2025 was the year enterprise AI went mainstream. In 2026, it’s made its way into every facet of the organizational structure – transforming workflows, revolutionizing productivity, and creating new value streams. In short, it’s opened up a whole new attack surface.  

At the same time, AI has accelerated the pace of cybersecurity arms race on both sides: adversaries are innovating using the latest AI technologies at their disposal while defenders scramble to outmaneuver them and stay ahead of AI-powered threats.  

That’s why Darktrace publishes this research every year. The State of AI Cybersecurity 2026 provides an annual snapshot of how the AI threat landscape is shifting, where organizations are adopting AI to maximum advantage, and how they are securing AI in the enterprise.

What is the State of AI Cybersecurity 2026?

We surveyed over 1,500 CISOs, IT leaders, administrators, and practitioners from a range of industries and different countries to uncover their attitudes, understanding, and priorities when it comes to AI threats, agents, tools, and operations in 2026. ​

The results show a fast-changing picture, as security leaders race to navigate the challenges and opportunities at play. Since last year, there has been enormous progress towards maturity in areas like AI literacy and confidence in AI-powered defense, while issues around AI governance remain inconclusive.

Let’s look at some of the key findings for 2026.

What’s the impact of AI on the attack surface?

Security leaders are seeing the adoption of AI agents across the workforce, and are increasingly concerned about the security implications.

• 44% are extremely or very concerned with the security implications of third-party LLMs (like Copilot or ChatGPT)
• 92% are concerned about the use of AI agents across the workforce and their impact on security

The rapid expansion of generative AI across the enterprise is outpacing the security frameworks designed to govern it. AI systems behave in ways that traditional defenses are not designed to monitor, introducing new risks around data exposure, unauthorized actions, and opaque decision-making as employees embed generative AI and autonomous agents into everyday workflows.  

Their top concerns? Sensitive data exposure ranks top (61%), while regulatory compliance violations are a close second (56%). These risks tend to have the fastest and most material fallout – ranging from fines to reputational harm – and are more likely to materialize in environments where AI governance is still evolving.

What’s the impact of AI on the cyber threat landscape?

AI is now being used to expedite every stage of the attack kill chain – from initial intrusion to privilege escalation and data exfiltration. 

“73% say that AI-powered threats are already having a significant impact on their organization.”

With AI, attackers can launch novel attacks at scale, and this is significantly increasing the number of threats requiring attention by the security team – often to the point of overwhelm.  

Traditional security solutions relying on historical attack data were never designed to handle an environment where attacks continuously evolve, multiply, and optimize at machine speed, so it’s no surprise that 92% agree that AI-powered cyber-threats are forcing them to significantly upgrade their defenses.

How is AI reshaping cybersecurity operations?

Cybersecurity workflows are still in flux as security leaders get used to the integration of AI agents into everyday operations.  

“Generative AI is now playing a role in 77% of security stacks.” But only 35% are using unsupervised machine learning.

AI technologies are diverse, ranging from LLMs to NLP systems, GANs, and unsupervised machine learning, with each type offering specific capabilities and facing particular limitations. The lack of familiarity with the different types of AI used within the security stack may be holding some practitioners back from using these new technologies to their best advantage.  

It also creates a lack of trust between humans and AI systems: only 14% of security professionals allow AI to take independent remediation actions in the SOC with no human in the loop.

Another new trend for this year is a strong preference (85%) for relying on Managed Security Service Providers (MSSPs) for SOC services instead of in-house teams, as organizations aim to secure expert, always-on support without the cost and operational burden of running an internal operation.

What impact is AI having on cybersecurity tools?

“96% of cybersecurity professionals agree that AI can significantly improve the speed and efficiency with which they work.”

The capacity of AI for augmenting security efforts is undisputed. But as vendor AI claims become far-reaching, it falls to security leaders to clarify which AI tools offer true value and can help solve their specific security challenges.  

Security professionals are aligned on the biggest area of impact: 72% agree that AI excels at detecting anomalies thanks to its advanced pattern recognition. This enables it to identify unusual behavior that may signal a threat, even when the specific attack has never been encountered or recorded in existing datasets.  

“When purchasing new security capabilities, 93% prefer ones that are part of a broader platform over individual point products.”

Like last year, the drive towards platform consolidation remains strong. Fewer vendors can mean tighter integrations, less console switching, streamlined management, and stronger cross-domain threat insights. The challenge is finding vendors that perform well across the board.

See the full report for more statistics and insights into how security leaders are responding to the AI landscape in 2026.

Learn more about securing AI in your enterprise.

What is ClearFake?

As threat actors evolve their techniques to exploit victims and breach target networks, the ClearFake campaign has emerged as a significant illustration of this continued adaptation. ClearFake is a campaign observed using a malicious JavaScript framework deployed on compromised websites, impacting sectors such as e‑commerce, travel, and automotive. First identified in mid‑2023, ClearFake is frequently leveraged to socially engineer victims into installing fake web browser updates.

In ClearFake compromises, victims are steered toward compromised WordPress sites, often positioned by attackers through search engine optimization (SEO) poisoning. Once on the site, users are presented with a fake CAPTCHA. This counterfeit challenge is designed to appear legitimate while enabling the execution of malicious code. When a victim interacts with the CAPTCHA, a PowerShell command containing a download string is retrieved and executed.

Attackers commonly abuse the legitimate Microsoft HTML Application Host (MSHTA) in these operations. Recent campaigns have also incorporated Smart Chain endpoints, such as “bsc-dataseed.binance[.]org,” to obtain configuration code. The primary payload delivered through ClearFake is typically an information stealer, such as Lumma Stealer, enabling credential theft, data exfiltration, and persistent access [1].

Darktrace’s Coverage of ClearFake

Darktrace / ENDPOINT first detected activity likely associated with ClearFake on a single device on over the course of one day on November 18, 2025. The system observed the execution of “mshta.exe,” the legitimate Microsoft HTML Application Host utility. It also noted a repeated process command referencing “weiss.neighb0rrol1[.]ru”, indicating suspicious external activity. Subsequent analysis of this endpoint using open‑source intelligence (OSINT) indicated that it was a malicious, domain generation algorithm (DGA) endpoint [2].

‍

This activity indicates that mshta.exe was used to contact a remote server, “weiss.neighb0rrol1[.]ru/rpxacc64mshta,” and execute the associated HTA file to initiate the next stage of the attack. OSINT sources have since heavily flagged this server as potentially malicious [3].

The first argument in this process uses the MSHTA utility to execute the HTA file hosted on the remote server. If successful, MSHTA would then run JavaScript or VBScript to launch PowerShell commands used to retrieve malicious payloads, a technique observed in previous ClearFake campaigns. Darktrace also detected unusual activity involving additional Microsoft executables, including “winlogon.exe,” “userinit.exe,” and “explorer.exe.” Although these binaries are legitimate components of the Windows operating system, threat actors can abuse their normal behavior within the Windows login sequence to gain control over user sessions, similar to the misuse of mshta.exe.

EtherHiding cover

Darktrace also identified additional ClearFake‑related activity, specifically a connection to bsc-testnet.drpc[.]org, a legitimate BNB Smart Chain endpoint. This activity was triggered by injected JavaScript on the compromised site www.allstarsuae[.]com, where the script initiated an eth_call POST request to the Smart Chain endpoint.

EtherHiding is a technique in which threat actors leverage blockchain technology, specifically smart contracts, as part of their malicious infrastructure. Because blockchain is anonymous, decentralized, and highly persistent, it provides threat actors with advantages in evading defensive measures and traditional tracking [4].

In this case, when a user visits a compromised WordPress site, injected base64‑encoded JavaScript retrieved an ABI string, which was then used to load and execute a contract hosted on the BNB Smart Chain.

Conducting malware analysis on this instance, the Base64 decoded into a JavaScript loader. A POST request to bsc-testnet.drpc[.]org was then used to retrieve a hex‑encoded ABI string that loads and executes the contract. The JavaScript also contained hex and Base64‑encoded functions that decoded into additional JavaScript, which attempted to retrieve a payload hosted on GitHub at “github[.]com/PrivateC0de/obf/main/payload.txt.” However, this payload was unavailable at the time of analysis.

Autonomous Response

As Darktrace’s Autonomous Response capability was enabled on this customer’s network, Darktrace was able to take swift mitigative action to contain the ClearFake‑related activity early, before it could lead to potential payload delivery. The affected device was blocked from making external connections to a number of suspicious endpoints, including 188.114.96[.]6, *.neighb0rrol1[.]ru, and neighb0rrol1[.]ru, ensuring that no further malicious connections could be made and no payloads could be retrieved.

Autonomous Response also acted to prevent the executable mshta.exe from initiating HTA file execution over HTTPS from this endpoint by blocking the attempted connections. Had these files executed successfully, the attack would likely have resulted in the retrieval of an information stealer, such as Lumma Stealer.

Conclusion

ClearFake continues to be observed across multiple sectors, but Darktrace remains well‑positioned to counter such threats. Because ClearFake’s end goal is often to deliver malware such as information stealers and malware loaders, early disruption is critical to preventing compromise. Users should remain aware of this activity and vigilant regarding fake CAPTCHA pop‑ups. They should also monitor unusual usage of MSHTA and outbound connections to domains that mimic formats such as “bsc-dataseed.binance[.]org” [1].

In this case, Darktrace was able to contain the attack before it could successfully escalate and execute. The attempted execution of HTA files was detected early, allowing Autonomous Response to intervene, stopping the activity from progressing. As soon as the device began communicating with weiss.neighb0rrol1[.]ru, an Autonomous Response inhibitor triggered and interrupted the connections.

As ClearFake continues to rise, users should stay alert to social engineering techniques, including ClickFix, that rely on deceptive security prompts.

Credit to Vivek Rajan (Senior Cyber Analyst) and Tara Gould (Malware Research Lead)

Edited by Ryan Traill (Analyst Content Lead)

Appendices

Darktrace Model Detections

Process / New Executable Launched

Endpoint / Anomalous Use of Scripting Process

Endpoint / New Suspicious Executable Launched

Endpoint / Process Connection::Unusual Connection from New Process

Autonomous Response Models

Antigena / Network::Significant Anomaly::Antigena Significant Anomaly from Client Block

List of Indicators of Compromise (IoCs)

• weiss.neighb0rrol1[.]ru – URL - Malicious Domain
• 188.114.96[.]6 – IP – Suspicious Domain
• *.neighb0rrol1[.]ru – URL – Malicious Domain

MITRE Tactics

Initial Access, Drive-by Compromise, T1189

User Execution, Execution, T1204

Software Deployment Tools, Execution and Lateral Movement, T1072

Command and Scripting Interpreter, T1059

System Binary Proxy Execution: MSHTA, T1218.005

References

1.        https://www.kroll.com/en/publications/cyber/rapid-evolution-of-clearfake-delivery

2.        https://www.virustotal.com/gui/domain/weiss.neighb0rrol1.ru

3.        https://www.virustotal.com/gui/file/1f1aabe87e5e93a8fff769bf3614dd559c51c80fc045e11868f3843d9a004d1e/community

4.        https://www.packetlabs.net/posts/etherhiding-a-new-tactic-for-hiding-malware-on-the-blockchain/