- Flashpoint warns of AI-driven “era of total convergence” in cybercrime
- 1,500% surge in illicit AI discussions, 3.3B credentials stolen in 2025
- Ransomware shifting to insider-enabled, identity-focused attacks
Cybercrime has entered the “era of total convergence”, where everything from reconnaissance, phishing generation, to credential testing and infrastructure rotation is being done through agentic AI frameworks without any human control, exoerts have warned.
The 2026 Global Threat Intelligence Report (GTIG) by security researchers Flashpoint noted this “high-velocity threat engine” lowers the barrier to entry and speeds up threats, forcing defenders to adapt or face the consequences.
As per the report, there are four converging forces that are currently reshaping the global threat landscape: autonomous systems that can execute end-to-end attacks at machine speed, identities as primary exploit vectors, vulnerabilities being exploited within hours, rather than days, and ransomware shifting towards identity-driven and insider-enabled models.
Article continues belowLogging in instead of breaking in
Flashpoint bases these conclusions on proprietary data, having apparently identified a 1,500% rise in AI-related illicit discussions between November and December 2025, rising from roughly 360,000, to more than six million.
At the same time, the company observed 11.1 million devices infected with infostealers in 2025, stealing approximately 3.3 billion credentials and cloud tokens.
It says that hackers are no longer interested in “breaking in” as much as they’re interested in “logging in”. “The reality of identity data and the potential for its automation necessitates a shift in how organizations must view their attack surface,” the researchers said. “Infostealers have shown that it is no longer limited to corporate infrastructure; it now includes employee browsers, personal devices, SaaS platforms, and third-party access.”
The researchers also said the window between vulnerability disclosure and exploitation is “vanishing”, as they observe several high-impact vulnerabilities being mass-exploited “within hours of disclosure”.
Finally, ransomware incidents rose by 53% in 2025, with RaaS groups responsible for more than 87% of attacks. But instead of relying solely on encryption payloads, they are now recruiting malicious insiders, abusing authorized access, and leveraging credential theft.
To stay safe, organizations should focus on making sure they patch their vulnerabilities as soon as possible, Flashpoint said in the report. They should also focus on monitoring for stolen credentials and compromised endpoints, strengthening identity security, and combining automated detection with human-led threat intelligence to identify emerging risks early.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.