The use of AI agents will redefine the cybercrime ecosystem, enabling fully automated criminal operations that go far beyond current ransomware and phishing campaigns. This has been revealed by the cybersecurity company Trend Micro, which points out that Agent AI will massively increase the volume of attacks, turning automated phishing, fraud and the exploitation of stolen data into continuous, background operations, powered by intelligent agents.
The report, “VibeCrime: Preparing Your Organization for the Next Generation of Agentic AI Cybercrime,” outlines how cybercriminals will combine specialized AI agents with centralized criminal organizers to launch high-volume, adaptable and highly resilient campaigns, with minimal human intervention.
Furthermore, it anticipates an evolution of criminal ecosystems: from the “cybercrime as a service” model towards “cybercrime as a servant”, supported by chains of AI agents and autonomous orchestration layers capable of managing criminal activities from end to end through multiple coordinated agents.
“Agent AI provides criminals with a ready-to-use arsenal that scales, adapts and continues to operate even when humans disappear. The real risk is not a sudden explosion of AI-driven crimes, but the slow, unstoppable automation of attacks that previously required skill, time and effort. This change is already underway,” said Robert McArdle, director of Prospective Threat Research at Trend Micro.
Increase in the number of attacks
Trend Micro notes that Agent AI will massively increase attack volume, turning automated phishing, fraud, and stolen data exploitation into continuous, background operations executed by autonomous agents. Furthermore, it anticipates an evolution of criminal ecosystems: from the “cybercrime as a service” model towards “cybercrime as a servant”, supported by chains of AI agents and autonomous orchestration layers capable of managing criminal activities from end to end.
In parallel, defense platforms will have to incorporate their own autonomous agents if they want to respond to this change; Otherwise, they could be overwhelmed by the scale and speed of attackers, who operate with armies of malicious actors. The study also warns that new categories of attacks will emerge at a rate much higher than the current ability of defenders to detect or mitigate them, configuring a scenario of increasing pressure and complexity dominated by intelligent agents.
The report anticipates an evolution of criminal ecosystems: from the “cybercrime as a service” model to “cybercrime as a servant”
Robert McArdle points out that “we will see an optimization of the current main attacks, the amplification of crimes that previously had a low return on investment and the emergence of new “black swan” cybercrime business models”, driven by increasingly sophisticated agent networks.
“For businesses, this means reevaluating their security strategy now, as well as investing in automation and AI-based defense. Organizations must also ensure their resilience before criminals industrialize their own use of AI through autonomous agents, or risk playing catch-up in an exponential arms race that will quickly separate those who were prepared from those who were not,” McArdle concludes.
