Nearly three in 10 U.S. businesses (29%) experienced at least one cyber incident in the past year in which AI was believed to have been used as part of the attack, according to a QBE North America survey of 400 decision-makers at companies with 100 to 2,000 employees.
The findings anchor a broader report, produced jointly by QBE North America and global risk consultant Control Risks, that examines how agentic AI is reshaping the threat landscape for commercial espionage, fraud, and insider threats across industries.
“Agentic AI represents a step-change in how threat actors operate by compressing timelines and expanding capabilities in ways organizations have never faced before,” said Ian Walsh, vice president and U.S. Cyber Product Leader for QBE North America.
Unlike conventional generative AI tools, agentic AI systems are designed to pursue complex, multi-step goals with limited human supervision, using reasoning, planning, and tool orchestration to take independent action across software systems to solve problems in real time. For threat actors, the report said, these systems function as an expert-level force multiplier, compressing what once required a team of hackers into a fraction of the time.
A Documented Espionage Campaign Illustrates the Threat
The report points to a specific and consequential example. In late 2025, AI research company Anthropic detected what it described as the first reported AI-orchestrated cyber espionage campaign, attributed to a suspected Chinese state-sponsored group. The attackers used Anthropic’s own Claude model to target approximately 30 organizations globally, including large technology companies, financial institutions, chemical manufacturers, and government agencies, and were successful in some cases.
Anthropic investigators estimated that Claude conducted 80% to 90% of the tactical operations involved, including reconnaissance, vulnerability identification, data exfiltration, and backdoor creation, all with minimal human intervention. Human operators selected the initial targets and engaged with the system at only four to six critical decision points per campaign. To initiate the attacks, operators bypassed Claude’s built-in safety guardrails by instructing it that it was performing legitimate defensive security testing, the report said.
Anthropic investigators noted that the AI occasionally hallucinated credentials or misidentified publicly available data as extracted secrets, which the report identified as a current limiting factor for fully autonomous attacks. Even so, the scale and speed of the campaign alarmed investigators, and the report cautioned that the tactics employed by sophisticated nation-state actors are typically adopted quickly by cybercriminals and other less-resourced threat actors.
Fraud Operations Are Being Automated at Scale
Beyond espionage, the report detailed how agentic AI is transforming fraud. Human fraudsters can now automate large portions of their criminal operations, relying on agentic systems to manage synthetic personas, coordinate interactions with targets across multiple platforms simultaneously, and adapt in real time to defensive countermeasures, all without continuous human direction.
This dynamic is particularly significant for account takeover, credential stuffing, and business email compromise schemes, where agentic AI can operate at speeds no human team could match. The report noted that these capabilities are also lowering the barrier to entry for less sophisticated actors, enabling complex fraud operations that previously required significant technical expertise.
The report also flagged a governance gap that compounds the exposure: fewer than 20% of U.S. organizations are estimated to have optimized AI governance frameworks, leaving the vast majority with limited visibility into autonomous AI activity within their own environments.
Risk Management Implications
For organizations, the report recommended a layered, defense-in-depth approach centered on strict identity and access management, least-privilege controls, continuous identity verification, and behavioral monitoring, supplemented by AI-enabled threat detection tools. Agentic AI integrations within enterprise environments should be treated as privileged systems, with tight network controls, logging, and short-lived access tokens, the report said.
The report also highlighted an insurance coverage gap alongside the security gap. Only 67% of U.S. businesses with 100 to 2,000 employees carry cyber insurance, while 24% have none, according to a QBE survey. As threat actors continue to adopt agentic AI capabilities, the report concluded, organizations that fail to invest in both defensive AI systems and foundational security practices face compounding exposure in a threat environment that shows no signs of slowing.
Obtain the full report here . &