In 2026, cybercriminals are directly targeting exposed AI tools to weaponize them for their own financial gain. Specifically, over 1,000 internet-exposed instances of ComfyUI, a popular stable diffusion AI platform, have been hijacked and enlisted into cryptocurrency mining and proxy botnets. Attackers utilize purpose-built automated Python scanners to continuously sweep major cloud IP ranges, automatically installing malicious nodes on vulnerable targets. By leaving these AI workflows internet-facing without proper authentication, organizations are inadvertently providing a "free GPU timeshare for criminals".

Beyond hijacking AI infrastructure, AI-driven adversaries are actively exploiting enterprise vulnerabilities, particularly systemic identity gaps. Threat actors are deploying AI-assisted attacks to capitalize on disconnected identity systems and recurring credential incidents, which compounds the financial and operational damages for targeted organizations. Security experts are urging enterprises to audit and close these identity gaps before AI makes the decision for them.

On a broader scale, the cyber threat landscape now faces advanced AI-enabled nation-state threats. These sophisticated adversaries operate at an "agentic attack speed," meaning they leverage AI to launch and adapt attacks so rapidly that traditional, incremental defensive measures are no longer sufficient. Organizations are being warned that to match this AI-driven attack speed, their cybersecurity responses must undergo fundamental architectural shifts rather than just minor adjustments.