This week marks an inflection point. AI-powered attacks moved from academic proof-of-concept to operational reality, Microsoft patched six actively exploited zero-days in a single month, and Recorded Future confirmed what we’ve been watching: nation-states have abandoned dramatic attacks for persistent, invisible access.

If you’re still treating cyber as episodic incidents, you’re already behind.

1. AI Ransomware Is Autonomous Now

What happened: Researchers at NYU demonstrated PromptLock—ransomware that uses LLMs to autonomously execute entire attack chains. Reconnaissance, vulnerability scanning, encryption, and ransom negotiation—all without human intervention. Every execution differs, making detection harder.

Why it matters: This isn’t theoretical anymore. While PromptLock was academic, real criminals are already using AI to automate 90% of attack workflows. Anthropic disrupted a Chinese state-sponsored campaign using Claude to compress vulnerability-to-exploit timelines from days to minutes.

MIT Tech Review confirms attackers are using open-source models (stripped of safety guardrails) to generate adaptive malware. Trend Micro predicts “agentic AI handling critical portions of the ransomware attack chain” will define 2026.

What this means for you: - Your detection assumes human-paced attacks. AI changes that calculus. - Open-source LLMs (Llama, Mistral) don’t have the guardrails commercial models do. Expect weaponization. - Traditional defenses still work—for now. EDR, proper segmentation, and credential hygiene remain effective, but the window is narrowing.

Action items: 1. Assume breach at machine speed. Review your detection-to-response timelines. If it takes hours, you’re losing. 2. Identity is the new perimeter. Most intrusions now start with stolen credentials, not technical exploits. MFA everything. Credential rotation isn’t optional. 3. Test your backups. AI-powered ransomware will find and encrypt them if you haven’t air-gapped properly.

2. Microsoft’s February Patch Tuesday: 6 Zero-Days Exploited in the Wild

What happened: Microsoft released patches for 58 vulnerabilities, including six actively exploited zero-days. Three bypass security features (Windows Shell, MSHTML, Microsoft Word), two enable privilege escalation (Desktop Window Manager, Remote Desktop Services), and one causes denial of service (Remote Access Connection Manager).

Why it matters: Six zero-days in one month is not normal. Google Threat Intelligence, MSTIC, and CrowdStrike all attributed discoveries—meaning multiple sophisticated campaigns are active simultaneously.

Notably, CVE-2026-21533 (RDP privilege escalation) allows attackers to add themselves to the Administrator group. CrowdStrike warned threat actors will “accelerate attempts to use or sell” this exploit immediately.

What this means for you: - If you’re not patched by Monday, you’re a target by Tuesday. - These aren’t sophisticated attacks. They’re reliability attacks—known vulns that defenders haven’t closed yet. - The security bypass flaws (CVE-2026-21510, CVE-2026-21513, CVE-2026-21514) likely bypass Mark of the Web protections. Your users won’t see warnings.

Action items: 1. Emergency patch these six CVEs this weekend. No exceptions. 2. Audit RDP exposure immediately. If it’s internet-facing, you’re already compromised. 3. Review your patch SLAs. 30-day windows are obsolete. High-severity patches need 72-hour deployment.

3. Nation-States Abandon Big Attacks for Invisible Persistence

What happened: Recorded Future’s 2026 State of Security Report confirms nation-state actors (China, Russia, Iran, North Korea) have shifted from dramatic attacks to “persistent pressure”—quiet pre-positioning, credential theft, and identity access that can be activated during crises.

Why it matters: This is the silent shift everyone missed. States aren’t breaching networks to cause immediate damage—they’re breaching to maintain leverage. Access is currency. Activation is optional.

Recorded Future’s key finding: “Adversaries are logging in, not hacking in.” Most serious intrusions now begin with stolen credentials, not zero-days.

What this means for you: - You’re probably already compromised. You just don’t know it yet. - Traditional breach detection assumes attackers do something. Modern attackers just wait. - Connectivity infrastructure (cables, satellites, telecom) is now a coercion tool. Expect brief, reversible disruptions that signal power without crossing escalation thresholds.

Action items: 1. Assume persistent presence. Hunt for dormant access quarterly, not just after alerts. 2. Identity threat detection and response (ITDR) is no longer optional. If your SIEM can’t detect credential abuse patterns, upgrade it. 3. Segment everything. Lateral movement should be painful. If an attacker can pivot from HR to R&D in one hop, you’ve already lost.

4. The MCP Wild Card

Malwarebytes predicts that in 2026, “MCP-based attack frameworks will become a defining capability of cybercriminals targeting businesses.”

Model Context Protocol (MCP) enables AI agents to coordinate complex workflows autonomously. What that means for attackers: orchestrated, multi-stage intrusions that adapt in real-time without human coordination.

Action item: If you’re deploying AI agents internally (Copilot, custom LLMs, automation tools), audit their access. Assume they can be compromised. Privilege boundaries apply to machines, too.

The Bottom Line

Three shifts happening simultaneously: 1. AI attacks are operational. Not theoretical. Not next year. Now. 2. Patching velocity matters more than ever. Six zero-days in February means attackers are stockpiling exploits faster than defenders can respond. 3. Nation-states are invisible until they’re not. Persistent access is the new breach paradigm.

If your security program still assumes attacks are loud, discrete events, you’re defending against 2015 threats.

Jonathan Care

Sources

• MIT Technology Review: “AI is already making online crimes easier. It could get much worse” (Feb 12, 2026)

• BleepingComputer: “Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws” (Feb 11, 2026)

• Recorded Future: “2026 State of Security Report” (Feb 12, 2026)

• Trend Micro: “The AI-fication of Cyberthreats: Security Predictions for 2026”

• Malwarebytes: “2026 State of Malware Report”

• Google Threat Intelligence: “Threat Actor Usage of AI Tools” (November 2025)

• Anthropic: “Disrupting the first reported AI-orchestrated cyber espionage campaign” (November 2025)