From January to the beginning of May 2026, Kaspersky solutions detected more than 92,000 attacks of malware and potentially unwanted applications worldwide disguised as popular Artificial Intelligence (AI) agents and AI services. Cybercriminals exploited trusted brands to lure victims into downloading malicious files, with fake ChatGPT applications accounting for 49% of all detected attacks, while Claude and Gemini each represented 18%. Kaspersky presented these insights at its annual flagship European conference, Kaspersky HORIZONS, in Rome on May 19, highlighting the evolving risks facing organizations and critical infrastructure.
Since the beginning of the year, Kaspersky researchers have identified more than 15,000 samples of malware masquerading as agentic AI software, including fake versions of rapidly growing tools such as OpenClaw. Among these samples were banking trojans, spyware, banking credential stealers, exploits, and malware downloaders capable of deploying additional malicious payloads.
In May 2026, Kaspersky Global Research and Analysis Team (GReAT) has also uncovered a new campaign linked to the Silver Fox advanced persistent threat (APT) group. In this operation, attackers distributed fake Claude AI applications for Windows, macOS, and Linux, targeting users seeking access to AI tools. Once launched, the malicious installers silently deployed malware onto victims’ devices, enabling long-term access to compromised systems and sensitive information.
Earlier investigations by Kaspersky researchers also identified infostealers disguised as Claude Code, OpenClaw, and other agentic AI tools, highlighting a broader trend in which threat actors increasingly weaponize trust in widely used AI platforms and services.
According to Kaspersky research, 99% of companies plan to use AI within their security processes. At the same time, attackers are increasingly targeting supply chains, open-source AI tools, and trusted AI brands to gain access to corporate systems and sensitive data. In fact, supply chain compromise is becoming one of the most critical risks associated with AI adoption. As organizations rely on interconnected AI ecosystems, a single compromised component can expose entire networks and disrupt operations across multiple organizations.
One recent example involved the compromise of LiteLLM, a widely used Python library for accessing AI models, which reportedly had approximately 97 million monthly downloads worldwide. Malicious code embedded within the tool was capable of stealing database credentials, cryptocurrency wallet files, and other sensitive information.
Cybercriminals are also disguising malicious tools as legitimate AI solutions, plugins, and services designed to appear trustworthy, encouraging users to voluntarily provide sensitive data or install malware.
Beyond traditional malware and supply chain threats, organizations also face risks inherent to AI systems themselves, including data leakage, biased or manipulated datasets, data poisoning attacks, prompt injection, and unpredictable model behavior or hallucinations.
Kaspersky experts also warn of a growing threat from so-called “malicious skills” – hidden harmful capabilities embedded into AI workflows. These may appear as legitimate plugins, prompts, or extensions but are designed to secretly perform malicious actions such as data exfiltration, reconnaissance, or manipulation of outputs.
Organizations increasingly expect AI to improve operational efficiency. According to Kaspersky research, 57% of companies anticipate better threat detection capabilities through AI, while 49% expect automated response capabilities.
However, automation can also introduce new risks. Errors generated by AI systems can scale rapidly, and automated decisions may occur without sufficient oversight. Experts emphasize that the human factor remains one of the most significant security risks, including overreliance on AI technologies, misuse of systems, and lack of operational vigilance.
The shortage of qualified cybersecurity personnel, combined with evolving AI-driven threats and data quality challenges, makes a structured AI implementation strategy essential.
Implementing AI-driven automation requires a systematic and well-thought-out approach.
Kaspersky recommends organizations adopt the following principles:
• Standardization: Unified interfaces, data formats, and communication protocols to ensure consistent control and security across systems
• Minimum necessary data exchange: Each party should only receive the data strictly required to perform its function
• Managed trust: Clear identification of who or what is interacting with the system, including defined permissions for AI agents and services
• Human oversight: The ability to manually intervene in critical processes where necessary
• Phased deployment: Gradual implementation with predefined rollback scenarios to reduce operational risk
Speaking at the conference, Luana Lo Piccolo, Senior Advisor on Tech Law, AI Governance and Digital Global Affairs, stated that “as AI systems evolve from assistants into autonomous actors, the challenge is no longer only technical resilience, but accountable autonomy.” She emphasized that organizations must adopt governance frameworks that clearly define where human oversight remains essential, how accountability is distributed, and how to maintain control as AI systems operate with increasing speed, scale, and autonomy.
From a technical perspective, Andrea Fumagalli, Cybersecurity and AI advisor, stressed that “organizations must adopt an ‘Assume Breach’ mindset and move beyond traditional resilience toward cybersecurity endurance, especially as AI-driven threats become faster, more autonomous, and increasingly coordinated. In the near future, these threats could have unprecedented impact, particularly when combined with advances in quantum computing.”
For more than 20 years, AI and machine learning technologies have been applied in cybersecurity to detect and respond to threats at scale.
Kaspersky recommends the following solutions:
• Managed Detection and Response (MDR)
Kaspersky Managed Detection and Response enables expert-driven security operations. Its AI-driven automation layer now processes around 25% of incoming security events, while human analysts continue to review cases to ensure quality and reduce false positives.
• Security Information and Event Management (SIEM)
Kaspersky SIEM enables proactive detection of unknown and emerging threats.The solutionaggregates, analyzes and stores log data across the entire IT infrastructure, providing contextual enrichment and actionable threat intelligence insights. Recently, this solution was empowered by a series of advanced AI features, such as the capability to identify signs of dynamic link library (DLL) hijacking and the mechanism for detecting potential account compromise.
• AI assistant for analysts
AI-powered assistants help Security Operations Center (SOC) analysts analyze incidents faster and more accurately by processing, prioritizing, and contextualizing large volumes of security data. For example, Kaspersky Investigation and Response Assistant (KIRA AI) is designed to reduce the cognitive load on analysts by deobfuscating command lines, generating incident summaries, and translating natural-language threat hunting requests into structured telemetry queries. KIRA AI is available through an additional license within Kaspersky SIEM or Kaspersky Next.
The combination of AI-driven automation and human expertise enables organizations to manage rapidly growing data volumes while maintaining control, accuracy, and resilience in an increasingly AI-targeted threat landscape.
