FortiGuard’s 2026 Global Threat Landscape Report reveals time-to-exploit has collapsed to 24-48 hours as AI crime tools industrialize attack operations.
The industrialization of cybercrime has reached new heights, with AI tools, automation, and data-sharing networks compressing the time-to-exploit to as little as 24 to 48 hours for critical vulnerabilities. FortiGuard’s 2026 Global Threat Landscape Report, based on telemetry from millions of sensors worldwide, reveals that malicious actors are beginning to leverage agentic AI to execute more sophisticated attacks at machine speed.
A range of AI-enabled malicious tools are now readily available, including WormGPT, FraudGPT, HexStrike AI, APEX AI, and BruteForceAI. These tools act as force multipliers, reducing skill and time requirements. FraudGPT and WormGPT create compelling phishing campaigns, HexStrike AI assists with automated reconnaissance and attack-path generation, and APEX AI offers APT-style attack simulation including automated OSINT and kill-chain generation. BruteForceAI executes multi-threaded attacks with human-like behavior patterns against login forms.
The cybercrime supply chain is fueled by infostealers such as RedLine (50.80% of infections), Lumma (27.84%), and Vidar (13.19%), whose harvested data is sold by access brokers. FortiGuard reports 656 vulnerabilities were actively discussed on the darknet in 2025, with 52.44% having publicly available PoC exploit code. CVEs become industrial when they are sufficiently packaged with scripts, modules, and operational playbooks for repeatable exploitation.
Globally, there were 7,831 confirmed ransomware victims in 2025, with the most active groups being Qilin, Akira, and Safepay. The US had 3,381 victims. Defenders must match attacker speed with defensive AI and automation, prioritizing identity-centric detection, exposure reduction, and automated response to match machine-speed operations.
Source: SecurityWeek — AI Fuels Industrial Cybercrime as Time-to-Exploit Shrinks to Hours
