Skip to main content

Darktrace publishes annual threat report 2026

Darktrace published its Annual Threat Report 2026, which presented findings on the global cyber threat landscape and identified changes in attacker behavior that shaped cyber risk during 2025.

The report found a 20% year-over-year increase in publicly disclosed vulnerabilities and recorded 32 million phishing emails detected globally in 2025; it also reported that nearly 70% of incidents in the Americas began with stolen or misused accounts and that cloud compromise had become a primary entry vector in multiple regions.

On technical indicators, Darktrace reported Azure accounted for 43.5% of observed malware samples versus 33.2% for Google Cloud Platform and 23.2% for Amazon Web Services, while Docker environments drew 54.3% of unique malicious IP addresses against honeypots. Email threats showed higher sophistication: AI-assisted social engineering rose from 32% to 38%, long-form messages increased from 27% to 33%, QR code phishing grew from 940,000 to over 1.2 million (a 28% increase), more than 1.6 million messages relied on fresh domains, and 70% of phishing emails passed DMARC authentication.

The Annual Threat Report 2026 drew on analysis across Darktrace’s global customer base and data collected throughout 2025, including behavioral anomalies, threat notifications, and real-world case studies, combined with intelligence from national agencies, cyber intelligence partners, and open-source sources such as Computer Emergency Readiness Team (CERT) advisories and dark-web collection.

“Traditional perimeter defenses were built for a world where attackers had to break in,” said Nathaniel Jones, VP of Security and Artificial Intelligence (AI) Strategy at Darktrace. “Phishing has become far more convincing and far more targeted,” said Nathaniel Jones, VP of Security and AI Strategy at Darktrace.

Darktrace said it will release a series of region-specific reports and scheduled a webinar for March 11 to discuss the report’s findings.

Provided by Globe Newswire on behalf of Darktrace. Click to read original content.