We use third-party cookies in order to personalize your site experience. See our Privacy Policy.

Technology thesis · Cybersecurity

high conviction growth

AI-powered cyber threats

AI-powered attacks are the fastest-growing category of cyber threats; deepfakes, automated social engineering, and agentic ransomware are outpacing defensive capabilities.

Position maintained continuously · last reviewed Apr 22, 2026

The thesis

Core thesis

Adversaries exploit legitimate GenAI tools at 90+ organisations. The CEO doppelganger — a perfect AI-generated replica commanding the enterprise in real-time — is now operational. Agentic AI handles ransomware reconnaissance, vulnerability scanning, and ransom negotiations without human oversight. Machine identities outnumber human employees 82-to-1. Defensive AI lags offensive AI by 12-18 months.

State of the art (2026)

The threshold moment was Anthropic's November 2025 disclosure of GTG-1002, a Chinese state-sponsored group that turned Claude Code into an autonomous espionage operator against roughly thirty targets — the model executed an estimated 80–90% of the campaign with human operators intervening for only minutes. That collapses the old comfort that AI merely advises attackers; it now runs the operation. The commodity layer has moved in parallel: agentic tooling automates reconnaissance, payload delivery and privilege escalation, the bulk of phishing is now AI-generated, and deepfake voice and video impersonation has become routine in fraud after the Arup case. Defensive AI — XBOW-style autonomous pen-testing, Microsoft Security Copilot, agentic SOC tooling — is real but still trails offensive capability, leaving enterprises exposed during the lag.

The rest of the file

Everything below is live inside CanaryIQ

The full analysis behind the verdict — the structure is real; the content unlocks when you log in.

Signal stack

Evidence stacked leading → lagging

11 signals
talent
research
patent
expert
operational
regulatory
market

Technology-native KPIs

Metrics that predict trajectory, tracked over time

1 tracked
Machine identities vs human employees

Landscape map

Who builds what — and who depends on whom

72 players · 6 layers

Catalyst calendar

Dated events that will move the position

4 ahead

Technology roadmap

Milestones on the path to maturity

8 milestones

Watchlists

Companies, people and papers — each with a remove-by condition

20 · 20
Companies · 20
People · 20

Decision frameworks

The same call, framed for your desk

Locked
Public Equity
PE / VC
Corporate Leader

Thesis changelog

When our view changed, and why

4 updates

Change our mind

2 disconfirming conditions

The rest is inside

You've read the verdict. The file is much deeper.

The full signal stack, technology-native KPIs tracked over time, the landscape of who depends on whom, the dated catalyst calendar, decision frameworks for every desk, live watchlists and the changelog of every time our call on AI-powered cyber threats has changed — all live inside CanaryIQ.

Log in to read the full analysis Create an account