Cognyte 2026 Threat Landscape Report: AI Accelerates Cyber Threats as Ransomware Surges Worldwide

HERZLIYA, Israel--(BUSINESS WIRE)--Cognyte Software Ltd. (NASDAQ: CGNT) (“Cognyte”), a global leader in investigative analytics software, released new findings from its LUMINAR Threat Intelligence Group in the LUMINAR 2026 Annual Threat Report. The report analyzes the global threat landscape, showing how AI is reshaping cyber operations, ransomware is rising worldwide and attackers are exploiting vulnerabilities and stolen credentials at scale. It also reveals distinct regional threat patterns and documents what Cognyte refers to as the first known AI-orchestrated cyber espionage campaign using a popular LLM.

AI, ransomware groups and nation-state actors are no longer separate challenges – they’re increasingly working in tandem, creating attacks that move faster and are harder to detect.

Share

“We’re seeing a fundamental shift in how cyber threats are carried out and scaled,” said Gilad Zahavi, Cognyte’s VP of Threat Intelligence. “AI, ransomware groups and nation-state actors are no longer separate challenges – they’re increasingly working in tandem, creating attacks that move faster and are harder to detect. Organizations must prepare for a threat landscape that is changing faster than ever.”

Key Findings in the LUMINAR 2026 Threat Landscape Report

AI is increasingly used by cyber attackers and defenders.

• In 2025, AI enabled attackers to automate up to 80–90% of a specific nation-state espionage campaign and generate most phishing content (82.6%), while defenders used LLM-assisted tools to identify vulnerabilities, including the zero-day CVE-2025-6965.

Exploited vulnerabilities remain a key attack vector.

• In 2025, nearly 50,000 new vulnerabilities were disclosed (average CVSS score of 6.6), with major flaws such as React2Shell (CVE-2025-55182) widely discussed on the dark web, while Linux Kernel recorded the highest number of reported vulnerabilities (2,257).

Stolen credentials remain a major driver of cyber intrusions.

• In 2025, stolen credentials were linked to 22% of data breaches, even as dark web sales ads dropped by about 50% (to ~7 million), with the Lumma infostealer responsible for 2.2 million listings – roughly 42% of the total.

Ransomware attacks are on the rise globally.

• In 2025, ransomware groups claimed 7,809 victims – a 27.3% increase year over year – led by the Qilin group (12.8% of attacks), while total payments fell 23% as attackers increasingly shifted toward targeting small and medium-sized businesses.

Threat activity varies significantly by region, reflecting different dominant actors and priorities.

• The U.S. accounted for roughly one-third of global ransomware incidents, while nation-state activity dominated the Middle East (56.6%) and APAC (67%); cybercriminal groups led in North America (52%) and showed a similar pattern in Europe, with notable state-linked involvement.

The 2026 LUMINAR Threat Landscape Report also includes an overview of Cognyte’s recommendations and general best practices to protect against the common threat vectors and threats addressed in the report. The full report is available for download here.

Research Methodology

Cognyte’s 2026 LUMINAR Threat Landscape Report is based on in-depth analysis of cybersecurity incidents worldwide in 2025, supported by AI-driven insights and data from the company’s proprietary threat intelligence repository. The LUMINAR Threat Intelligence Group analyzed more than 2,300 real-life cyber incidents using generative AI capabilities, where they uncovered new attack vectors, emerging ransomware groups and the continued evolution of trends first identified in 2024.

LUMINAR is AI-driven external threat intelligence software that enables security and risk management leaders to maintain visibility of their threat landscape. By consolidating all critical threat intelligence capabilities into a unified solution, users can extract timely, accurate and actionable insights that can be applied before, during and after threats reach an organization.

About Cognyte

Cognyte is a leading software-driven technology company, focused on solutions for data processing and investigative analytics that allow customers to generate Actionable Intelligence for a Safer World™. Cognyte’s solutions empower law enforcement, national security, national and military intelligence agencies, and other organizations to navigate an increasingly complex threat landscape. With offerings that leverage state-of-the-art technology, including Artificial Intelligence (AI), big data analytics and advanced machine learning, Cognyte helps customers make smarter, faster decisions with their data for successful outcomes. Hundreds of customers rely on Cognyte’s investigative analytics solutions to uncover critical insights from past events and anticipate emerging threats. By harnessing AI-driven intelligence, Cognyte accelerates investigations with exceptional speed and accuracy while enabling customers to better investigate, anticipate, predict and mitigate risks with greater precision. Learn more at www.cognyte.com.