Cloudflare released its inaugural 2026 Threat Report, warning that cybercrime has reached an industrial scale. The findings rely on data from Cloudflare's global network, which manages a significant portion of total internet traffic. Threat actors now utilize AI and SaaS integrations to automate and accelerate attack cycles.
Research indicates a fundamental tactical shift as criminals move from exploiting software vulnerabilities to using stolen credentials and session tokens. This transition allows attackers to log in to systems rather than breaking in through complex exploits. AI further lowers the barrier to entry, enabling less-skilled actors to generate sophisticated phishing campaigns and malware.
The report identifies nation-state actors from China and North Korea leveraging AI for precision strikes on critical infrastructure. These groups also use automated tools to infiltrate corporate payroll systems. Cloudflare advises defenders to adopt proactive, identity-centric resilience models to counter these evolving threats. No immediate market reaction followed the report's release.