A new threat intelligence report from Flashpoint finds a 1,500 percent rise in AI-related illicit discussions between November and December 2025, signaling a rapid transition from criminal curiosity to the active development of malicious frameworks.
At the same time identity has become the exploit of choice, the report observes over 11.1 million machines infected with infostealers in 2025, fueling a massive inventory of 3.3 billion stolen credentials and cloud tokens.
Artificial intelligence is acting as a force multiplier, amplifying the scale and potency of nearly every component of the threat landscape. From information-stealing malware to vulnerabilities and ransomware, Flashpoint is observing threat actors improve their processes and expand their capabilities via generative AI and malicious LLMs.
“In 2026, cybercrime has reached a point of total convergence, where the silos that once separated malware, identity, and infrastructure have collapsed into a single, high-velocity threat engine — that agentic AI is rapidly transforming from human-led campaigns to machine-speed operations,” says Josh Lefkowitz, Flashpoint co-founder and CEO. “As attackers automate exploitation of identity, vulnerabilities, and ransomware, defenders who rely on fragmented visibility will fall behind. To keep pace, organizations must ground their decisions in primary-source intelligence that is drawn from adversarial environments, so that decision-makers can get ahead of this accelerating threat cycle”
Among other findings vulnerability disclosures surged by 12 percent in 2025, with one in three vulnerabilities having publicly available exploit code. The strategic gap between discovery and weaponization is increasingly vanishing, as evidenced by mass exploitation of zero-day vulnerabilities in as little as 24 hours after discovery.
“With one-third of all vulnerabilities having publicly available exploits, with some being weaponized within hours of discovery, the strategic gap between a patch release and a potential breach is rapidly closing. In this high-velocity environment, success is not measured by the volume of data collected, but by the speed at which intelligence is converted into a proactive defense,” says Ian Gray, Flashpoint VP of Cyber Threat Intelligence Operations.
The pattern of ransomware attacks has shifted too. As technical defenses against encryption harden, ransomware groups are pivoting to the path of least resistance: human trust. This approach has led to a 53 percent increase in ransomware, with RaaS groups being responsible for over 87 percent of all ransomware attacks.
You can read more and get the full report on the Flashpoint blog.
Image credit: DenisSmile/depositphotos.com
