THREAT OPS › Threat News › AI Threat Landscape Digest March-April 2026
AI Threat Landscape Digest March-April 2026
<h2 class="wp-block-heading">Executive Summary</h2>
<p>During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware groups, and state-sponsored espionage, show evidence of commercial AI models execut
Attributed threat actors
- Earth LuscaG1006
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2025-55182cve
- CVE-2025-59536cve
- CVE-2026-21852cve
- CVE-2026-34197cve
- CVE-2026-33626cve
- https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdfurl
- https://gambit.security/blog-post/a-single-operator-two-ai-platforms-nine-government-agencies-the-full-technical-reporturl
- https://thedfirreport.com/2026/04/22/bissa-scanner-exposed-ai-assisted-mass-exploitation-and-credential-harvesting/url
- https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/url
- https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/url
- https://red.anthropic.com/2026/mythos-preview/url
- https://www.anthropic.com/glasswingurl
- https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/url
- https://www.sysdig.com/blog/cve-2026-33626-how-attackers-exploited-lmdeploy-llm-inference-engines-in-12-hoursurl