top of page
Search

Fortinet Warns: AI and Automation Are Redefining the Cyber Threat Landscape

At RSA Conference 2025, Fortinet’s FortiGuard Labs unveiled its latest Global Threat Landscape Report, painting a stark picture of how the rules of cybersecurity have shifted dramatically over the past year. Attackers, once reliant on manual exploitation and isolated tactics, are now operating at an industrialized scale—driven by AI, automation, and increasingly sophisticated black-market ecosystems.


The findings show a fundamental erosion of defenders' traditional advantages, with the defensive playbook struggling to keep pace against a faster, smarter, and more commoditized adversary.


"Our latest Global Threat Landscape Report makes one thing clear: Cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented speed and scale," said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at FortiGuard Labs. "The traditional security playbook is no longer enough."

The Rise of Machine-Speed Attacks


Among the report’s most alarming revelations: automated scanning activities surged 16.7% worldwide in 2024. Threat actors are no longer waiting for vulnerabilities to surface—they're actively, systematically scouring cyberspace at a pace of 36,000 scans per second. Particularly targeted are exposed protocols like SIP, RDP, and IoT interfaces, signaling a concerted push toward early-stage attack surface mapping.


At the same time, darknet marketplaces have matured into one-stop shops for cybercrime, offering curated exploit kits and initial access packages. With a record 40,000 vulnerabilities added to the National Vulnerability Database—a 39% jump over the previous year—the black-market economy is booming, fueled by a flood of stolen credential logs and plug-and-play hacking tools.


AI is No Longer the Defender's Advantage


Perhaps most unsettling, Fortinet reports that cybercriminals are fully embracing AI to enhance their capabilities, in ways that sidestep the ethical guardrails of mainstream models. Tools like FraudGPT and BlackmailerV3 have enabled unprecedented personalization and automation of phishing campaigns, driving up success rates while diminishing opportunities for early detection.


What’s more, voice synthesis tools like ElevenLabs have added a chilling layer of realism to social engineering attacks, blurring the line between machine-generated and human communications.


Critical Infrastructure: A New Bullseye


Threat actors aren’t just scaling attacks—they’re targeting more strategically. Manufacturing, business services, construction, and retail sectors bore the brunt of attacks last year, accounting for nearly half of all incidents. The United States remained the most targeted country by far (61%), trailed by the United Kingdom and Canada.


Ransomware-as-a-Service (RaaS) groups and nation-state actors alike are zeroing in on industries where downtime can cripple operations, making victims more likely to pay.


The Credential Crisis Deepens


Credentials have become the new cyber currency, according to Fortinet’s data. Over 100 billion compromised records surfaced on underground forums last year, a 42% increase. Combo lists—huge databases of usernames, passwords, and email addresses—have fueled an explosion of credential-stuffing attacks, account takeovers, and financial fraud.


Notorious groups like BestCombo and BloddyMery dominate these forums, providing turnkey services that lower the technical barrier for would-be attackers and fueling an arms race of identity-based attacks.


A New Security Playbook for CISOs


Fortinet’s report doesn’t just document the growing storm—it prescribes a new approach for defenders. Among the recommendations:


  • Move beyond traditional detection to continuous threat exposure management using attack surface management (ASM) and breach-and-attack simulation (BAS) tools.


  • Emulate real-world attacks with red and purple teaming exercises aligned to the MITRE ATT&CK framework.


  • Prioritize patching of vulnerabilities that are trending in cybercriminal circles, using dynamic scoring systems like EPSS alongside CVSS.


  • Leverage dark web intelligence proactively to spot emerging ransomware trends and identify stolen corporate credentials before they’re weaponized.


Manky emphasized that AI, zero trust architectures, and continuous threat exposure management must become foundational pillars of cybersecurity moving forward:


"Organizations must shift to a proactive, intelligence-led defense strategy powered by AI, zero trust, and continuous threat exposure management to stay ahead of today’s rapidly evolving threat landscape."

FortiGuard Labs: From Detection to Prevention


Fortinet is also pushing its FortiGuard Labs Advisory Services to the forefront, offering organizations not just threat detection but adversary emulation, forensic analysis, and incident response tailored to modern attack realities.


In an era where cyberattacks evolve faster than many companies can update their defenses, Fortinet’s new threat landscape report leaves little doubt: the future of cybersecurity will belong to those who can fight machines with smarter machines.

bottom of page