Supercharging Cyber Attacks: How AI has changed the threat landscape for businesses.

It’s a sad state of affairs but Artificial Intelligence (AI) is now being weaponised as threat actors leverage AI at every stage of the attack lifecycle to launch faster, more widespread and more damaging attacks on businesses. 

Anthropic’s Threat Intelligence Report August 2025 found: 

• AI models are now being used to carry out cyber-attacks at scale 

• AI has lowered the barriers to entry with fewer technical skills required to launch complex attacks 

• Threat actors are integrating AI from start to finish throughout their operations 

• One individual can carry out attacks that previously would have taken a whole team  

This fundamental shift in the threat landscape means cyber criminals can now automate their reconnaissance of businesses, scaling to the scanning thousands of systems, enumerating software versions, analysing configurations, and pinpointing vulnerabilities in Internet-facing business systems and devices faster than ever before. 

Industry threat intelligence reports confirm that external vulnerability exploitation is one of the most prevalent initial access vectors used by attackers to breach the business perimeter.  

According to Mandiant’s M-Trends Report 2025, vulnerability exploitation was the leading initial access method, generating 33% of attacks, including those targeting Internet-facing systems such as web servers, APIs, and edge devices such as firewalls and VPN services. 

Verizon’s 2025 Data Breach Investigations Report also found exploitation of vulnerabilities to be behind 20% of breaches, with attacks on externally facing Internet edge devices and VPNs increasing dramatically from 3% to 22%. 

How Attackers are using AI to Scale their Operations 

• Automated reconnaissance: AI-powered tools can crawl the Internet, identify exposed services, and determine software versions, significantly reducing the time it takes to map an organisation’s external footprint. 

• AI-assisted vulnerability prioritisation: instead of manually reviewing scan data, attackers are now using AI models to correlate against open-source intelligence, CVE data, and exploit descriptions to prioritise which businesses to target as the economy of effort to exploit is low.  

• Adaptive attack automation: AI systems can carry out entire attack sequences with minimal human involvement, automatically scanning, learning, and adapting their next move, which enables continuous and scalable attacks.  

The result is that what once took days of manual reconnaissance can now be done in minutes. This has led to a new era of AI-assisted cyber-crime where threat actors can discover, prioritise, and target vulnerable assets within hours of exposure, outpacing traditional methods of defence. 

How to Stay Ahead: Attack Mitigation Service - External 

To counter AI-driven attacks, reduce the workload on internal security teams, and cut cyber risk organisations need to adopt a proactive and layered approach to protecting Internet-facing infrastructure. That’s where the Fortis Cyber® External Attack Mitigation Service (EAMS) comes in, simplifying vulnerability management, providing comprehensive detection and validation, and delivering assurance against external cyber threats using: 

• Regular Assessments: scheduled evaluations detecting and identifying risks across internet-facing assets and discovering vulnerabilities before threat actors do. 

• Simulated Attacks: replicating real-world threat scenarios at scale to reveal how resilient your defences are under realistic attack conditions. 

• Expert-Led Evaluation: experienced cyber security specialists perform in-depth analysis, validating findings and providing actionable recommendations. 

• Security Workshops for Zero-Day Resilience: helping organisations understand and mitigate emerging threats and build resilience against zero-day vulnerabilities. 

  
  

What This Means for Your Business 

AI has transformed the balance of power in cyber security, giving criminals the tools to rapidly launch scalable attacks. Organisations need to act pre-emptively to anticipate and counter these threats. 

By regularly assessing external attack surfaces, simulating real-world threats, and building resilience through expert-led guidance, organisations can be the first to find the gaps and vulnerabilities, rather than the last to know about them. 

Ready to Simplify Security and Reduce Risk?  

Our experts will work with you to understand your security requirements and recommend tailored solutions aligned to your business that will reduce risk and lighten your team’s workload. 

Start the conversation today at enquiries@fortiscyber.co.uk, our team will prioritise your request and help you secure your systems quickly.