AI Emerges as Primary Threat to CISOs
A new NCC Group analysis reveals that AI weaponization and internal security gaps drove a 22% surge in monthly cyberattacks.
- By Jesse Jacobs
- Apr 29, 2026
Artificial intelligence represents the single greatest risk to chief information security officers as malicious actors integrate the technology into the attack chain, according to a first-quarter report from NCC Group.
The Q1 2026 Threat Pulse found that ransomware attacks reached 775 incidents in March, marking a 22% increase over February. While total volume for the first quarter declined 3% compared to the previous quarter, the sophistication of these attacks is rising as threat actors leverage AI for social engineering and propaganda.
Malicious AI Integration
Threat actors ranging from nation-states to hacktivists are adapting AI to improve the legitimacy of fraudulent communications. These groups use large language models to translate messages accurately and automate decision-making during various stages of a breach.
Beyond external threats, the report identifies "vibe coding"—the practice of using generative AI to write software without traditional security oversight—as a major internal vulnerability. This trend often produces insecure code that leaves enterprise systems exposed. Additionally, using AI to generate passwords has proven risky, as the models frequently produce predictable patterns that attackers can easily bypass.
Ransomware Landscape Shifts
The ransomware group Qilin dominated the landscape in March, accounting for 18% of all recorded attacks. Newer groups, including Gentlemen and NightSpire, have also climbed the ranks, though analysts noted a lack of verified victims for some emerging collectives.
North America remains the primary target for global threat actors, accounting for more than 52% of all incidents in the first quarter. The industrials sector was the most targeted vertical, representing approximately 30% of all March activity.
Defense-in-Depth Strategies
Recent campaigns have exploited critical-severity vulnerabilities in firewall management centers, allowing attackers to execute arbitrary code with root-level privileges. These incidents highlight the necessity of defense-in-depth strategies to counter zero-day exploits.
Despite the focus on emerging technology, security experts emphasize that foundational hygiene remains the best defense. Organizations continue to struggle with identity security, access controls and visibility across cloud environments. Analysts suggest that incident simulation and verified backup systems are critical to reducing recovery time following an inevitable breach.