Skip to content
Chimera readability score 74 out of 100, Expert reading level.

The first half of 2026 shows how attackers continue to improve the efficiency and scalability of their operations. Rather than relying on entirely new methods and tools, they are quickly adapting established techniques to new platforms, technologies, and user behaviors.
Artificial intelligence is playing a growing role in this development. In H1 2026, ESET analyzed nearly 900,000 AI skills – small functional components used by AI agents – and identified tens of thousands of suspicious and thousands of outright malicious instances. The number of AI skills within this new ecosystem is growing rapidly “as we speak”, further expanding the attack surface.
AI is also beginning to appear within malware itself. Shortly after the emergence of the first AI-powered ransomware in 2025, ESET researchers identified PromptSpy, the first known Android malware to use generative AI in its execution flow. The malware leverages AI – specifically, Google’s Gemini – to interpret user interface elements and adapt across devices and environments without relying on hardcoded behavior. While still rare, PromptSpy illustrates the potential for increased flexibility in future threats – although guardrails against abuse included in LLMs are likely slowing down the adoption.
ClickFix – a social engineering technique leveraging fake error messages – has expanded beyond fake CAPTCHA prompts into AI-themed help pages, browser extensions, and cloud authentication scenarios. ESET detections of this vector more than doubled between H2 2025 and H1 2026, indicating sustained activity and adaptation.
Phishing campaigns are also evolving in response to user behavior. QR code phishing – also known as quishing – has reached record levels in ESET telemetry, with attackers embedding malicious links in QR codes to bypass cursory inspection and shift user interaction to mobile devices, while exploiting the implicit trust many people place in the black-and-white squares.
Last but not least, ransomware activity showed no signs of slowing down, with continued use of EDR killers – tools designed to disable security software during attacks. ESET Research has documented over 100 EDR killers used in the wild, with new variants appearing regularly. At the same time, data from multiple sources shows that a declining share of victims are choosing to pay ransoms, suggesting some progress in mitigation and response measures.
To learn more about how threat intelligence can enhance the cybersecurity posture of your organization, visit the ESET Threat Intelligence page.

Facts Only

* The first half of 2026 shows attackers improving operational efficiency and scalability.
* Attackers are adapting established techniques to new platforms, technologies, and user behaviors.
* ESET analyzed nearly 900,000 AI skills in H1 2026 and identified malicious instances.
* PromptSpy is known as the first Android malware to use generative AI (Google’s Gemini) in its execution flow.
* ClickFix expanded social engineering from fake CAPTCHA prompts to AI-themed help pages, browser extensions, and cloud authentication scenarios.
* ESET detections of the ClickFix vector more than doubled between H2 2025 and H1 2026.
* QR code phishing (quishing) reached record levels in ESET telemetry.
* Ransomware activity continued with the use of over 100 documented EDR killers.
* Data shows a declining share of victims choosing to pay ransoms.

Executive Summary

Attackers are improving the efficiency and scalability of their operations by adapting established techniques across new platforms rather than inventing entirely new methods. Artificial intelligence is central to this evolution, demonstrated by ESET analyzing nearly 900,000 AI skills in H1 2026 and identifying numerous malicious instances. This integration extends into malware development, exemplified by PromptSpy, an Android malware using Gemini for execution flow adaptation. Social engineering tactics are also evolving; ClickFix has expanded from fake CAPTCHA prompts to include AI-themed help pages and cloud authentication scenarios, with detection rates for this vector more than doubling between H2 2025 and H1 2026. Furthermore, phishing is utilizing QR codes (quishing) to exploit implicit trust in mobile interactions, while ransomware activity persists, evidenced by the continued use of EDR killers. Despite these evolving threats, data suggests a declining trend in victims choosing ransom payments.

Full Take

The narrative illustrates an operational shift where defensive measures are being tested against rapidly evolving, adaptable adversary techniques rather than static defenses. The integration of generative AI into malware execution, as seen with PromptSpy leveraging Gemini for adaptive behavior across environments, suggests a move away from signature-based detection toward behavioral analysis that can account for dynamic adaptation. This pattern implies that future resilience will depend less on blocking known indicators and more on monitoring the systemic interactions between software agents and user-facing interfaces. The expansion of social engineering to AI-themed contexts signals an escalation in exploiting learned user expectations regarding digital authenticity. While ransomware tactics remain persistent, the observed decline in ransom payments suggests a potential response mechanism developing within victim communities or incident responders, which acts as a counter-force to purely destructive adversarial goals. The core implication is that defensive strategy must pivot to understanding and mitigating the malleability introduced by integrated AI systems, recognizing that guardrails within LLMs will likely mediate the speed of this offensive evolution rather than stopping it entirely. What further mechanisms exist for modeling the resilience of user adaptation against these adaptive shifts? What new social contract is emerging regarding digital trust when all interaction layers are potentially synthetic?

Sentinel — Human

Confidence

The text reads like a well-structured synthesis of threat intelligence findings, likely compiled from specialized research, but exhibits the characteristic density and formal tone often seen in industry reports.

Signals Detected
low severity: Sentence length variance shows some natural variation; flow is slightly academic.
low severity: The text maintains a focused narrative thread, linking disparate technical examples coherently.
medium severity: Specific references to ESET data and named malware (PromptSpy) suggest specific sourcing, though the overall structure is highly synthesized.
low severity: The specific statistics and named findings appear plausible within a threat intelligence context but lack external verification in this text alone.
Human Indicators
The structure flows like an analytical summary of research, typical of industry reports or detailed journalism.
The inclusion of a specific call to action/reference to a vendor page suggests grounding in real-world reporting.
ESET Threat Report H1 2026 — Arc Codex