ESET Threat Report: AI boosts cyber attackers’ efficiency


  • ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.
  • ClickFix – a social engineering technique leveraging fake error messages – has expanded into AI-themed help pages, browser extensions, and cloud authentication scenarios.
  • QR code phishing – also known as quishing – has reached record levels in ESET telemetry.
  • ESET analyzed nearly 900,000 AI skills – small functional components used by AI agents – and identified tens of thousands of suspicious and thousands of malicious instances. AI is also beginning to appear within malware.
  • Ransomware showed no signs of slowing down, with its continued use of EDR killers – tools designed to disable security software during attacks.

BRATISLAVA, Slovakia, July 08, 2026 (GLOBE NEWSWIRE) -- ESET Research has released its H1 2026 Threat Report, which summarizes threat landscape trends seen in ESET telemetry, as well as insights from ESET threat detection and research experts, from December 2025 through May 2026. The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Artificial intelligence (AI) is playing a growing role in this development. ESET analyzed nearly 900,000 AI skills – small functional components used by AI agents – and identified tens of thousands of suspicious and thousands of outright malicious instances. AI is also beginning to appear within malware itself: ESET researchers have identified PromptSpy, the first known Android malware to use generative AI in its execution flow.

“Rather than relying on entirely new methods and tools, attackers are quickly adapting established techniques to new platforms, technologies, and user behaviors. The number of AI skills within this new ecosystem is growing rapidly as we speak, further expanding the attack surface,” says ESET Director of Threat Prevention Labs Jiří Kropáč. “On the other hand, PromptSpy illustrates the potential for increased flexibility in future threats – although guardrails against abuse included in LLMs are likely slowing down the adoption,” explains Kropáč.

AI skills are small add-ons or sets of instructions that instruct an AI agent how to perform a specific task, including which services or tools to use and what data to access. The published report covers details about malicious AI skills using third-party hacking tools such as Mimikatz or Impacket and a suspicious self-modifying skills designed to create a persistence mechanism (JSON file) and a tool for self-modification (Python code). This can lead to unpredictable behavior of the agent or its abuse by an attacker. And finally, there are benign but problematic skills such as those marketed as security scanners, which create a false sense of security but implement only basic scanning techniques – like AV tools from the 1990s – or simply query the reputation of hashes, URLs, and IP addresses on VirusTotal.

Meanwhile, ClickFix – a social engineering technique leveraging fake error messages – has expanded beyond fake CAPTCHA prompts into AI-themed help pages, browser extensions, and cloud authentication scenarios. AI-fix shows how adversaries exploit trust in generative AI, embedding ClickFix compromise chains into AI-generated troubleshooting content to nonexistent issues on pages that abuse domains of AI powerhouses. ConsentFix highlights an evolution toward token theft, combining ClickFix-style interaction with OAuth authorization abuse to hijack cloud accounts without the need to steal credentials, often bypassing MFA and relying entirely on legitimate login workflows. ESET detections of this vector more than doubled between H2 2025 and H1 2026, indicating sustained activity and adaptation.

Phishing campaigns are also evolving in response to user behavior. QR code phishing – also known as quishing – has reached record levels in ESET telemetry, with attackers embedding malicious links in QR codes to bypass inspection and shift user interaction to mobile devices while exploiting the implicit trust many people place in the barcodes with square patterns. Approximately 11% of all detected phishing emails in H1 2026 utilized QR codes, and QR code phishing threats were most prevalent in the US (19% of detections), Spain (17%), and Mexico (6%).

Last but not least, ransomware activity showed no signs of slowing down, with the continued use of EDR killers – tools designed to disable security software during attacks. ESET Research has documented over 100 different EDR killers used in the wild, with new variants appearing regularly. The number of ransomware attacks continued to grow in H1 2026, but the number of victims willing to pay reached all-time lows. Three recent industry reports confirmed this downward trend, reporting a 14–28% share of paying victims.

For more information, check out the ESET Threat Report H1 2026 on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

About ESET

ESET® provides cutting-edge cybersecurity to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown — securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts and blogs.

 

Contact Data

GlobeNewswire

Recommended Reading