Trend Micro unit TrendAI has released a new report on the new landscape emerging from greater alignment between cyberattacks and geopolitical interests. The report detects a growing collaboration between APT groups and an increasingly clear convergence between digital operations, cyber attacks, strategic objectives of states and even military or influence dynamics.
Among the most relevant findings, TrendAI highlights the use of language models in active malware to sophisticate cyberattacks, the consolidation of shared access schemes such as Premier Pass-as-a-Service and the growing prominence of edge and supply chain infrastructures as vectors of entry, persistence and deployment of cyberattacks.
“We are facing a structural change in the threat. AI has stopped being a one-time support to become an operational multiplier that accelerates cyberattacks and drastically reduces the defender’s response times,” says José de la Cruz, technical director of TrendAI. “The challenge for companies and public administrations is no longer just to prevent the entry of cyberattacks, but to be able to detect them earlier, contain them better and recover faster.”
Operations linked to cyber attacks
The report also places 2026 as a key moment in the race for technological sovereignty, especially in the field of artificial intelligence. China appears as the most advanced actor in the development of its own capabilities, while other countries such as Russia or North Korea continue to depend to a greater extent on external technologies to reinforce operations linked to cyber attacks.
Looking ahead to the coming months, TrendAI anticipates an acceleration of this trend, in which speed and automation will make the difference. “The next 24 months will be marked by a race for resilience at machine speed. Organizations that continue to operate with fragmented tools and manual reaction times will be at a disadvantage against increasingly automated and coordinated actors, capable of launching more complex cyberattacks,” adds the technical director.
The report detects a growing collaboration between APT groups and a convergence between digital operations, cyberattacks and strategic objectives of states
Given this context, the company insists on the need to rethink cybersecurity strategies in the face of the increase in cyberattacks. The report recommends abandoning approaches focused exclusively on prevention and opting for models based on continuous visibility, containment capacity and rapid recovery. In an environment where cyberattacks and intrusions are increasingly inevitable, he concludes, resilience becomes the main factor to guarantee business continuity.
“Cybersecurity must now be addressed as a matter of business continuity and geopolitical risk, especially in a scenario marked by persistent cyberattacks,” concludes de la Cruz.
