The era of “typing into a box” is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs.
Threat actors are increasingly augmenting their attacks with AI tools, according to researchers at Google’s Threat Intelligence Group (GTIG). For the first time, GTIG observed a threat actor using a zero-day exploit developed by AI, although Google blocked the attack before it succeeded. Threat actors also continue to use Large Language Models (LLMs) for research, reconnaissance, and malware development.
In 2024, we talked to AI. In 2026, AI is talking to our systems, our customers, and increasingly, acting on our behalf. With AI agents, we are moving AI from a tool to an actor, from assistance to agency and from outputs to actions. And that changes the nature of risk. AI agents plan, execute, and interact with the world on our behalf. They send emails, move data, trigger workflows, and increasingly operate across systems without human intervention.
The Tycoon 2FA phishing-as-a-service platform is now using OAuth device code phishing to compromise devices that are protected by multifactor authentication, according to eSentire’s Threat Response Unit (TRU). Tycoon 2FA is one of the most active phishing kits and has resumed normal operations following a law enforcement takedown earlier this year.
By Bree Fowler, contributor
Artificial intelligence is dramatically changing the digital threat landscape and how security professionals fight back against the cybercriminals that use these new and more powerful tools.
There is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot match. Unfortunately, the same technology helping defenders is also being adopted by cybercriminals just as quickly.
2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds.
![[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering Targets](https://blog.knowbe4.com/hubfs/malware-code_1200x630_og.jpg)
GitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,800 repositories being “directionally consistent” with its investigation. GitHub also said it found no evidence that customers’ own enterprises, organizations or repositories were impacted.
