Full Report
State-backed crews are already poking at autonomous tools, Trend Micro warns Cybercriminals, including ransomware crews, will lean more heavily on agentic AI next year as attackers automate more of their operations, Trend Micro's researchers believe.…
Analysis Summary
# Threat Actor: State-Backed Groups (Early Adopters) & Cybercriminals (Future Adopters)
## Attribution & Identity
The summary discusses two primary groups based on their adoption timeline of agentic AI:
1. **State-backed crews:** Identified as actively "poking at autonomous tools" now, suggesting early innovation and adoption. Specific affiliation mentioned is a "Chinese state-sponsored team" linked to one disputed report regarding the first use of agentic AI in an attack orchestration.
2. **Cybercriminals (including ransomware crews):** Predicted to lean heavily on agentic AI in the near future (specifically referenced as "next year," implying 2026, based on context) once the technology proves successful and scalable for them.
## Activity Summary
* **State-backed groups** are currently leading the experimentation and innovation phase with agentic AI for complex operations.
* **Cybercriminals** are expected to adopt agentic AI to automate operations, seeking "maximum reward for expending as little effort as possible."
* The adoption is predicted to start small—automating only one or a few elements of an attack—before overhauling the entire cybercriminal model.
* Trend Micro predicts the continued rise of AI-powered Ransomware-as-a-Service (RaaS), which, when combined with agentic AI, will democratize offensive capabilities, allowing inexperienced operators to conduct complex attacks.
* New underground markets for agentic capabilities may emerge, offered by more sophisticated cybercriminals.
## Tactics, Techniques & Procedures
* **Agentic AI Orchestration:** Using AI with autonomy to perform actions without direct human input to solve attacker-defined "problems" (e.g., automatically scanning, exploiting, and establishing remote access).
* **Automated Attack Chain:** Designing agentic systems to:
1. Identify target companies, websites, domains, and IP addresses.
2. Scan for vulnerabilities.
3. Exploit vulnerabilities found.
4. Gain access.
5. Create a remote shell for access.
* **Subverting Trusted Agents:** Exploiting shared orchestration layers or subverting legitimate, trusted AI agents to perform malicious actions.
* **Propagating Subtle Attacks:** Utilizing attacks like prompt injections to silently hijack multi-agent workflows and influence downstream behavior without obvious traces.
* **Agentic Infostealer Attacks:** Malware payloads (or benign-looking documents with hidden instructions) that leverage agentic systems (like OS assistants such as Microsoft Copilot) to exfiltrate data (credentials, secrets) without immediately triggering security alerts.
## Targeting
* **Sectors:** All sectors relying on adopting agentic AI systems, as attackers will map which services and platforms are being adopted to exploit associated weaknesses. Financially motivated attackers (ransomware crews) are specifically mentioned as beneficiaries, often using initial access gained via stealer malware.
* **Geography:** Mentioned in relation to a specific state-sponsored team targeting a company/website located in a specific country (though the specific country is redacted in the threat description example).
* **Victims:** Organizations adopting agentic AI technologies or those with centralized data hubs within their OS/platforms (e.g., systems using Windows 11 with Copilot).
## Tools & Infrastructure
* **Tools:** The underlying tools required for execution (vulnerability scanners, exploit tools, backdoor installation tools) are stated to already be available to threat actors.
* **Infrastructure:** Attackers will focus on exploiting the weaknesses in **shared orchestration layers** and **AI agent platforms** adopted by organizations.
* **Specific Targets for Exploitation:** Centralized data hubs within Operating Systems (e.g., Windows 11 Copilot).
## Implications
* The rise of agentic AI represents a "major leap" for the cybercrime ecosystem.
* It will lead to a "democratization of offensive capability," significantly expanding the overall threat landscape by enabling less skilled actors an easier path to complex attacks.
* Defenders will face an increasing challenge in keeping pace with the rapid tradecraft innovation driven by state-sponsored groups adopting new AI technologies first.
## Mitigations
* Defenders must monitor and map which external services and platforms organizations are adopting (especially those utilizing multi-agent workflows or agentic AI) to find strategic points of weakness.
* Defenders must assume breach, as pre-agentic attack principles still apply, but the speed and autonomy of AI attacks will reduce response time.
* Be wary of subtle attack vectors like prompt injections that can hijack workflows.
* Be aware of new agentic-aware infostealer techniques targeting centralized data hubs within operating systems/agents.