HP Inc. has issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns – with many prioritizing cost, effort and efficiency over quality. Despite being formulaic and low-effort, these AI-assisted attacks are slipping past enterprise defences.
The report provides an analysis of real-world cyberattacks, helping organisations keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security*, notable campaigns identified by HP Threat Researchers include:
Alex Holland, Principal Threat Research, HP Security Lab, comments: “It’s the classic project management triangle – speed, quality and cost. You often sacrifice one of them. What we’re seeing is many attackers are optimizing for speed and cost, not quality. They are not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic, but the uncomfortable reality is they still work.”
By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 60 billion email attachments, web pages, and downloaded files with no reported breaches.
The report, which examines data from October-December 2025, details how cybercriminals continue to diversify attack methods to bypass security tools with no reported breaches.
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments: “AI-assisted attacks are shining a spotlight on the limitations of detection-led security. When attackers can generate and repackage malware in minutes, detection-based defences can’t keep up. Instead of trying to spot every variant, organizations need to reduce exposure. By containing high-risk activities – like opening untrusted attachments or clicking unknown links – within an isolated environment, businesses can stop threats before they cause damage and remove an entire class of risk.”
