Cybersecurity and AI in 2026: The Threats Already Hitting Businesses and the Solutions Changing the Game

The Most Dangerous Moment in Digital History

On May 22, 2026, Infobae published a warning that shook the tech sector: organizations have just three to five months to get ahead of their adversaries before AI-powered cyberattacks become the dominant norm. "We now estimate that organizations have a very narrow window of three to five months to get ahead of the adversary before AI-driven vulnerabilities become the new normal," read the warning published on a corporate cybersecurity blog.

AI models are already being used to launch sophisticated cyberattacks, and this week it was announced that an AI-based "mass exploitation attack" attempt had been thwarted — proof that the threat is not hypothetical, but very real.

According to the World Economic Forum's Global Cybersecurity Outlook 2026, the widespread integration of artificial intelligence, combined with geopolitical volatility and supply chain complexity, is accelerating threats at an unprecedented pace. The most telling statistic: 94% of leaders surveyed believe AI will be the primary factor reshaping cybersecurity in the coming year.

AI as a Double-Edged Sword

Cybercriminals will harness AI to increase the speed, scale, and effectiveness of their attacks, while defenders will use AI agents to supercharge security operations and enhance analysts' capabilities.

IBM's X-Force Threat Intelligence Index 2026, published on February 25, 2026, delivered alarming numbers: cybercriminals are exploiting basic security gaps at dramatically higher rates, now accelerated by AI tools that help attackers identify weaknesses faster than ever. IBM X-Force observed a 44% increase in attacks that began by exploiting public-facing applications, driven largely by nonexistent authentication controls and AI-enabled vulnerability discovery.

Moody's, Fortinet, ESET, and Palo Alto Networks all agree that AI raises the offensive capabilities of cybercriminals — while also providing the tools needed for defense. "AI no longer just speeds up the attacker's work: it multiplies their reach and lowers the technical bar for entering the criminal ecosystem," said Mario Micucci, information security researcher at ESET Latin America.

Recent data from Foresiet reveals that AI-enabled attacks grew 89% year-over-year, and that a single AI agent compromised more than 600 firewalls across 55 countries without a human operator.

The Five Threats Businesses Should Fear Most in 2026

1. Hyper-Realistic Phishing Powered by Generative AI

Phishing remains the primary entry point for cyberattacks, but it has evolved radically thanks to generative AI. Gone are the days of typo-ridden emails that were easy to spot. Today, attackers use advanced tools to craft perfectly worded, highly personalized, and extremely convincing messages. According to Huntress data, AI-generated phishing emails now achieve click-through rates more than four times higher than those written by humans. Additionally, 40% of business email compromise emails are already AI-generated.

2. Ransomware with Multiple Extortion Layers

In 2026, ransomware appeared in 44% of all confirmed breaches, up from 32% the previous year. For small and medium-sized businesses, the picture is even more alarming: 88% of breaches involving SMBs include a ransomware component. Attack models now include double and triple extortion: attackers steal data before encrypting it, then threaten to leak it publicly, auction it off to competitors, or destroy it entirely if payment is not made.

3. Deepfakes for Corporate Fraud

One of the most unsettling developments of 2026 is the weaponization of deepfake technology for corporate fraud. Criminals now generate real-time video and audio that perfectly impersonates executives, government officials, and business partners. The FBI has flagged deepfake-assisted fraud as the fastest-growing AI cybersecurity threat category in the United States. One already-documented case: a finance employee at a multinational corporation was tricked into authorizing a $25.6 million payment after a video call with what appeared to be the company's CFO and several colleagues — all deepfake-generated replicas.

4. Attacks on Autonomous AI Agents

Attacks that manipulate AI models into executing malicious commands will increase significantly, enabling data theft and sabotage. Internal AI adoption introduces a new risk: the unauthorized use of autonomous agents by employees, business units, or third parties. These tools can create invisible flows of sensitive data, leading to leaks, regulatory violations, and loss of intellectual property.

5. Software Supply Chain Attacks

Major supply chain and third-party compromises have nearly quadrupled since 2020, as attackers increasingly exploit the environments where software is built and deployed, as well as SaaS integrations. A recent example: AI recruiting startup Mercor was compromised through LiteLLM, a widely used open-source framework — not through Mercor's own code, but through a trusted dependency.

Latin America: The Most Exposed and Least Prepared Region

For entrepreneurs and SMBs in the region, the numbers are particularly concerning. Latin America has solidified its position as a prime target for global cyberattacks, averaging 2,640 weekly attacks per organization.

The Global Cybersecurity Outlook 2026 reveals a stark gap between Latin America and developed markets: while confidence in withstanding attacks reaches 84% in the United States and Europe, in the region it barely hits 13%.

In Mexico, the situation is especially critical. Security reports show that Mexico led Latin America in attack attempts in 2024, while local reports indicate that more than 60% of SMBs have experienced data theft attempts, ransomware, or unauthorized access in the past year. A SILIKN study further reveals that 52.8% of SMBs already experienced at least one cyber incident in 2024, and 93.8% fear becoming a target in the coming months.

In Peru, according to IBM and Kaspersky data cited by the newspaper Gestión in January 2026, the cost of digital breaches is estimated at around $300,000 for small and medium-sized companies, while IBM puts the figure at approximately $2.4 million for companies across Latin America.

Adding to this is what experts call "cyber-inequity." The shortage of specialized professionals has become a structural weakness: in Latin America, nearly 69% of companies acknowledge gaps in technical skills. This gap directly undermines incident response capabilities and increases the risk of operational crises.

The Industry's Response: Fighting AI with AI

The tech industry has responded with a range of purpose-built defensive tools. The most significant move in recent weeks came from OpenAI. OpenAI launched Daybreak on May 11, 2026: a cybersecurity initiative that uses GPT-5.5 to identify vulnerabilities in code, model threats, and generate validated patches — turning analyses that once took hours into a matter of minutes.

Daybreak integrates GPT-5.5, GPT-5.5-Cyber, and Codex Security into a secure code review workflow. It offers three access tiers depending on the task: general use, defensive work, and controlled red teaming. It competes directly with Anthropic's Claude Mythos — Mythos has 40 partners and discovered 271 vulnerabilities in Firefox in 2025, while Daybreak launches with 12 or more partners, including Cloudflare, Cisco, and CrowdStrike.

Earlier, on April 14, 2026, OpenAI had announced GPT-5.4-Cyber. OpenAI announced GPT-5.4-Cyber on April 14, 2026 — a variant of GPT-5.4 specialized in defensive cybersecurity. Unlike the standard model, it can perform binary reverse engineering, analyze malware, and handle security queries that conventional models would reject due to their filters.

To manage responsible access to these capabilities, OpenAI is piloting Trusted Access for Cyber: an identity- and trust-based framework designed to ensure that enhanced cyber capabilities end up in the right hands. The company has also committed $10 million in API credits to accelerate cyber defense efforts.

On the defensive platform front, Darktrace has demonstrated the ability to reduce ransomware response times from hours to seconds through models that identify behavioral anomalies in real time. Meanwhile, Zero Trust is cementing itself as the industry standard: no user, device, or application is trusted by default, and AI enables the application of dynamic, behavior-based policies — reducing credential-based attacks by more than 60% in financial institutions.

Practical Recommendations for SMBs in Latin America

Given this landscape, experts from Check Point, KPMG, Kaspersky, and other firms agree on a set of priority actions for companies working with limited security budgets:

• Two-factor authentication: Enable two-factor authentication across all critical business tools, choosing from temporary codes, security keys, or biometrics. This way, a stolen password alone is not enough to gain access.
• Principle of least privilege: Strengthen access controls by applying the principle of least privilege: each user should only see what they need to do their job, limiting attack surfaces and containing damage in the event of a compromise.
• Ongoing team training: Prepare your teams to identify AI-generated emails, messages, calls, links, files, and other spoofed content.
• Protect your AI environments: Deploy AI workspace protection solutions that can monitor in real time for sensitive data exfiltration, unauthorized tool usage, and tasks executed by unauthorized agents.
• Shift from reactive to proactive: The message for both governments and businesses is clear: abandon the reactive mindset. Cybersecurity in 2026 demands proactive, multi-layered, and adaptive strategies — ones that use artificial intelligence to anticipate attacks, reduce response times, and extend human capacity rather than replace it.

The experts' final message is unambiguous: "Virtually every company, regardless of industry or size, will face cyberattacks — it's a matter of when, not if, given the pace of digitization, connectivity, and the growing sophistication of attacks and attackers," warned Miguel Ángel Peñaloza, Country Manager of TIVIT Peru.

For Latin American SMBs already adopting AI tools to automate their operations — such as the AI agents available on platforms like Doobl.IA — cybersecurity must be part of that same adoption process. Correctly configuring agent permissions, auditing what data they access and how often, and ensuring every connected tool operates under the principle of least privilege are steps just as important as the automation rollout itself.