Skip to main content

Red AI animation overlayed on person using laptop

AI Emerges as Primary Threat to CISOs

A new NCC Group analysis reveals that AI weaponization and internal security gaps drove a 22% surge in monthly cyberattacks.

Artificial intelligence represents the single greatest risk to chief information security officers as malicious actors integrate the technology into the attack chain, according to a first-quarter report from NCC Group.

The Q1 2026 Threat Pulse found that ransomware attacks reached 775 incidents in March, marking a 22% increase over February. While total volume for the first quarter declined 3% compared to the previous quarter, the sophistication of these attacks is rising as threat actors leverage AI for social engineering and propaganda.

Malicious AI Integration

Threat actors ranging from nation-states to hacktivists are adapting AI to improve the legitimacy of fraudulent communications. These groups use large language models to translate messages accurately and automate decision-making during various stages of a breach.

Beyond external threats, the report identifies "vibe coding"—the practice of using generative AI to write software without traditional security oversight—as a major internal vulnerability. This trend often produces insecure code that leaves enterprise systems exposed. Additionally, using AI to generate passwords has proven risky, as the models frequently produce predictable patterns that attackers can easily bypass.

Ransomware Landscape Shifts

The ransomware group Qilin dominated the landscape in March, accounting for 18% of all recorded attacks. Newer groups, including Gentlemen and NightSpire, have also climbed the ranks, though analysts noted a lack of verified victims for some emerging collectives.

North America remains the primary target for global threat actors, accounting for more than 52% of all incidents in the first quarter. The industrials sector was the most targeted vertical, representing approximately 30% of all March activity.

Defense-in-Depth Strategies

Recent campaigns have exploited critical-severity vulnerabilities in firewall management centers, allowing attackers to execute arbitrary code with root-level privileges. These incidents highlight the necessity of defense-in-depth strategies to counter zero-day exploits.

Despite the focus on emerging technology, security experts emphasize that foundational hygiene remains the best defense. Organizations continue to struggle with identity security, access controls and visibility across cloud environments. Analysts suggest that incident simulation and verified backup systems are critical to reducing recovery time following an inevitable breach.

About the Author

Jesse Jacobs is assistant editor of SecurityToday.com.

Featured

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”