AI and Deepfakes Supercharge Sophisticated Cyber-Attacks: Cloudflare

Easy access to large language models (LLMs) and other AI tools has significantly lowered the barrier to entry for cybercriminals to conduct effective cyber-attacks rapidly and at scale, a new threat intelligence report by Cloudflare has warned.

The 2026 Cloudflare Threat Report draws on research and analysis by the company’s Cloudforce One threat research team and details how AI has become a “force multiplier” for cybercriminals, lowering the effort required to carry out campaigns, while also making those campaigns more impactful.

“An actor who previously lacked the skills to craft a convincing phishing email or write custom malware can now leverage an LLM to generate them rapidly and at scale, significantly lowering the barrier to entry for highly effective operations,” said Cloudflare.

According to the report, LLMs and AI have been adopted by a wide range of threat actors, including state-sponsored hacking groups, financially motivated cybercriminal gangs and hacktivist collectives.

The ways in which malicious hackers are exploiting these tools include using LLMs to write more convincing phishing emails, especially if they’re not being written in their native language.

Attackers are also taking advantage of AI tools to help with writing malware and conduct campaigns, in a way which is lowering the technical barrier to entry for launching attacks. For example, according to the report, attackers are using LLMs to map networks in real-time.

“Cloudforce One tracked a threat actor who leveraged AI to help identify the location of high-value data. This allowed the actor to compromise hundreds of corporate tenants… in one of the most impactful supply chain attacks seen,” said researchers.

AI Deepfakes: The New Insider Threat

Corporate identities have become a prime focus of cyber-attacks, with user accounts highly coveted by the attackers as they look to leverage access to cloud architecture to covertly conduct campaigns while remaining under the radar.

But sometimes, using account identity isn’t enough. Researchers warn that AI-generated deepfakes and fraudulent IDs are being generated to bypass hiring filters to embed threat actors directly inside target organizations as employees. In particular, North Korea is known to exploit this attack vector.

“This infiltration turns the remote workforce into an attack vector, placing malicious insiders within the organization’s most trusted administrative and financial systems,” said the report.

Cloudflare has warned that the proliferation of AI-based tools lowering the barrier to entry for technical, sophisticated campaigns amounts to the “total industrialization of cyber threats” – and that organizations must be prepared for rapid evolution of cyber-attacks.

“Threat actors are constantly changing tactics, finding new vulnerabilities to exploit and ways to overwhelm their victims. To avoid being caught off guard, organizations must shift from a reactive posture to one fueled by real-time actionable intelligence,” said Blake Darché, head of threat intelligence, Cloudforce One at Cloudflare.

AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare

Danny Palmer

AI Deepfakes: The New Insider Threat

You may also like

North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms

New Ransomware Group Uses AI to Develop Nefarious Tools

Crafting Scams with AI: a Devastating New Vector

When Seeing Isn’t Believing: Deepfakes in the Digital Age

US Officials Impersonated Via SMS and Voice Deepfakes

What’s Hot on Infosecurity Magazine?

Chrome Unveils Plan For Quantum-Safe HTTPS Certificates

Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity

AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike

Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel

Ransomware Payments Decline 8% as Attacks Surge 50%

Cybersecurity M&A Roundup: Firms Focus on AI Agents, as Check Point Announces Three Acquisitions

AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike

Shai-Hulud-Like Worm Targets Developers via npm and AI Tools

Exploitable Vulnerabilities Present in 87% of Organizations

Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign

How To Enhance Security Operations with AI-Powered Defenses

Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day

How To Enhance Security Operations with AI-Powered Defenses

What’s Next for AI Identity in 2026

Why Your Organisation Needs Trusted Time Synchronisation

Geopolitics: How to be a Cybersecurity Leader in an Unstable World

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

Securing the AI Era: A CISO’s Perspective

The Intelligence Edge: Clarity, Context and the Human Advantage in Modern CTI

Future-Proofing Critical Infrastructure: National Gas CTO Darren Curley on IT/OT Security Integration

Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw

Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls

Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats

Psychology, AI and the Modern Security Program: A CISO’s Guide to Human Centric Defence

AI and Deepfakes Supercharge Sophisticated Cyber-Attacks, Says Cloudflare

Written by

AI Deepfakes: The New Insider Threat

You may also like

What’s Hot on Infosecurity Magazine?