Google warns AI-powered Cyberattacks to become new standard in 2026

New Cybersecurity Threats Include ‘Shadow Agents’ and Vehicle-mounted Fake Base Stations

Warnings have emerged that hackers will expand AI-powered cyberattacks next year, including using artificial intelligence (AI) to replicate executives’ voices and videos. Additionally, so-called “shadow agents” — AI tools installed without company knowledge — are expected to emerge as new cyber threats.Google Threat Intelligence Group (GTIG) released its 2026 Cybersecurity Outlook Report on Nov. 5, predicting that AI utilization in cyberattacks will establish itself as a new standard. GTIG warned that “in 2026, attackers will move beyond simple text-based phishing to actively utilize multimodal generative AI including voice, text, and video deepfakes,” adding that “there is a high possibility of conducting convincing attacks by impersonating executives or partner companies.” Google observed that this will increase hackers’ voice phishing success rates and heighten the risk of large-scale business email compromise (BEC) attacks.

The risk of shadow agents within companies is also expected to emerge as a new security threat. Shadow agents refer to AI tools not approved by organizations. GTIG pointed out that “when employees deploy autonomous AI agents or tools without approval, the risk of sensitive data leaking through uncontrolled channels increases.”

GTIG predicted that the economic damage from cybercrime will continue. Particularly, attacks using ransomware and data theft are expected to remain the cyber crime types causing the greatest economic damage globally next year. GTIG specifically urged caution, noting the high possibility of targeting hypervisors — infrastructure that manages virtualization within servers. Google diagnosed this as “a fatal security blind spot where control over entire digital assets can be seized with just a single breach.”

Activities by state-sponsored hacking organizations are also expected to become more active. Russia is expected to undergo strategic changes, pursuing long-term global strategic objectives beyond short-term tactical support for the Ukraine war. The scale of cyber operations linked to China is expected to continue exceeding the levels of other countries.

North Korea’s cyber threat organizations are expected to expand high-efficiency, high-profit operations targeting cryptocurrency organizations and users for revenue generation. GTIG analyzed that “North Korean IT personnel will expand their global activity scope, particularly focusing on Europe, to maintain income sources.”

Cyber crimes utilizing vehicle-mounted fake base stations (FBS) are also expected to continue. This method involves mobile base stations impersonating legitimate cellular networks to lure nearby devices to connect, then sending phishing text messages. It is known that primarily China-linked cyber criminals hire lower-level carriers through Telegram to conduct attacks.

South Korea and Japan are expected to significantly strengthen supply chain cybersecurity. South Korea is comprehensively reorganizing cyber defense postures in key sectors such as telecommunications following large-scale breach incidents. Japan plans to introduce a cybersecurity countermeasure evaluation system by fiscal year 2026 to verify the security status of companies in manufacturing sectors including semiconductor manufacturing.

Source: BusinessKorea