CYBERCRIME is set to accelerate into a fully industrialized sector by 2026 as attackers harness artificial intelligence, automation and a mature underground economy to launch faster and more coordinated attacks, cybersecurity firm Fortinet said.
In its 2026 Cyberthreat Predictions Report, FortiGuard Labs said next year will mark a shift from innovation to “throughput,” with both attackers and defenders competing on how quickly intelligence can be turned into action.
Fortinet said artificial intelligence (AI)-driven automation will make intrusions faster and easier, reducing the need for criminals to develop new tools. Instead, cybercrime groups are expected to refine and automate techniques that already work, allowing ransomware affiliates to run dozens of simultaneous campaigns and compress the time between breach and impact from days to minutes.
The firm expects the emergence of specialized AI agents that will assist in credential theft, lateral movement and data monetization. These systems will also sort through stolen databases instantly to identify high-value victims and generate personalized extortion messages, speeding up the conversion of data into profit.
A more structured underground market is also expected to take shape, with tailored botnet rentals, credential marketplaces and data-enrichment services replacing today’s generic access bundles.
Black-market platforms will increasingly adopt customer service, reputation scoring and automated escrow, accelerating cybercrime’s evolution into a global industry.
On the defensive side, security operations will need to move toward “machine-speed defense,” FortiGuard Labs said. This will require continuous intelligence, rapid validation and real-time containment that narrows detection and response windows from hours to minutes. Frameworks such as continuous threat exposure management and MITRE ATT&CK will become critical for mapping active threats and prioritizing remediation.
Identity management will also expand beyond people to include automated agents, AI processes and machine-to-machine interactions. Failure to secure these non-human identities, the report warned, could lead to large-scale privilege escalation and data leaks.
Fortinet said tackling industrialized cybercrime will require coordinated global efforts. It cited Interpol’s Operation Serengeti 2.0 and the Fortinet–Crime Stoppers International cybercrime bounty program as examples of initiatives that combine intelligence sharing, public reporting and targeted disruption.
The company also highlighted the need for education and deterrence programs aimed at young people who are increasingly being recruited into online crime.
By 2027, cybercrime could operate at a scale comparable to legitimate global industries, with semi-autonomous AI “swarms” coordinating attacks and more sophisticated supply-chain compromises targeting embedded systems and AI models, the report added.
“The findings clearly show that cybercrime is no longer an opportunistic activity — it is an industrialized system operating at machine speed,” said Jonas Walker, director of threat intelligence for APAC and the Middle East at FortiGuard Labs.
Bambi Escalante, Fortinet Philippines country manager, said organizations will need “a unified, adaptive security posture” that integrates threat intelligence, exposure management and incident response into a continuous, AI-enabled workflow.
“Static configurations and periodic assessments can’t keep pace,” she said.
Fortinet said organizations that can combine human expertise, automation and predictive intelligence into a single responsive system will be best positioned to withstand the scale and speed of future cyberthreats. / KOC