Threat actor abuse of AI accelerates from tool to cyberattack surface

The report describes how threat actors have embedded AI across the entire attack lifecycle—accelerating reconnaissance, refining phishing lures, enabling MFA-bypass middlebox attacks, and industrializing access via composable subscription services like Tycoon2FA (linked to Storm-1747), which impacted tens of thousands of organizations; it also covers disruption efforts (domain seizures) and recommends prioritizing agent governance, inventory, and intelligence-driven defenses to counter this scalable, AI-enabled threat model.