Blog
/
Network
/
June 5, 2025

Unpacking ClickFix: Darktrace’s detection of a prolific social engineering tactic

ClickFix is a social engineering technique that exploits human error through fake prompts, leading users to unknowingly run malicious commands. Learn how Darktrace detects and responds to such threats!
Written by
Keanna Grelicha
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Keanna Grelicha
Cyber Analyst
Woman on laptop in office buildingDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
05
Jun 2025

What is ClickFix and how does it work?

Amid heightened security awareness, threat actors continue to seek stealthy methods to infiltrate target networks, often finding the human end user to be the most vulnerable and easily exploited entry point.

ClickFix baiting is an exploitation of the end user, making use of social engineering techniques masquerading as error messages or routine verification processes, that can result in malicious code execution.

Since March 2024, the simplicity of this technique has drawn attention from a range of threat actors, from individual cybercriminals to Advanced Persistent Threat (APT) groups such as APT28 and MuddyWater, linked to Russia and Iran respectively, introducing security threats on a broader scale [1]. ClickFix campaigns have been observed affecting organizations in across multiple industries, including healthcare, hospitality, automotive and government [2][3].

Actors carrying out these targeted attacks typically utilize similar techniques, tools and procedures (TTPs) to gain initial access. These include spear phishing attacks, drive-by compromises, or exploiting trust in familiar online platforms, such as GitHub, to deliver malicious payloads [2][3]. Often, a hidden link within an email or malvertisements on compromised legitimate websites redirect the end user to a malicious URL [4]. These take the form of ‘Fix It’ or fake CAPTCHA prompts [4].

From there, users are misled into believing they are completing a human verification step, registering a device, or fixing a non-existent issue such as a webpage display error. As a result, they are guided through a three-step process that ultimately enables the execution of malicious PowerShell commands:

  1. Open a Windows Run dialog box [press Windows Key + R]
  2. Automatically or manually copy and paste a malicious PowerShell command into the terminal [press CTRL+V]
  3. And run the prompt [press ‘Enter’] [2]

Once the malicious PowerShell command is executed, threat actors then establish command and control (C2) communication within the targeted environment before moving laterally through the network with the intent of obtaining and stealing sensitive data [4]. Malicious payloads associated with various malware families, such as XWorm, Lumma, and AsyncRAT, are often deployed [2][3].

Attack timeline of ClickFix cyber attack

Based on investigations conducted by Darktrace’s Threat Research team in early 2025, this blog highlights Darktrace’s capability to detect ClickFix baiting activity following initial access.

Darktrace’s coverage of a ClickFix attack chain

Darktrace identified multiple ClickFix attacks across customer environments in both Europe, the Middle East, and Africa (EMEA) and the United States. The following incident details a specific attack on a customer network that occurred on April 9, 2025.

Although the initial access phase of this specific attack occurred outside Darktrace’s visibility, other affected networks showed compromise beginning with phishing emails or fake CAPTCHA prompts that led users to execute malicious PowerShell commands.

Darktrace’s visibility into the compromise began when the threat actor initiated external communication with their C2 infrastructure, with Darktrace / NETWORK detecting the use of a new PowerShell user agent, indicating an attempt at remote code execution.

Darktrace / NETWORK's detection of a device making an HTTP connection with new PowerShell user agent, indicating PowerShell abuse for C2 communications.
Figure 1: Darktrace / NETWORK's detection of a device making an HTTP connection with new PowerShell user agent, indicating PowerShell abuse for C2 communications.

Download of Malicious Files for Lateral Movement

A few minutes later, the compromised device was observed downloading a numerically named file. Numeric files like this are often intentionally nondescript and associated with malware. In this case, the file name adhered to a specific pattern, matching the regular expression: /174(\d){7}/. Further investigation into the file revealed that it contained additional malicious code designed to further exploit remote services and gather device information.

Figure 2: Darktrace / NETWORK's detection of a numeric file, one minute after the new PowerShell User Agent alert.

The file contained a script that sent system information to a specified IP address using an HTTP POST request, which also processed the response. This process was verified through packet capture (PCAP) analysis conducted by the Darktrace Threat Research team.

By analyzing the body content of the HTTP GET request, it was observed that the command converts the current time to Unix epoch time format (i.e., 9 April 2025 13:26:40 GMT), resulting in an additional numeric file observed in the URI: /1744205200.

PCAP highlighting the HTTP GET request that sends information to the specific IP, 193.36.38[.]237, which then generates another numeric file titled per the current time.
Figure 3: PCAP highlighting the HTTP GET request that sends information to the specific IP, 193.36.38[.]237, which then generates another numeric file titled per the current time.

Across Darktrace’s investigations into other customers' affected by ClickFix campaigns, both internal information discovery events and further execution of malicious code were observed.

Data Exfiltration

By following the HTTP stream in the same PCAP, the Darktrace Threat Research Team assessed the activity as indicative of data exfiltration involving system and device information to the same command-and-control (C2) endpoint, , 193.36.38[.]237. This endpoint was flagged as malicious by multiple open-source intelligence (OSINT) vendors [5].

PCAP highlighting HTTP POST connection with the numeric file per the URI /1744205200 that indicates data exfiltration to 193.36.38[.]237.
Figure 4: PCAP highlighting HTTP POST connection with the numeric file per the URI /1744205200 that indicates data exfiltration to 193.36.38[.]237.

Further analysis of Darktrace’s Advanced Search logs showed that the attacker’s malicious code scanned for internal system information, which was then sent to a C2 server via an HTTP POST request, indicating data exfiltration

Advanced Search further highlights Darktrace's observation of the HTTP POST request, with the second numeric file representing data exfiltration.
Figure 5: Advanced Search further highlights Darktrace's observation of the HTTP POST request, with the second numeric file representing data exfiltration.

Actions on objectives

Around ten minutes after the initial C2 communications, the compromised device was observed connecting to an additional rare endpoint, 188.34.195[.]44. Further analysis of this endpoint confirmed its association with ClickFix campaigns, with several OSINT vendors linking it to previously reported attacks [6].

In the final HTTP POST request made by the device, Darktrace detected a file at the URI /init1234 in the connection logs to the malicious endpoint 188.34.195[.]44, likely depicting the successful completion of the attack’s objective, automated data egress to a ClickFix C2 server.

Darktrace / NETWORK grouped together the observed indicators of compromise (IoCs) on the compromised device and triggered an Enhanced Monitoring model alert, a high-priority detection model designed to identify activity indicative of the early stages of an attack. These models are monitored and triaged 24/7 by Darktrace’s Security Operations Center (SOC) as part of the Managed Threat Detection service, ensuring customers are promptly notified of malicious activity as soon as it emerges.

Darktrace correlated the separate malicious connections that pertained to a single campaign.
Figure 6: Darktrace correlated the separate malicious connections that pertained to a single campaign.

Darktrace Autonomous Response

In the incident outlined above, Darktrace was not configured in Autonomous Response mode. As a result, while actions to block specific connections were suggested, they had to be manually implemented by the customer’s security team. Due to the speed of the attack, this need for manual intervention allowed the threat to escalate without interruption.

However, in a different example, Autonomous Response was fully enabled, allowing Darktrace to immediately block connections to the malicious endpoint (138.199.156[.]22) just one second after the initial connection in which a numerically named file was downloaded [7].

Darktrace Autonomous Response blocked connections to a suspicious endpoint following the observation of the numeric file download.
Figure 7: Darktrace Autonomous Response blocked connections to a suspicious endpoint following the observation of the numeric file download.

This customer was also subscribed to our Managed Detection and Response service, Darktrace’s SOC extended a ‘Quarantine Device’ action that had already been autonomously applied in order to buy their security team additional time for remediation.

Autonomous Response blocked connections to malicious endpoints, including 138.199.156[.]22, 185.250.151[.]155, and rkuagqnmnypetvf[.]top, and also quarantined the affected device. These actions were later manually reinforced by the Darktrace SOC.
Figure 8: Autonomous Response blocked connections to malicious endpoints, including 138.199.156[.]22, 185.250.151[.]155, and rkuagqnmnypetvf[.]top, and also quarantined the affected device. These actions were later manually reinforced by the Darktrace SOC.

Conclusion

ClickFix baiting is a widely used tactic in which threat actors exploit human error to bypass security defenses. By tricking end point users into performing seemingly harmless, everyday actions, attackers gain initial access to systems where they can access and exfiltrate sensitive data.

Darktrace’s anomaly-based approach to threat detection identifies early indicators of targeted attacks without relying on prior knowledge or IoCs. By continuously learning each device’s unique pattern of life, Darktrace detects subtle deviations that may signal a compromise. In this case, Darktrace's Autonomous Response, when operating in a fully autonomous mode, was able to swiftly contain the threat before it could progress further along the attack lifecycle.

Credit to Keanna Grelicha (Cyber Analyst) and Jennifer Beckett (Cyber Analyst)

Appendices

NETWORK Models

  • Device / New PowerShell User Agent
  • Anomalous Connection / New User Agent to IP Without Hostname
  • Anomalous Connection / Posting HTTP to IP Without Hostname
  • Anomalous Connection / Powershell to Rare External
  • Device / Suspicious Domain
  • Device / New User Agent and New IP
  • Anomalous File / New User Agent Followed By Numeric File Download (Enhanced Monitoring Model)
  • Device / Initial Attack Chain Activity (Enhanced Monitoring Model)

Autonomous Response Models

  • Antigena / Network::Significant Anomaly::Antigena Significant Anomaly from Client Block
  • Antigena / Network::Significant Anomaly::Antigena Enhanced Monitoring from Client Block
  • Antigena / Network::External Threat::Antigena File then New Outbound Block
  • Antigena / Network::External Threat::Antigena Suspicious File Block
  • Antigena / Network::Significant Anomaly::Antigena Alerts Over Time Block
  • Antigena / Network::External Threat::Antigena Suspicious File Block

IoC - Type - Description + Confidence

·       141.193.213[.]11 – IP address – Possible C2 Infrastructure

·       141.193.213[.]10 – IP address – Possible C2 Infrastructure

·       64.94.84[.]217 – IP address – Possible C2 Infrastructure

·       138.199.156[.]22 – IP address – C2 server

·       94.181.229[.]250 – IP address – Possible C2 Infrastructure

·       216.245.184[.]181 – IP address – Possible C2 Infrastructure

·       212.237.217[.]182 – IP address – Possible C2 Infrastructure

·       168.119.96[.]41 – IP address – Possible C2 Infrastructure

·       193.36.38[.]237 – IP address – C2 server

·       188.34.195[.]44 – IP address – C2 server

·       205.196.186[.]70 – IP address – Possible C2 Infrastructure

·       rkuagqnmnypetvf[.]top – Hostname – C2 server

·       shorturl[.]at/UB6E6 – Hostname – Possible C2 Infrastructure

·       tlgrm-redirect[.]icu – Hostname – Possible C2 Infrastructure

·       diagnostics.medgenome[.]com – Hostname – Compromised Website

·       /1741714208 – URI – Possible malicious file

·       /1741718928 – URI – Possible malicious file

·       /1743871488 – URI – Possible malicious file

·       /1741200416 – URI – Possible malicious file

·       /1741356624 – URI – Possible malicious file

·       /ttt – URI – Possible malicious file

·       /1741965536 – URI – Possible malicious file

·       /1.txt – URI – Possible malicious file

·       /1744205184 – URI – Possible malicious file

·       /1744139920 – URI – Possible malicious file

·       /1744134352 – URI – Possible malicious file

·       /1744125600 – URI – Possible malicious file

·       /1[.]php?s=527 – URI – Possible malicious file

·       34ff2f72c191434ce5f20ebc1a7e823794ac69bba9df70721829d66e7196b044 – SHA-256 Hash – Possible malicious file

·       10a5eab3eef36e75bd3139fe3a3c760f54be33e3 – SHA-1 Hash – Possible malicious file

MITRE ATT&CK Mapping

Tactic – Technique – Sub-Technique  

Spearphishing Link - INITIAL ACCESS - T1566.002 - T1566

Drive-by Compromise - INITIAL ACCESS - T1189

PowerShell - EXECUTION - T1059.001 - T1059

Exploitation of Remote Services - LATERAL MOVEMENT - T1210

Web Protocols - COMMAND AND CONTROL - T1071.001 - T1071

Automated Exfiltration - EXFILTRATION - T1020 - T1020.001

References

[1] https://www.logpoint.com/en/blog/emerging-threats/clickfix-another-deceptive-social-engineering-technique/

[2] https://www.proofpoint.com/us/blog/threat-insight/security-brief-clickfix-social-engineering-technique-floods-threat-landscape

[3] https://cyberresilience.com/threatonomics/understanding-the-clickfix-attack/

[4] https://www.group-ib.com/blog/clickfix-the-social-engineering-technique-hackers-use-to-manipulate-victims/

[5] https://www.virustotal.com/gui/ip-address/193.36.38.237/detection

[6] https://www.virustotal.com/gui/ip-address/188.34.195.44/community

[7] https://www.virustotal.com/gui/ip-address/138.199.156.22/detection

Written by
Keanna Grelicha
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Keanna Grelicha
Cyber Analyst

Inside Cloud Compromise: Investigating Attacker Activity with Darktrace / Forensic Acquisition & Investigation

Cloud
March 4, 2026
Nathaniel Bill
Malware Research Engineer
Watch the NIS2 Webinar
Trending blogs
1
Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
Nov 19, 2025
2
The 17% of email threats SEGs miss – and how Darktrace catches them
Dec 4, 2025
3
Darktrace Named as a Leader in 2025 Gartner® Magic Quadrant™ for Email Security Platforms
Dec 3, 2025
4
From Amazon to Louis Vuitton: How Darktrace Detects Black Friday Phishing Attacks
Nov 27, 2025
5
Pre-CVE Threat Detection: 10 Examples Identifying Malicious Activity Prior to Public Disclosure of a Vulnerability
Jul 2, 2025

More in this series

No items found.
Continue reading
Network
February 13, 2026

CVE-2026-1731: How Darktrace Sees the BeyondTrust Exploitation Wave Unfolding

A new exploitation wave targeting BeyondTrust products has emerged following disclosure of CVE‑2026‑1731. Darktrace is observing early malicious activity across customer environments and highlights the importance of proactive defenses.
Emma Foulger
Global Threat Research Operations Lead
Read more
Network
February 10, 2026

AI/LLM-Generated Malware Used to Exploit React2Shell

Darktrace identified an AI/LLM generated malware sample exploiting the React2Shell vulnerability within its Cloudypots environment. The incident shows how LLM‑assisted development enables low‑skill attackers to rapidly create effective exploitation tools. This analysis outlines the attack chain, AI‑generated payload, and the growing defensive challenges posed by accessible, AI‑enabled cyber threats.
Nathaniel Bill
Malware Research Engineer
Read more
Network
February 5, 2026

AppleScript Abuse: Unpacking a macOS Phishing Campaign

This blog explores a macOS phishing campaign that leverages social engineering, AppleScript loaders, and attempted abuse of the macOS’ TCC feature to gain privileged access. It highlights a broader trend: attackers increasingly exploit user trust rather than system vulnerabilities, using staged payload delivery and persistence techniques to maintain long‑term access.
Tara Gould
Malware Research Lead
Read more

Blog

/

Cloud

/

March 5, 2026

Inside Cloud Compromise: Investigating Attacker Activity with Darktrace / Forensic Acquisition & Investigation

Forensic Acquisition and investigationDefault blog imageDefault blog image

Investigating cloud attacks with Darktrace/ Forensic Acquisition & Investigation

Darktrace / Forensic Acquisition & Investigation™ is the industry’s first truly automated forensic solution purpose-built for the cloud. This blog will demonstrate how an investigation can be carried out against a compromised cloud server in minutes, rather than hours or days.

The compromised server investigated in this case originates from Darktrace’s Cloudypots system, a global honeypot network designed to observe adversary activity in real time across a wide range of cloud services. Whenever an attacker successfully compromises one of these honeypots, a forensic copy of the virtual server's disk is preserved for later analysis. Using Forensic Acquisition & Investigation, analysts can then investigate further and obtain detailed insights into the compromise including complete attacker timelines and root cause analysis.

Forensic Acquisition & Investigation supports importing artifacts from a variety of sources, including EC2 instances, ECS, S3 buckets, and more. The Cloudypots system produces a raw disk image whenever an attack is detected and stores it in an S3 bucket. This allows the image to be directly imported into Forensic Acquisition & Investigation using the S3 bucket import option.

As Forensic Acquisition & Investigation runs cloud-natively, no additional configuration is required to add a specific S3 bucket. Analysts can browse and acquire forensic assets from any bucket that the configured IAM role is permitted to access. Operators can also add additional IAM credentials, including those from other cloud providers, to extend access across multiple cloud accounts and environments.

Figure 1: Forensic Acquisition & Investigation import screen.

Forensic Acquisition & Investigation then retrieves a copy of the file and automatically begins running the analysis pipeline on the artifact. This pipeline performs a full forensic analysis of the disk and builds a timeline of the activity that took place on the compromised asset. By leveraging Forensic Acquisition & Investigation’s cloud-native analysis system, this process condenses hour of manual work into just minutes.

Successful import of a forensic artifact and initiation of the analysis pipeline.
Figure 2: Successful import of a forensic artifact and initiation of the analysis pipeline.

Once processing is complete, the preserved artifact is visible in the Evidence tab, along with a summary of key information obtained during analysis, such as the compromised asset’s hostname, operating system, cloud provider, and key event count.

The Evidence overview showing the acquired disk image.
Figure 3: The Evidence overview showing the acquired disk image.

Clicking on the “Key events” field in the listing opens the timeline view, automatically filtered to show system- generated alarms.

The timeline provides a chronological record of every event that occurred on the system, derived from multiple sources, including:

  • Parsed log files such as the systemd journal, audit logs, application specific logs, and others.
  • Parsed history files such as .bash_history, allowing executed commands to be shown on the timeline.
  • File-specific events, such as files being created, accessed, modified, or executables being run, etc.

This approach allows timestamped information and events from multiple sources to be aggregated and parsed into a single, concise view, greatly simplifying the data review process.

Alarms are created for specific timeline events that match either a built-in system rule, curated by Darktrace’s Threat Research team or an operator-defined rule  created at the project level. These alarms help quickly filter out noise and highlight on events of interest, such as the creation of a file containing known malware, access to sensitive files like Amazon Web Service (AWS) credentials, suspicious arguments or commands, and more.

The timeline view filtered to alarm_severity: “1” OR alarm_severity: “3”, showing only events that matched an alarm rule.
Figure 4: The timeline view filtered to alarm_severity: “1” OR alarm_severity: “3”, showing only events that matched an alarm rule.

In this case, several alarms were generated for suspicious Base64 arguments being passed to Selenium. Examining the event data, it appears the attacker spawned a Selenium Grid session with the following payload:

"request.payload": "[Capabilities {browserName: chrome, goog:chromeOptions: {args: [-cimport base64;exec(base64...], binary: /usr/bin/python3, extensions: []}, pageLoadStrategy: normal}]"

This is a common attack vector for Selenium Grid. The chromeOptions object is intended to specify arguments for how Google Chrome should be launched; however, in this case the attacker has abused the binary field to execute the Python3 binary instead of Chrome. Combined with the option to specify command-line arguments, the attacker can use Python3’s -c option to execute arbitrary Python code, in this instance, decoding and executing a Base64 payload.

Selenium’s logs truncate the Arguments field automatically, so an alternate method is required to retrieve the full payload. To do this, the search bar can be used to find all events that occurred around the same time as this flagged event.

Pivoting off the previous event by filtering the timeline to events within the same window using timestamp: [“2026-02-18T09:09:00Z” TO “2026-02-18T09:12:00Z”].
Figure 5: Pivoting off the previous event by filtering the timeline to events within the same window using timestamp: [“2026-02-18T09:09:00Z” TO “2026-02-18T09:12:00Z”].

Scrolling through the search results, an entry from Java’s systemd journal can be identified. This log contains the full, unaltered payload. GCHQ’s CyberChef can then be used to decode the Base64 data into the attacker’s script, which will ultimately be executed.

Decoding the attacker’s payload in CyberChef.
Figure 6: Decoding the attacker’s payload in CyberChef.

In this instance, the malware was identified as a variant of a campaign that has been previously documented in depth by Darktrace.

Investigating Perfctl Malware

This campaign deploys a malware sample known as ‘perfctl to the compromised host. The script executed by the attacker downloads a Go binary named “promocioni.php” from 200[.]4.115.1. Its functionality is consistent with previously documented perfctl samples, with only minor changes such as updated filenames and a new command-and-control (C2) domain.

Perfctl is a stealthy malware that has several systems designed  to evade detection. The main binary is packed with UPX, with the header intentionally tampered with to prevent unpacking using regular tools. The binary also avoids executing any malicious code if it detects debugging or tracing activity, or if artifacts left by earlier stages are missing.

To further aid its evasive capabilities, perfctl features a usermode rootkit using an LD preload. This causes dynamically linked executables to load perfctl’s rootkit payload before other system modules, allowing it to override functions, such as intercepting calls to list files and hiding output from the returned list. Perfctl uses this to hide its own files, as well as other files like the ld.so.preload file, preventing users from identifying that a rootkit is present in the first place.

This also makes it difficult to dynamically analyze, as even analysts aware of the rootkit will struggle to get around it due to its aggressiveness in hiding its components. A useful trick is to use the busybox-static utilities, which are statically linked and therefore immune to LD preloading.

Perfctl will attempt to use sudo to escalate its permissions to root if the user it was executed as has the required privileges. Failing this, it will attempt to exploit the vulnerability CVE-2021-4034.

Ultimately, perfctl will attempt to establish a C2 link via Tor and spawn an XMRig miner to mine the Monero cryptocurrency. The traffic to the mining pool is encapsulated within Tor to limit network detection of the mining traffic.

Darktrace’s Cloudypots system has observed 1,959 infections of the perfctl campaign across its honeypot network in the past year, making it one of the most aggressive campaigns seen by Darktrace.

Key takeaways

This blog has shown how Darktrace / Forensic Acquisition & Investigation equips defenders in the face of a real-world attacker campaign. By using this solution, organizations can acquire forensic evidence and investigate intrusions across multiple cloud resources and providers, enabling defenders to see the full picture of an intrusion on day one. Forensic Acquisition & Investigation’s patented data-processing system takes advantage of the cloud’s scale to rapidly process large amounts of data, allowing triage to take minutes, not hours.

Darktrace / Forensic Acquisition & Investigation is available as Software-as-a-Service (SaaS) but can also be deployed on-premises as a virtual application or natively in the cloud, providing flexibility between convenience and data sovereignty to suit any use case.

Support for acquiring traditional compute instances like EC2, as well as more exotic and newly targeted platforms such as ECS and Lambda, ensures that attacks taking advantage of Living-off-the-Cloud (LOTC) strategies can be triaged quickly and easily as part of incident response. As attackers continue to develop new techniques, the ability to investigate how they use cloud services to persist and pivot throughout an environment is just as important to triage as a single compromised EC2 instance.

Credit to Nathaniel Bill (Malware Research Engineer)

Continue reading
About the author
Nathaniel Bill
Malware Research Engineer

Blog

/

AI

/

March 2, 2026

What the Darktrace Annual Threat Report 2026 Means for Security Leaders

Image of the Earth from spaceDefault blog imageDefault blog image

The challenge for today’s CISOs

At the broadest level, the defining characteristic of cybersecurity in 2026 is the sheer pace of change shaping the environments we protect. Organizations are operating in ecosystems that are larger, more interconnected, and more automated than ever before – spanning cloud platforms, distributed identities, AI-driven systems, and continuous digital workflows.  

The velocity of this expansion has outstripped the slower, predictable patterns security teams once relied on. What used to be a stable backdrop is now a living, shifting landscape where technology, risk, and business operations evolve simultaneously. From this vantage point, the central challenge for security leaders isn’t reacting to individual threats, but maintaining strategic control and clarity as the entire environment accelerates around them.

Strategic takeaways from the Annual Threat Report

The Darktrace Annual Threat Report 2026 reinforces a reality every CISO feels: the center of gravity isn’t the perimeter, vulnerability management, or malware, but trust abused via identity. For example, our analysis found that nearly 70% of incidents in the Americas region begin with stolen or misused accounts, reflecting the global shift toward identity‑led intrusions.

Mass adoption of AI agents, cloud-native applications, and machine decision-making means CISOs now oversee systems that act on their own. This creates an entirely new responsibility: ensuring those systems remain safe, predictable, and aligned to business intent, even under adversarial pressure.

Attackers increasingly exploit trust boundaries, not firewalls – leveraging cloud entitlements, SaaS identity transitions, supply-chain connectivity, and automation frameworks. The rise of non-human identities intensifies this: credentials, tokens, and agent permissions now form the backbone of operational risk.

Boards are now evaluating CISOs on business continuity, operational recovery, and whether AI systems and cloud workloads can fail safely without cascading or causing catastrophic impact.

In this environment, detection accuracy, autonomous response, and blast radius minimization matter far more than traditional control coverage or policy checklists.

Every organization will face setbacks; resilience is measured by how quickly security teams can rise, respond, and resume momentum. In 2026, success will belong to those that adapt fastest.

Managing business security in the age of AI

CISO accountability in 2026 has expanded far beyond controls and tooling. Whether we asked for it or not, we now own outcomes tied to business resilience, AI trust, cloud assurance, and continuous availability. The role is less about certainty and more about recovering control in an environment that keeps accelerating.

Every major 2026 initiative – AI agents, third-party risk, cloud, or comms protection – connects to a single board-level question: Are we still in control as complexity and automation scale faster than humans?

Attackers are not just getting more sophisticated; they are becoming more automated. AI changes the economics of attack, lowering cost and increasing speed. That asymmetry is what CISOs are being measured against.

CISOs are no longer evaluated on tool coverage, but on the ability to assure outcomes – trust in AI adoption, resilience across cloud and identity, and being able to respond to unknown and unforeseen threats.

Boards are now explicitly asking whether we can defend against AI-driven threats. No one can predict every new behavior – survival depends on detecting malicious deviations from normal fast and responding autonomously.  

Agents introduce decision-making at machine speed. Governance, CI/CD scanning, posture management, red teaming, and runtime detection are no longer differentiators but the baseline.

Cloud security is no longer architectural, it is operational. Identity, control planes, and SaaS exposure now sit firmly with the CISO.

AI-speed threats already reshaping security in 2026

We’re already seeing clear examples of how quickly the threat landscape has shifted in 2026. Darktrace’s work on React2Shell exposed just how unforgiving the new tempo is: a honeypot stood up with an exposed React was hit in under two minutes. There was no recon phase, no gradual probing – just immediate, automated exploitation the moment the code appeared publicly. Exposure now equals compromise unless defenses can detect, interpret, and act at machine speed. Traditional operational rhythms simply don’t map to this reality.

We’re also facing the first wave of AI-authored malware, where LLMs generate code that mutates on demand. This removes the historic friction from the attacker side: no skill barrier, no time cost, no limit on iteration. Malware families can regenerate themselves, shift structure, and evade static controls without a human operator behind the keyboard. This forces CISOs to treat adversarial automation as a core operational risk and ensure that autonomous systems inside the business remain predictable under pressure.

The CVE-2026-1731 BeyondTrust exploitation wave reinforced the same pattern. The gap between disclosure and active, global exploitation compressed into hours. Automated scanning, automated payload deployment, coordinated exploitation campaigns, all spinning up faster than most organizations can push an emergency patch through change control. The vulnerability-to-exploit window has effectively collapsed, making runtime visibility, anomaly detection, and autonomous containment far more consequential than patching speed alone.

These cases aren’t edge scenarios; they represent the emerging norm. Complexity and automation have outpaced human-scale processes, and attackers are weaponizing that asymmetry.  

The real differentiator for CISOs in 2026 is less about knowing everything and more about knowing immediately when something shifts – and having systems that can respond at the same speed.

[related-resource]

Continue reading
About the author
Mike Beck
Global CISO
Your data. Our AI.
Elevate your network security with Darktrace AI