Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacks
A new report from warns organizations to prepare for a huge increase in attack volumes thanks to agentic AI
Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations that go way beyond today’s ransomware and phishing campaigns.
In a new report, the cybersecurity firm predicted that agentic AI will massively increase attack volume, with automated phishing, fraud, and breach exploitation becoming continuous background operations.
Criminal ecosystems will move from a traditional Cybercrime as a Service model to what Trend Micro called 'Cybercrime as a Servant’, relying on chained AI agents and autonomous orchestration layers to run criminal businesses end-to-end.
“Agentic AI gives criminals a ready-made arsenal that scales, adapts, and keeps working even when the humans disappear. The real risk is not a sudden AI-fueled explosion of crime, but the slow, unstoppable automation of attacks that used to require skill, time, and effort. This shift is already underway,” said Robert McArdle, director of forward-looking threat research at Trend Micro.
“We will see an optimization of today’s leading attacks, the amplification of attacks that previously had poor ROI, and the emergence of brand new ‘Black Swan’ cybercrime business models.”
Researchers said they expect to see more attacks on enterprise cloud and AI systems, as these provide cyber criminals scalable power, compute, AI capabilities, storage, and access to valuable information they can use to run their agentic architecture.
This, the company warned, will introduce new kinds of attacks – many of which are unprecedented, or expected to grow in scale. Meanwhile, agentic cyber crime will influence the overall setup of today’s criminal ecosystem, giving rise to new or enhanced criminal business models and trends.
Looking ahead, Trend Micro said defensive platforms and security solutions will need their own orchestrators and autonomous agents to counter the shift, or risk being overwhelmed.
“For enterprises, this means reassessing security strategy now as well as investing in automation and AI-driven defence," McArdle said.
"Organizations also have to ensure resilience before criminals industrialize their own use of AI, or risk trying to catch up in an exponential arms race that will quickly separate those who were prepared and those were not.”
Agentic AI security warnings ramp up
Trend Micro is by no means the first firm to warn of the looming threat of agentic AI-related cyber crime.
In September, for example, Anthropic admitted that its AI tools had been "weaponized" by hackers to conduct serious attacks against organizations.
The company warned agentic AI is being used across cyber criminal operations, particularly to identify victims, analyze stolen data, and to create ransomware and malware strains.
In a blog post detailing its findings, Anthropic pointed to examples where cyber criminals used Claude Code to automate reconnaissance practices, harvest victim credentials, and penetrate networks at 17 organizations in the healthcare, emergency services, and government sectors.
A similar study from Malwarebytes in early 2025 also highlighted the growing threat posed by agentic AI in cyber criminal operations.
The company’s 2025 State of Malware report said this latest iteration of the technology will “further revolutionize cyber criminal tactics” and enable threat actors to create more potent malware strains.
While warnings over the use of agentic AI among cyber criminals are growing, the use of the technology by defenders offers huge potential, industry stakeholders claim.
AWS CISO Amy Herzog, for example, recently told ITPro that agents will herald a radical shift for cybersecurity practitioners, enabling them to react to attacks in a more efficient manner.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- ‘Slopsquatting’ is a new risk for vibe coding developers
- Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malware
- Agentic AI carries huge implications for security teams
-
‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackersNews AI is making it harder to differentiate between high and low-skilled actors
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Google says AI is now being used to build zero-days – and we just narrowly avoided a 'mass exploitation event'News Google cyber researchers think they’ve found the first AI-generated zero-day exploit
-
Five Eyes agencies sound alarm over risky agentic AI deploymentsNews Security agencies have urged organizations to establish clear boundaries and guardrails for AI agents
-
Enterprises are adopting agents faster than they can secure and govern them – experts warn it’s a disaster waiting to happenNews Identity systems developed for human interaction fail to cope with the new demands
-
UK firms left in the dark over what workers are sharing with AINews Security teams can’t keep track of what workers are sharing with AI applications, regardless of whether they’re approved or unauthorized
