A new analysis from Fortune highlights a concerning shift in the economics of cybercrime: artificial intelligence is dramatically lowering the cost and complexity of launching sophisticated attacks. Researchers at cloud security firms found that AI-powered tools can complete advanced offensive security tasks for as little as tens of dollars in computational costs — compared with the hundreds of thousands of dollars such work would have cost if done manually by expert human hackers. This means bad actors with minimal resources can now automate many steps of an attack, making cyber threats far more accessible and widespread.
The study cited in the article showed AI agents were able to succeed in the majority of controlled attack simulations, solving complex real-world security challenges with little human supervision. Part of the reason for this rapid capability growth is that large language models and autonomous AI agents can stay focused across multiple steps and adapt to changing parameters during an attack, something earlier tools struggled with. As a result, tasks once limited to skilled specialists are now effectively automated and affordable for less-sophisticated attackers.
This shift has serious implications for businesses of all sizes. Security leaders warn that the traditional assumption — that only well-funded adversaries can mount sophisticated attacks — no longer holds. When the cost of probing for weaknesses drops near zero, almost every exposed system can become a target, and every vulnerability quickly worth testing. Many organizations still defend themselves as if attacks require substantial human effort, leaving them exposed in a landscape where cheap, automated AI attacks can be launched at scale.
To respond, companies are being urged to embrace AI not only for offense but for defense. Without leveraging AI-augmented security tools themselves, defenders risk falling behind attackers who are already using these methods. This means adopting smarter monitoring, threat detection, and automated response systems that can keep pace with the speed and scale of AI-driven threats. At the same time, raising cybersecurity awareness across the workforce has become more crucial, since everyday applications developed by non-technical teams may unintentionally expand the attack surface.
