Cloudflare has released its inaugural 2026 Threat Intelligence Report, revealing a significant shift in cyberattack strategies as threat actors increasingly focus on compromising legitimate credentials rather than breaching systems through traditional exploits. The report, developed by the company’s threat research unit Cloudforce One, draws on insights from Cloudflare’s global network, which blocks an average of 230 billion cyber threats daily.

The findings indicate that artificial intelligence is rapidly lowering the barrier to sophisticated cybercrime, enabling attackers to deploy automated reconnaissance, generate exploits, and produce convincing deepfake identities. Security researchers also identified a major supply chain attack in which AI-assisted reconnaissance allowed attackers to compromise hundreds of corporate SaaS tenants.

The report highlights evolving geopolitical cyber strategies, noting that groups such as Salt Typhoon and Linen Typhoon have shifted toward precision targeting of telecommunications infrastructure, government agencies, and IT service providers.

Meanwhile, massive botnets including Aisuru are driving record-breaking 31.4 Tbps distributed denial-of-service (DDoS) attacks, surpassing the ability of traditional human-led responses and emphasizing the need for autonomous, intelligence-driven cybersecurity defenses.