AI-Driven Cyber Risks: Understanding the Changing Threat Landscape

23 June 2026

Getting your Trinity Audio player ready...

In February 2026, cybersecurity researchers identified a potential breach of government IT infrastructure in a major Latin American country. The breach, spanning multiple administrative tiers, was attributed to a single threat actor using commercial generative AI tools, identified through a prompt-level 'paper trail'.¹ Although not formally confirmed by authorities, the findings underline how AI is reshaping the scale, speed and accessibility of modern cyberattacks.

Within weeks, the individual is understood to have bypassed the AI system's safeguards through carefully framed prompts — a technique known as 'jailbreaking' — gaining administrative access and extracting large volumes of sensitive data. While the operation remained human‑directed, much of its execution was carried out by the AI system itself, in some cases surfacing vulnerabilities and enabling further exploitation.

“

AI is reshaping the economics of cyberattacks. Technical skills such as coding and intrusion are no longer the primary barriers. Instead, success increasingly depends on how effectively individuals can frame prompts and refine their approach over time.

Callum Cooke, cyber and technology account executive, Gallagher

For businesses and cybersecurity teams, this shift introduces new challenges: broader attack surfaces, fastermoving threats and increased financial exposure.

How AI is reshaping cyber threats

Frontier AI models are reducing the time, skill and effort traditionally required to carry out cyberattacks. As these tools become more widely available and embedded across digital ecosystems, the avenues for developing and deploying threats are also expanding. Taken together, this makes attacks easier to execute and harder to contain.

Lower barriers, broader attack surface

Greater accessibility to AI capabilities is fuelling a rise in opportunistic, state-sponsored and lone-actor attacks. Advanced models are enabling even technically novice attackers to identify vulnerabilities and launch large-scale attacks.

Threat actors are increasingly using AI to identify and weaponise zeroday vulnerabilities² — previously unknown system flaws for which no patch is available — reducing the time organisations have to detect and respond.

Notably, relatively inexperienced actors are gaining entry to organisations, and then selling or sharing that access through dark-web ecosystems and underground networks, allowing more actors to participate in various stages of an attack.

Faster attacks, weaker foundations

In 2026, vulnerabilities are often exploited before they are publicly disclosed — driven in large part by increasingly advanced AI capabilities.³ These tools are accelerating the speed and sophistication of cyberattacks, enabling threat actors to design multi-stage attacks and reuse them across multiple organisations with minimal effort.

In practice, this creates greater pressure for businesses. As organisations scale their digital operations, many are left with underlying weaknesses in their systems and processes that can be easily exploited.

This often reflects the reality that, in the race to digitise, businesses have prioritised speed over building robust, secure foundations. Outdated systems, delayed updates, fragmented security tools and limited visibility across assets can all increase exposure and amplify the impact of an attack.

Evolving pressure points

Alongside attack methods, how pressure is applied on victims is also evolving. Social engineering, where attackers exploit human behaviour rather than technical weaknesses, is the starting point for most cyber incidents. AI is enabling these attacks to be scaled and customised more easily, making them harder to contain and increasing the likelihood of successful initial compromise.

While financial gain remains the primary target, organisations today often experience attacks aimed at reputational risk and data extortion. Ransomware attacks are now more layered, often combining data theft with disruption and extortion, including threats to release sensitive information if demands are not met.

Overall, improvements in backup practices have reduced the effectiveness of simple encryptiononly attacks. However, when attackers disable recovery systems and get access long enough to disrupt operations, they are often able to demand higher ransoms.

Supercharged cyberfraud: How AI is redefining deception at scale

Attacks on UK retailers in 2025, which resulted in losses exceeding £300 million,⁴ began as something far simpler: credential theft. Threat actors bypassed traditional controls by targeting user identities through impersonation, using phishing (deceptive emails) and voicebased impersonation to manipulate multi-factor authentication and gain access.

A year earlier, a UK engineering firm lost approximately £18.5 million after an employee was deceived into authorising a fraudulent transfer during a deepfake video call impersonating senior executives⁵ — a form of targeted fraud known as whaling. These incidents reflect a broader shift, where technical intrusion is increasingly replaced, or enabled, by highly convincing manipulation that is difficult to distinguish from legitimate activity.

A more humancentric approach to cyberfraud, amplified by AI tools such as audio deepfakes to spoof voices, highlights how cultural familiarity, psychological insight and automation are combining to redefine modern cyber threats. In effect, attacks are becoming less about breaking systems and more about influencing people — at speed and at scale.

Why all businesses are exposed

A key feature of today's cyber threat landscape is that organisations don't need to be specifically targeted to be at risk. Attackers often use automated, AI-driven tools to scan for vulnerabilities across the internet, identifying businesses with easily exploitable weaknesses or outdated systems. This means that any organisation with a digital presence can be exposed particularly if there are gaps in security or legacy systems that haven't been updated.

Data-driven sectors: Higher impact risks

Sectors handling large volumes of sensitive data, such as financial services, professional services, healthcare and charities, face greater exposure to data theft and extortion. The breach response cost can escalate quickly, from regulatory notifications to data analysis and remediation. Even relatively small incidents can result in significant financial and reputational impact.

Operational sectors: Disruption-led attacks

Industries such as manufacturing and education are frequent targets due to their reliance on operational continuity. Attacks in these sectors often focus on disruption, where system downtime leads directly to monetary loss. Increasingly, these industries are targeted alongside others as a part of widespread, opportunistic attack campaigns.

SMEs: Widespread exposure, different risks

Smaller organisations, often seen as less attractive targets, are highly exposed. Limited resources, weaker controls and unpatched systems make them easy prey. Rather than large ransom demands, small and medium-sized enterprises (SMEs) often face attacks such as invoice fraud and business email compromise. Importantly, they're also used as entry points into larger supply chains, making them indirect but critical targets.

What this means for your cyber risk profile: Key considerations for business leaders

As the threat landscape evolves, here's how organisations can reassess their current visibility and support structures to have a robust cyber resilience profile:

Prioritise response readiness, not just prevention

Cyber incidents often require specialist response. Access to incident response services, whether through cyber insurance or external providers, can be critical in managing events effectively.

Strengthen core controls that insurers rely on

Three controls remain fundamental:

Multi-factor authentication (MFA) for remote access and email
Timely patching (within days for critical vulnerabilities and within weeks more broadly)
Resilient backups (including off-site and immutable options)

While these measures don't eliminate risk, they significantly reduce the likelihood of successful attacks.

Maintain continuous visibility into vulnerabilities and assets

With hundreds of new vulnerabilities emerging daily, organisations need clear visibility of systems, internet-facing assets and exposure points. Risk isn't static and ongoing monitoring is essential.

Reassess cyber insurance cover and services

The value of cyber insurance extends beyond financial protection. Cyber insurance can also provide access to pre-breach support, resources that many organisations wouldn't otherwise have.

Organisations should review:

Incident response services and vendor access
Business interruption terms (including waiting periods)
Third-party risk coverage
Availability of proactive services such as threat intelligence and vulnerability scanning

Monitor emerging AI-related risks internally

The use of unapproved AI tools by employees is an emerging concern, with clear potential for data leakage and misuse. Stronger governance, oversight and clearer internal policies around AI use are becoming increasingly important, particularly for larger organisations.

Hard-wiring resilience in the era of AI cyber threats

Cyber risk is being transformed in ways that extend beyond security teams and now directly impact boards and risk owners. Building resilience against new forms of cyber threats demands a step change from a 'findandfix' mindset to one that prioritises anticipation, continuous monitoring and rapid recovery. A critical part of enabling this approach is ensuring allround protection, where cyber insurance and proactive risk management strategies play a key role.

For organisations operating in a digital environment, now is the time to ensure cyber insurance and risk management strategies are genuinely fit for purpose — aligned not just to yesterday's threats, but to the evolving, AIdriven risks of tomorrow. Those who do will be better equipped to absorb disruption and navigate the growing volatility of the digital landscape with confidence.

Strengthen your cyber resilience before threats strike. Partner with Gallagher to secure cyber insurance and specialist risk advisory that helps protect your organisation from today's most advanced AI‑driven attacks.

Callum Cooke

Cyber & Technology Account Executive at Gallagher

Sources

¹Sela, Eyal. "The AI-Assisted Breach of Mexico's Government Infrastructure," Gambit Security, accessed 17 Jun 2026. PDF file.

² Gil, Bruce. "Google Says It Found Evidence of Hackers Using AI to Discover a Zero-Day Vulnerability," Gizmodo, 11 May 2026.

³ "Days From Vulnerability to Exploitation," Rest of World, 4 May 2026.

⁴ Tidy, Joe. "Four Arrested in Connection with M&S and Co-Op Cyber-Attacks," British Broadcasting Channel, 10 Jul 2025.

⁵ "Elliott, David. "This Happens More Frequently Than People Realize': Arup Chief on the Lessons Learned From a $25m Deepfake Crime," World Economic Forum, 4 Feb 2025.

Disclaimer

The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will