AI Driven Automation of Vulnerability Discovery and Malware Generation Reported by Microsoft

Microsoft’s latest Digital Defense Report 2025 reveals that financial motivation continues to dominate the global cyber threat landscape, with 52% of analyzed attacks linked to extortion and ransomware, while espionage-driven operations accounted for merely 4%.

The report authored by Microsoft’s Chief Information Security Officer, Igor Tsyganskiy, highlights that 80% of incidents investigated were linked to data theft, underscoring cybercriminals’ profit-driven motives over state intelligence gathering.

AI-Powered Expansion of Cybercrime

Microsoft’s findings emphasize the accelerating use of AI in cyberattacks, which has allowed even low-skilled threat actors to scale malicious operations.

The company’s systems now process over 100 trillion security signals per day, blocking around 4.5 million new malware attempts and screening 5 billion emails for phishing and malicious payloads.

However, automation and AI have drastically changed attack dynamics. Threat actors use machine learning models to discover vulnerabilities faster, automate phishing campaigns, and generate polymorphic malware that adapts to endpoint defenses.

Generative AI tools are being exploited to craft more convincing synthetic content, enabling large-scale social engineering and impersonation tactics. Attackers are using these models to analyze public vulnerabilities and develop exploit code within hours of disclosure.

This technological convergence has transformed traditional ransomware campaigns into industrial-scale automated attacks, capable of lateral movement and persistence using AI-assisted reconnaissance.

Nation-State and Identity-Based Threats Surge

Microsoft’s report further details the geopolitical dimension of cyber threats. Nation-state actors, particularly from China, Iran, Russia, and North Korea, are expanding their target lists and exploiting newly disclosed vulnerabilities faster than ever.

For instance, Russian-affiliated groups have increased operations against NATO-member businesses by 25%, while Iranian threat actors have attacked shipping and logistics infrastructures across Europe and the Gulf.

North Korea’s cyber workforce continues generating illicit revenue through remote IT employment and cryptocurrency theft.

Identity compromise remains a critical challenge. Over 97% of identity attacks in the first half of 2025 were password-based, with a 32% surge in malicious sign-in attempts compared to last year.

Cybercriminals increasingly rely on infostealer malware, such as Lumma Stealer, which was recently disrupted by Microsoft’s Digital Crimes Unit, to harvest credentials and authentication tokens that are then sold on dark web markets.

Microsoft underscores the effectiveness of phishing-resistant multi-factor authentication (MFA), capable of blocking 99% of identity-based breaches.

As cybercriminals adopt AI-powered exploitation techniques, Microsoft stresses that organizations must integrate security into their overall business strategy, fortify AI systems, and embrace industry collaboration.

The report concludes that defending against AI-accelerated threats now requires AI-driven defense models, continuous vulnerability monitoring, and collective deterrence through international policy and attribution efforts.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post AI Driven Automation of Vulnerability Discovery and Malware Generation Reported by Microsoft appeared first on Cyber Security News.