.facebook.com/ThairathMoney