Cyber expert: AI makes hackers feel like they have 10 assistants

Cybercrime will undergo radical changes starting in 2026: autonomous AI agents will take over the execution of cyberattacks, according to the Global Cybersecurity Report 2025. What will such an autonomous attack look like in practice? And can you, as an individual or a company, do anything about it? IO+ spoke with cybersecurity expert Patrick Jordens.

What exactly is an autonomous cyberattack?

“When it comes to AI-driven cybercrime, many people think of fully autonomous hacker systems that decide for themselves who to attack. That image is only partly correct.

AI is primarily an accelerator and optimizer of attacks that we already know. It is not a robot hacker that decides on its own to hack a company. It involves technologies that support attacks. Attacks are set up faster, better tailored to the target, require less human effort, and are more difficult to distinguish from normal behavior. For cybercriminals, it feels like they suddenly have ten digital assistants."

What types of attacks are autonomous systems used for against individuals and organizations?

“I can give you three examples. First: hyper-targeted phishing. Instead of a general email such as ”Dear customer", a message is completely personalized. AI can analyze profiles and look at tone, timing, and content. Based on all kinds of public and internal sources, someone can be approached in a very targeted way—without the need for a human being. Think of emails that refer to a colleague or an ongoing project. This makes employees less hesitant and more likely to click on a link.

Secondly: faster exploitation of vulnerabilities. All software contains vulnerabilities, no matter how new it is. There is always something that a developer has not thought of. That is why updates are so important — just like the notifications you keep getting on your phone. Where a human being needs days to scan systems for vulnerabilities, AI can do this continuously. Suppose a critical leak is found in software from, say, Microsoft, which is used worldwide. Not everyone installs the update immediately. Attackers focus precisely on those who lag behind. AI can detect and exploit this at lightning speed.

Third: adaptive attacks. AI-driven attacks adapt during the attack. They observe what works and what doesn't and automatically change their approach. This makes this type of attack particularly flexible — and therefore more difficult to stop.

What can individuals and companies do against this?

"Larger companies with bigger budgets can use advanced monitoring and detection systems, such as MDR services (Managed Detection and Response systems). These systems continuously scan network traffic, recognize abnormal behavior, and automatically intervene by blocking suspicious activities. This works well, but it is complex and expensive—and therefore not an option for every company.

SMEs often don't have that luxury, but remaining naive is not an option. The idea that “we're not interesting anyway” is really outdated. Precisely because it takes little effort to attack many organizations at once, a drugstore, nail salon, or other small business is also a target — especially if you depend on cash register systems, customer data, or digital planning.

What SMEs can do is train employees to recognize attacks. Secondly, make a plan for when things go wrong. Think ahead: who will you call, how will you inform staff, what will you do if systems go down? With a simple plan, you'll quickly be 3–0 ahead. Thirdly, make sure you can recover quickly after an attack. Make backups, know what is being backed up, and regularly test whether your data can actually be restored."