Despite increasing investment in security budgets, the number of successful cyberattacks continues to rise. In Switzerland and Germany, InfoGuard dealt with over 310 ransomware cases this year - around 20 percent more than in the previous year. These figures underline the increasing precision and professionalism of modern, AI-supported attack patterns. The main driver of this development is the rapid progress in artificial intelligence (AI).
AI agents accelerate cyberattacks across all attack phases, enable highly personalized phishing, the use of deepfakes and the automated target analysis and adaptation of malware. It has never been so easy to initiate cyberattacks.
Open AI tools allow even less experienced actors to enter complex attack scenarios, often without any awareness of their impact. The resulting democratization of the attack side takes the threat to a new level. As a result, tried and tested defense mechanisms are becoming less effective. Cyber defense is facing a fundamental paradigm shift.
Agentic AI carries out cyber attacks automatically without human guidance, acting precisely and with unprecedented speed. It takes over target selection, analysis and blackmail for attackers. The latest Anthropic Threat Intelligence Report describes how AI agents are independently controlling attacks and increasingly overtaking traditional defense mechanisms. Detection and response are coming under pressure as a result.
In a data center, an agent-based AI system is activated in the middle of the night. A single command is enough to trigger automated attack steps: "Find high-value files, exfiltrate, monetize". The AI agent identifies exposed VPN access points, analyzes sensitive data and generates blackmail messages to managers, CISOs and selected employees. Each individual email is based on real data, is precisely formulated, sets realistic deadlines, addresses possible legal consequences and thus generates maximum pressure. The automation goes even further: the AI dynamically calibrates the amount of the claim based on the respective target profile: high enough to build up pressure and yet low enough to achieve rapid payment.
What stands out? The change in blackmail logic: the pressure is created less by encrypting systems than by threatening to publish confidential information, reinforced by targeted psychological manipulation. After successful monetization, the AI agent autonomously shifts its activities to the next target. The attack scales.
Next-generation attacks can only be mastered if human expertise and AI-supported precision work together, in the sense of genuine human-AI teaming. At the same time, it is important to consistently secure particularly vulnerable access points. This includes phishing-resistant authentication such as FIDO2 or passkeys, a consistent zero-trust approach and stringent implementation of the principle of least privilege. This prevents a compromised AI from using its capabilities against the company's own infrastructure or internal systems.
Modern cyber defense must keep pace with the speed, scalability and complexity of today's attacks. This is precisely where AI shifts the balance of power in favor of defense. Attackers achieve a speed that would take human analysts days. Even a single vulnerability can cause considerable damage. Defenders, on the other hand, have to recognize every potential gateway and protect themselves against the latest attack dynamics. Without AI, defense is almost impossible to implement, especially in complex IT and OT environments.
AI-supported methods for early anomaly detection have become established in the defense against highly complex attack patterns. The knowledge gained from this flows into central cyber threat intelligence platforms, where it is consolidated and contextualized for new application scenarios and transferred to automated threat hunting processes. The aim is to continuously sharpen detection capabilities, recognize relevant patterns at an early stage and effectively secure managed detection and response environments against the latest attack tactics.
A key component of this defense logic is human-AI teaming: a clearly structured interplay of human expertise and AI-supported analysis. While AI systems play to their strengths in terms of speed, scalability and the recognition of patterns in large volumes of data, humans contribute their contextual knowledge, experience and ethical judgment.
AI-based incident response makes it possible to analyze security incidents much faster and in a more targeted manner. By automating root cause analyses and correlating log and sensor data, AI relieves the burden on analysts in the Security Operations Center (SOC). Thanks to the preliminary work of AI systems, the SOC team receives an overview within a few minutes, validates results, checks hypotheses and initiates in-depth analyses based on current threat intelligence findings.
AI also supports the operational response to security incidents. It recommends specific measures such as isolating compromised systems, blocking compromised accounts or resetting access tokens. The specialists in the SOC can trigger these steps immediately and implement them in real time.
The focus of the human-AI teaming approach is not on replacing human expertise, but on strengthening it in a targeted manner. AI accelerates analysis and decision-making processes and increases their precision, while responsibility and the final decision remain with humans.
Cyber defense will still be in demand in 2026. Defense must adapt its capabilities to the current threat situation and continue to develop strategically. With cybercrime gaining pace, AI-supported malware on the rise and dependencies in supply chains becoming an even greater focus, defense strategies must start earlier, have a broader impact and be more automated - without relinquishing control, of course.
Agentic AI has not yet emerged as a direct attacker in the incidents handled by InfoGuard's Computer Security Incident Response Team (CSIRT). However, the effects are clearly noticeable.
This dynamic will intensify further in 2026. InfoGuard is therefore consistently focusing its cyber defense on human-AI teaming. At its core is a powerful AI platform, supplemented by a specifically secured AI infrastructure and the integration of selected partner technologies.
The key is to use only controllable technologies - a requirement that is particularly important in the AI environment. The operation of AI models requires explainability and security along the entire value chain: from the database to training and inference through to end-to-end control of the pipeline. To reliably meet data protection and transparency requirements, InfoGuard relies on a mix of proprietary and integrated platforms with clear governance and full auditability.
AI-based cyberattacks are threatening organizations of all sectors and sizes more than ever. Both their number and their complexity are increasing significantly. Now more than ever, those responsible are required to critically review, reassess and consistently develop existing security measures.
InfoGuard supports companies, operators of critical infrastructures and authorities with over 350 proven security experts.
This is how our SOC and threat intelligence teams support you:
Cyber defense is therefore not just reactive, but proactive as the basis for sustainable resilience in the digital age.
Decide today how secure your company will be tomorrow.
Image caption: Image generated with AI