Threat Actors Embed AI To Upgrade Attacks

At RSAC 2026, Microsoft security leaders report that threat actors are embedding AI across the attack lifecycle, increasing precision, tempo, and scale. AI-enabled phishing now yields 54% click-through rates versus 12% for traditional campaigns, and Tycoon2FA—linked to ~100,000 compromised organizations and responsible for ~62% of Microsoft-blocked phishing—had 330 domains seized in April 2026. The shift forces defenders to prioritize ecosystem-level disruption and intelligence sharing.
Key Points
- 1Embed AI across reconnaissance, weaponization, and post-compromise phases, improving attack sophistication.
- 2Raise phishing effectiveness to 54% click-through versus 12%, a 450% increase in conversion.
- 3Force defenders to adopt ecosystem disruption, intelligence sharing, and agent/software inventory controls.
Scoring Rationale
High-impact industry report driven by Microsoft Digital Crimes Unit disruption and quantified evidence (54% click-through, 330 domains seized, ~100,000 compromised organizations). Scored high on novelty, scope, and credibility; given a small positive adjustment for source authority and timeliness (RSAC 2026, same-day reporting).
Sources
Primary source and supporting public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems

