AI-Powered Cyberattacks Hit a Record in 2026: Phishing Up 1,265%, Airports Grounded, AI Training Data Stolen
April 13, 2026 · 11 min read
TL;DR
- Q1 2026 is the most damaging period for cyberattacks in recorded history. Four simultaneous threat clusters are operating at unprecedented scale.
- AI-generated phishing surged 1,265% since 2023. Now 82.6% of phishing emails contain AI-generated content, arriving every 19 seconds in some environments.
- Mercor — the AI training data vendor supplying OpenAI, Anthropic, and Meta simultaneously — was breached. 4TB stolen. Meta paused all contracts.
- European airports were grounded April 6: Heathrow, Charles de Gaulle, Frankfurt, and Copenhagen all hit. 1,600+ flights disrupted.
- On April 7, Treasury Secretary Bessent and Fed Chair Powell held an emergency meeting with Goldman Sachs, Citigroup, and three other major bank CEOs specifically about Claude Mythos cyber risks.
Senior U.S. government officials held emergency meetings about it. Banks were briefed. Airports were grounded. And almost none of it received proportionate media attention. Q1 2026 is the most consequential quarter for cybersecurity in the history of the internet — and the story is fundamentally an AI story.
The same AI tools that power productivity — phishing generation, vulnerability discovery, voice synthesis — are also the primary engine of the current attack wave. Here is a complete accounting of what happened and what it means.
The AI Phishing Explosion: By the Numbers
The clearest way to understand the scale of the change is through statistics. AI has transformed phishing from a labor-intensive craft into an automated industrial process.
| Metric | Value |
|---|---|
| AI-generated phishing increase since 2023 | +1,265% |
| Share of phishing emails with AI-generated content | 82.6% |
| Time to generate AI spear-phishing email | ~5 minutes |
| Time to write equivalent human phishing email | ~16 hours |
| Voice phishing (vishing) growth | +442% |
| Ransomware incidents in March 2026 alone | 672 |
| 2025 total ransomware incidents (YoY increase) | 1,174 (+49%) |
| Salesforce campaign: records stolen by SLH group | ~1.5 billion |
| Salesforce campaign: organizations compromised | 300–400 |
| Malicious emails in some environments | Every 19 seconds |
The 1,265% figure represents the total growth in AI-generated phishing since 2023 — the year large language models became widely accessible to non-technical users. The practical implication is that attackers who once needed specialized writing skills to craft convincing phishing emails can now generate them in five minutes at scale. A voice phishing call that once required a skilled social engineer now requires a voice model and a phone number.
One observed holiday attack surge showed AI-generated attacks jumping from 4% to 56% of total attack volume within weeks. This is not gradual adoption — it is a phase transition. Once AI attack tooling becomes available on criminal marketplaces, adoption is near-instant.
The Four Threat Clusters Operating Simultaneously
Security researchers have identified four distinct threat clusters running major operations in Q1 2026. The simultaneous activity is not coordinated between the groups — they are separate state and criminal actors — but the overlap is creating compounding damage.
| Threat Actor | Primary Target | Impact |
|---|---|---|
| Iran / Handala / Void Manticore | Stryker Corporation | 200,000 devices wiped across 79 countries via Microsoft Intune compromise |
| Scattered LAPSUS$ Hunters | Salesforce platform | ~1.5 billion records stolen; 300–400 organizations affected including Google, Cisco, Adidas, LVMH, Okta |
| North Korea / UNC1069 | Axios npm package | 100M weekly-download package hijacked; malicious versions ran for 2–3 hours |
| Russia / APT28 | Ukraine + 60 European targets | CVE-2026-21509 (Microsoft Office) weaponized within days of patch release |
| Unknown (suspected state actor) | Heathrow, CDG, Frankfurt, Copenhagen | 1,600+ flights cancelled or delayed on April 6, 2026 |
| Scattered LAPSUS$ Hunters | Mercor (AI training vendor) | 4TB extracted including OpenAI, Anthropic, Meta training data; Meta paused all Mercor contracts |
| Unknown | Oracle Cloud | 6 million records, 140,000 tenants affected |
| Unknown | FBI wiretap network | Classified as 'major incident'; investigation ongoing |
The Salesforce Mega-Breach
The Scattered LAPSUS$ Hunters — a merger of ShinyHunters, Scattered Spider, and LAPSUS$ completed in August 2025 — executed the largest single campaign in Q1. Their Salesforce attack compromised 300–400 organizations and extracted approximately 1.5 billion records. The attack vector was a Salesforce platform integration compromise — not a Salesforce vulnerability, but a weakness in how organizations had connected third-party SaaS tools to their Salesforce environments.
The victim list includes Google, Cisco, Adidas, LVMH, Louis Vuitton, Dior, Okta, AMD, and LastPass. The breadth is not coincidental. SaaS-to-SaaS integrations create a topology where compromising one platform gives attackers lateral access to dozens of connected applications. The defenders were protecting perimeters that no longer exist as their primary attack surface.
The Mercor Breach: AI's Supply Chain Problem
The Mercor breach is the incident most directly relevant to the AI industry. Mercor is a $10 billion AI training data and contractor management vendor. Its client list includes OpenAI, Anthropic, and Meta — simultaneously. The attackers gained access through the LiteLLM open-source library supply chain.
The extracted data includes 211GB of databases, 939GB of source code, and 3 terabytes of storage containing training videos and contractor interaction records. The total is approximately 4 terabytes — covering the proprietary training processes of all three of the top frontier AI labs in the US.
Meta has paused all AI contracts with Mercor indefinitely. Anthropic and OpenAI have not made public statements about their response. The breach exposes a structural concentration risk in AI development: the entire frontier AI industry uses a small number of shared data vendors, and those vendors are now high-value attack targets. A supply chain compromise at one vendor is a simultaneous attack on every lab that uses it.
The Airport Attack and the Treasury Meeting
On April 6, 2026, a coordinated attack crippled four major European airports — Heathrow, Charles de Gaulle, Frankfurt, and Copenhagen — disrupting more than 1,600 flights. The attack targeted shared airport infrastructure systems. It is the largest aviation disruption caused by a cyberattack in history.
The following day, April 7, a different kind of response occurred in Washington. Treasury Secretary Bessent and Federal Reserve Chair Powell convened an emergency meeting with CEOs of Goldman Sachs, Citigroup, Morgan Stanley, Bank of America, and Wells Fargo. The stated agenda was Claude Mythos — specifically Anthropic's most capable AI model and its potential as an offensive cyber tool against financial infrastructure.
This meeting is extraordinary for two reasons. First, it reveals that U.S. government officials are taking the offensive capabilities of Claude Mythos seriously enough to brief the heads of every major U.S. bank. Second, it happened on the same day that Anthropic's status page was showing a capacity incident. The timing underscores that the AI safety conversation is no longer theoretical — it is happening at the highest levels of financial and regulatory authority.
Use AI to defend, not just create
Happycapy Pro gives you access to Claude, GPT-5.4, Gemini 3.1 Pro, and specialized security analysis Skills — all for $17/month. Use AI to draft security policies, analyze vendor risk, train teams on phishing recognition, and stay current on emerging threats.
Try Happycapy FreeThe Structural Pattern: There Is No Perimeter Anymore
Security researchers analyzing Q1 2026 note a consistent pattern across all four threat clusters: every major breach was achieved by exploiting upstream dependencies rather than by directly attacking the target organization.
The Stryker attack used a Microsoft Intune compromise. The Salesforce mega-breach used SaaS integrations. The Mercor breach used an open-source library. The Axios npm attack used a fake company identity to gain developer trust. In each case, the attacker did not need to defeat the target's own security — they found a vendor or dependency that the target trusted, and attacked that instead.
The modern enterprise no longer has a defensible perimeter. It has a supply chain of trust relationships — SaaS tools, cloud platforms, open-source libraries, telecommunications providers — and any link in that chain can be turned against the host. The perimeter security investments of the last 20 years do not protect against this attack surface.
Ransomware volume in March 2026 alone reached 672 incidents. The full year 2025 recorded 1,174 total ransomware incidents — a 49% year-over-year increase. Healthcare absorbed 22% of attacks. The trend line points upward in every dimension.
What Organizations Need to Do
The Q1 2026 threat landscape demands responses that go beyond patching and awareness training. Three structural changes matter most:
Hardware security keys are now mandatory, not optional. Voice phishing achieves 54% click-through rates in controlled tests versus 12% for controls. Any MFA that can be defeated by a convincing phone call — SMS, app-based TOTP, push notifications — is insufficient against current vishing capabilities. FIDO2 hardware keys are the only phishing-resistant authentication standard that AI-generated social engineering cannot bypass.
Vendor concentration is now a board-level risk, not an IT issue. The Mercor breach demonstrates that using one vendor across multiple critical functions — even a trusted, well-funded vendor — creates systemic exposure. Boards need visibility into which vendors are single points of failure across AI, security, and operational systems.
AI-powered defense must match AI-powered offense. The 82.6% AI content share in phishing emails means human-reviewed email filtering is structurally outmatched. AI-powered detection that can identify AI-generated content patterns at scale is no longer optional infrastructure. Organizations running legacy email security that was designed for human-written attacks are operating with tools that are two generations behind the current threat.
FAQ
How much has AI-powered phishing increased in 2026?
AI-generated phishing surged 1,265% since 2023. As of Q1 2026, 82.6% of all phishing emails contain AI-generated content. An AI can generate a convincing spear-phishing email in approximately 5 minutes — compared to 16 hours for a human-written equivalent. This is why volume has scaled so rapidly: the labor cost of phishing has collapsed while quality has increased.
What was the Mercor breach and why does it matter?
Mercor is a $10 billion AI training data vendor used simultaneously by OpenAI, Anthropic, and Meta. Attackers compromised it through the LiteLLM open-source library supply chain, extracting 4TB of data including training datasets and contractor records for all three labs. Meta paused all Mercor contracts indefinitely. The breach exposes the concentration risk of the entire AI industry relying on a small set of shared training vendors.
What happened to European airports on April 6, 2026?
A coordinated cyberattack struck Heathrow, Charles de Gaulle, Frankfurt, and Copenhagen simultaneously on April 6, 2026, disrupting more than 1,600 flights. The attack targeted shared airport infrastructure systems and is the largest aviation disruption caused by a cyberattack in recorded history. Full attribution has not been publicly confirmed.
What can organizations do to defend against AI-generated attacks?
Three priorities: hardware security keys for all authentication (phishing-resistant against AI-generated vishing), AI-powered email filtering that detects AI-generated content at scale (human-reviewed filtering cannot match current attack volume), and vendor dependency auditing to eliminate single points of failure across SaaS and open-source supply chains. Perimeter defenses are inadequate against the current attack topology — supply chain security is the critical gap.