The integration of artificial intelligence in cyberattacks is transforming the operational technology landscape, significantly increasing the speed of malicious activities. Research from SANS highlights a marked uptick in the speed and volume of phishing and exploit development, with AI allowing threat actors to conduct operations that once required extensive expertise in just minutes.
Data from ecrime.ch indicates a sharp rise in ransomware incidents, with 7,819 cases reported on data leak sites in 2025. The United States faced the brunt of these attacks, accounting for nearly 4,000 incidents, while Canada and various European nations were also heavily impacted. Prominent ransomware groups identified in these attacks included Qilin, Akira, Cl0p, PLAY, and SAFEPAY.
Experts emphasize the urgent need for enhanced cybersecurity measures, particularly as many operational technology environments are constrained by legacy systems that prioritize safety over security. The zero trust security model is suggested as a viable defense strategy, focusing on microsegmentation and stringent authentication to mitigate risks from AI-assisted threats. However, a gap in accountability exists as defenders struggle to keep pace with the evolving tactics of attackers.