{"id":33759,"date":"2026-06-10T15:06:50","date_gmt":"2026-06-10T15:06:50","guid":{"rendered":"https:\/\/blog.lacnic.net\/?p=33759"},"modified":"2026-06-10T15:09:00","modified_gmt":"2026-06-10T15:09:00","slug":"cybersecurity-ai","status":"publish","type":"post","link":"https:\/\/blog.lacnic.net\/en\/cybersecurity-ai\/","title":{"rendered":"Cybersecurity in 2026: A More Agile, Mature, and AI-Enabled Criminal Industry"},"content":{"rendered":"\n

By Carlos Mart\u00ednez<\/a>, Chief Technology Strategist at LACNIC<\/p>\n\n\n\n

In 2026, cybersecurity can no longer be viewed as a discipline focused solely on firewalls, antivirus software, or perimeter defenses. The challenge of protecting assets has changed in both scale and speed. Cybercrime now operates as a mature industry, complete with specialized roles, secondary markets, payment mechanisms, affiliate programs, and outsourced services. At the same time, artificial intelligence is accelerating both offensive and defensive capabilities, although its most visible impact today is on the side of the attackers.<\/p>\n\n\n\n

Traditional threats have not disappeared. Phishing, credential theft, social engineering, fraud, extortion, and ransomware remain prevalent. What has changed is the speed, scale, and quality with which these techniques can be executed.<\/p>\n\n\n\n

Cybercrime as an Industry<\/a><\/h2>\n\n\n\n

One of the most significant changes in recent years has been the consolidation of cybercrime as an organized economic activity. We are no longer dealing exclusively with isolated actors exploiting specific vulnerabilities, but with ecosystems where malware is developed, credentials are purchased and sold, specialized marketplaces are available, payment infrastructure is in place, and ransomware is deployed on demand.<\/p>\n\n\n\n

The FBI’s 2025 IC3 report reveals the persistence and magnitude of reported cybercrime. A clear example is the market for stolen credentials: a compromised password can remain publicly available on an online marketplace for years until it is eventually purchased and used against a corporate portal, a SaaS platform, or a critical resource management system. This latency transforms credential theft into a form of security debt.<\/p>\n\n\n\n

Old Threats, New Scale<\/a><\/h2>\n\n\n\n

Traditional attack techniques are still effective because they target the most difficult element to secure: people and their everyday processes. The difference in 2026 is that these techniques are enhanced by generative AI. A fraudulent email may no longer contain spelling mistakes. A fake audio message can mimic a familiar voice. A manipulated video can lend credibility to an urgent request. The tone of a WhatsApp message can be adapted to the victim’s cultural and linguistic context.<\/p>\n\n\n\n

AI did not invent social engineering, but it has transformed it, making attacks cheaper, more convincing, and easier to scale. This change has lowered the barrier to entry for attackers and increased the number of potential attempts.<\/p>\n\n\n\n

AI, Ransomware, and the Cloud<\/a><\/h2>\n\n\n\n

Artificial intelligence is emerging as today’s most powerful amplifier. CrowdStrike has reported significant growth in AI-driven or AI-assisted operations, along with a sharp reduction in the time attackers need to move laterally within a compromised network.<\/p>\n\n\n\n

This increasingly narrow response window forces a shift away from manual processes, delayed tickets, and periodic reviews. Defense needs to detect weak signals, correlate events, and act quickly.<\/p>\n\n\n\n

Ransomware has also ceased to be a purely technical tool and become a business model. Ransomware-as-a-service allows actors with limited technical expertise to rent infrastructure, tools, and support to run attack campaigns.<\/p>\n\n\n\n

Adding to this is the growing number of attacks on the cloud, SaaS, and APIs. The cloud did not eliminate security issues; it redistributed them. Many organizations migrated critical services without redesigning their identity controls, monitoring, segmentation, and responses.<\/p>\n\n\n\n

Zero-Days and the Defensive Window<\/a><\/h2>\n\n\n\n

The speed at which vulnerabilities are exploited is also significant. According to Zafran, a significant proportion of vulnerabilities exploited in 2025 were leveraged before or within the first 24 hours of their public disclosure.<\/p>\n\n\n\n

This forces us to review traditional vulnerability management models. For exposed assets or critical services, a monthly patching cycle may not be enough. The question is no longer merely \u201cDo we have the patch?\u201d but \u201cDo we know which systems are exposed and how long we can wait before fixing them?\u201d<\/p>\n\n\n\n

A Perimeter as an Outdated Concept<\/a><\/h2>\n\n\n\n

Traditional perimeters have been ineffective for years. The pandemic, remote work, the cloud, VPNs, SaaS, and outsourcing have shattered the idea of a trusted \u201cinside\u201d and a hostile \u201coutside.\u201d<\/p>\n\n\n\n

Today, the new perimeter is defined by every identity verification, every access authorization, and every protected service. Firewalls still have a role, but they can no longer be the conceptual center of the strategy. Modern defense is no longer based on trusting a network, but on continuously verifying identity, context, permissions, behavior, and exposure.<\/p>\n\n\n\n

Geopolitical Risk and Critical Infrastructure<\/a><\/h2>\n\n\n\n

Cybersecurity is also intertwined with geopolitics. Data centers, submarine cables, cloud providers, IXPs, backbone networks, and digital services can become direct targets or suffer collateral damage in conflicts between states.<\/p>\n\n\n\n

Conclusion: Less Perimeter, More Verification<\/a><\/h2>\n\n\n\n

In 2026, cybersecurity is defined by the industrialization of digital crime, AI acting as an accelerator, faster exploitation of vulnerabilities, the cloud as the dominant attack surface, and rising geopolitical risk. Simply acquiring more tools is not enough. We need to re-evaluate our assumptions and abandon the idea that a stable perimeter exists that separates what can be trusted from what cannot.<\/p>\n\n\n\n

If your organization still bases its strategy on protecting \u201cthe internal network,\u201d it is time to rethink that approach. Start by taking inventory of critical identities, reviewing privileged accesses, measuring actual response times, and testing how quickly you can react to a compromised credential, an exploited vulnerability, or a ransomware incident.<\/p>\n\n\n\n

Click here<\/a> to watch the presentation on cybersecurity at LACNIC 45.<\/p>\n\n\n\n

References<\/a><\/h2>\n\n\n\n