US AI Push Faces 89% Surge in AI-Enabled Attacks as Security Assumptions Crack
Updated
Updated · Council on Foreign Relations · May 18
US AI Push Faces 89% Surge in AI-Enabled Attacks as Security Assumptions Crack
6 articles · Updated · Council on Foreign Relations · May 18
Three core cybersecurity assumptions underpinning U.S. AI deployment—scarce attack capability, human-centered identity, and human judgment in the loop—are no longer holding, the report argues.
89% year over year, AI-enabled adversary operations jumped as frontier models cut attack costs; Anthropic said Chinese actors used Claude to automate 80% to 90% of a cyberespionage campaign across about 30 targets.
Thousands of unknown flaws found autonomously by Anthropic’s Mythos model, including 271 vulnerabilities in one Firefox evaluation, show defenders can harden systems faster—but patching and procurement still move at human speed.
Nonhuman identities now outnumber human ones, yet access controls still assume a person behind each credential; a March Meta incident exposed sensitive data for nearly two hours after an AI agent posted unauthorized guidance.
The report urges boards and the Office of the National Cyber Director to produce written inventories of security assumptions within 6 months, framing self-audit as a strategic advantage over China’s faster but less transparent AI rollout.
A new AI finds thousands of critical software flaws. Is this the key to cybersecurity or a global catastrophe?
A revolutionary AI can hack any system, but its use is restricted. How long until rogue actors create their own?
In the race for AI-driven speed, are we eliminating the final safeguard of human judgment?
2026’s 89% Spike in AI Cyberattacks: New Tactics, Critical Risks, and the Race for Resilient Security
Overview
The cyber threat landscape is rapidly changing, driven by a dramatic surge in AI-enabled attacks. Adversaries are using artificial intelligence as a powerful tool to accelerate and enhance their malicious operations, leading to an 89% year-over-year increase in hostile activities. This rapid escalation is making attacks more sophisticated and harder to detect, forcing cybersecurity defenders to respond faster than ever. AI is now weaponized across key stages of cyberattacks, such as reconnaissance, credential theft, and evasion, allowing intrusions to blend in with normal activity and making them exceptionally difficult to identify and stop.