Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations that go way beyond today’s ransomware and phishing campaigns.
In a new report, the cybersecurity firm predicted that agentic AI will massively increase attack volume, with automated phishing, fraud, and breach exploitation becoming continuous background operations.
Criminal ecosystems will move from a traditional Cybercrime as a Service model to what Trend Micro called 'Cybercrime as a Servant’, relying on chained AI agents and autonomous orchestration layers to run criminal businesses end-to-end.
“Agentic AI gives criminals a ready-made arsenal that scales, adapts, and keeps working even when the humans disappear. The real risk is not a sudden AI-fueled explosion of crime, but the slow, unstoppable automation of attacks that used to require skill, time, and effort. This shift is already underway,” said Robert McArdle, director of forward-looking threat research at Trend Micro.
“We will see an optimization of today’s leading attacks, the amplification of attacks that previously had poor ROI, and the emergence of brand new ‘Black Swan’ cybercrime business models.”
Researchers said they expect to see more attacks on enterprise cloud and AI systems, as these provide cyber criminals scalable power, compute, AI capabilities, storage, and access to valuable information they can use to run their agentic architecture.
This, the company warned, will introduce new kinds of attacks – many of which are unprecedented, or expected to grow in scale. Meanwhile, agentic cyber crime will influence the overall setup of today’s criminal ecosystem, giving rise to new or enhanced criminal business models and trends.
Looking ahead, Trend Micro said defensive platforms and security solutions will need their own orchestrators and autonomous agents to counter the shift, or risk being overwhelmed.
“For enterprises, this means reassessing security strategy now as well as investing in automation and AI-driven defence," McArdle said.
"Organizations also have to ensure resilience before criminals industrialize their own use of AI, or risk trying to catch up in an exponential arms race that will quickly separate those who were prepared and those were not.”
Agentic AI security warnings ramp up
Trend Micro is by no means the first firm to warn of the looming threat of agentic AI-related cyber crime.
In September, for example, Anthropic admitted that its AI tools had been "weaponized" by hackers to conduct serious attacks against organizations.
The company warned agentic AI is being used across cyber criminal operations, particularly to identify victims, analyze stolen data, and to create ransomware and malware strains.
In a blog post detailing its findings, Anthropic pointed to examples where cyber criminals used Claude Code to automate reconnaissance practices, harvest victim credentials, and penetrate networks at 17 organizations in the healthcare, emergency services, and government sectors.
A similar study from Malwarebytes in early 2025 also highlighted the growing threat posed by agentic AI in cyber criminal operations.
The company’s 2025 State of Malware report said this latest iteration of the technology will “further revolutionize cyber criminal tactics” and enable threat actors to create more potent malware strains.
While warnings over the use of agentic AI among cyber criminals are growing, the use of the technology by defenders offers huge potential, industry stakeholders claim.
AWS CISO Amy Herzog, for example, recently told ITPro that agents will herald a radical shift for cybersecurity practitioners, enabling them to react to attacks in a more efficient manner.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- ‘Slopsquatting’ is a new risk for vibe coding developers
- Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware
- Agentic AI carries huge implications for security teams
-
The hidden cost of MFT vulnerabilitiesIndustry Insights The channel can solve the fundamental fragility in how organizations handle their most sensitive data transfers
-
What businesses need to know about data sovereigntyWithout a firm strategy for data sovereignty, businesses put their data and reputations at risk
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
-
NCSC issues urgent warning over growing AI prompt injection risks – here’s what you need to knowNews Many organizations see prompt injection as just another version of SQL injection - but this is a mistake
-
Chinese hackers are using ‘stealthy and resilient’ Brickstorm malware to target VMware servers and hide in networks for months at a timeNews Organizations, particularly in the critical infrastructure, government services, and facilities and IT sectors, need to be wary of Brickstorm
-
AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals — and teams at Amazon are already seeing huge gainsNews AWS CISO Amy Herzog thinks AI agents will be a ‘boon’ for cyber professionals, and the company has already unlocked significant benefits from the technology internally.
-
HPE selects CrowdStrike to safeguard high-performance AI workloads
News The security vendor joins HPE’s Unleash AI partner program, bringing Falcon security capabilities to HPE Private Cloud AI
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
