67.3% of the 832 malicious accounts banned between March 2025 and March 2026 used AI to write malware.

495 malicious AI models were identified on Hugging Face.

56 malicious extensions were identified on OpenVSX.

969 malicious AI agent skills were identified carrying high-impact payloads.

Credential-stealer infections were dominated by RedLine with 911,968 infections (50.80%), Lumma with 499,784 infections (27.84%), and Vidar with 236,778 infections (13.19%).

33% of CIOs identify malware and ransomware as dominant threats.

Over a quarter of CIOs report AI as a significant source of risk, placing it on par with malware, ransomware and phishing.

Threat actors deployed more than 147,000 malicious domains, nearly 58,000 malware files, and actively exploited 549 vulnerabilities in 2025.

11.01% of organizations have active malicious packages embedded in production environments.

BRICKSTORM achieved dwell times of nearly 400 days.

Over 11.1 million machines were infected with infostealers in 2025.

Malware hidden in public model and code repositories accounts for 35% of AI-related breaches.

Nearly half of the active malware families have financial extortion capabilities, including ransomware that can encrypt files on the device.

Thirty-four active malware families targeted 1,243 financial apps across 90 countries.

TsarBot, CopyBara, and Hook collectively targeted more than 60% of global banking and fintech apps.

BoaLoader malware is a factor in nearly 20% of incidents observed in the calendar year.

Across cloud providers, Azure draws 43.5% of observed malware samples, Google Cloud Platform draws 33.2%, and Amazon Web Services draws 23.2%.

41% of internal audit leaders are concerned about the use of AI to insert malicious code.

12% of organizations detected employee exposure to malware via GitHub each month in 2025.

In 2025, malicious attachments were present in 18% of phishing attacks.