Kategorie

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]

Microsoft plans to retire “Together Mode” in Teams next month and is encouraging users to access its Gallery view for video calls instead. 

The company launched Together Mode in the early months of the Covid-19 pandemic, as Teams usage rocketed and businesses sought ways to connect staff when physical offices closed due to social distancing policies. 

Together Mode was positioned as a “shared virtual space” to enhance the feeling of connection while on a video call, with participants’ video feed cropped and placed in virtual scenes such as a conference room, coffee shop, or amphitheater. Microsoft claimed that Together Mode users were less likely to experience video meeting fatigue — a common complaint among remote workers as tools such as Teams and Zoom became the norm for office collaboration.

The feature could be seen as part of a wider push for more engaging and immersive meeting experiences, a move that extended to Microsoft’s metaverse for work concept, with its Mesh 3D meeting platform.

Microsoft retired Mesh last December (though an app for immersive events is still available with certain Teams subscriptions), and now Together Mode faces the same fate. 

Together Mode will no longer be available as of June 30, a move that will “simplify the meeting experience” for users, said Katarina Tranker, Teams product manager, in a Monday blog post. At this point, the feature will be removed as an option from the View menu in Teams meetings, with the Gallery view the primary layout for group meetings. 

“Today, the core need Together mode was designed to support, namely seeing the people who matter in a meeting, can now be fully met by the modern Gallery view, which can display up to 49 participants at once,” said Tranker.

The move to a single layout means fewer clicks for users and enables the product development team to move quicker to add new features, Microsoft said, while the Gallery is also less demanding on devices.

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster,[email protected]

IT threat evolution in Q1 2026. Mobile statistics
IT threat evolution in Q1 2026. Non-mobile statistics

In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all sections of the report except for the statistics on installation packages, which remained unchanged.

To illustrate the differences between the reporting periods, we have also recalculated data for the previous quarters. Consequently, these figures may significantly differ from the previously published ones. However, subsequent reports will employ this new methodology, enabling precise comparisons with the data presented in this post.

The Kaspersky Security Network (KSN) is a global network for analyzing anonymized threat information, voluntarily shared by users of Kaspersky solutions. The statistics in this report are based on KSN data unless explicitly stated otherwise.

The quarter in numbers

According to Kaspersky Security Network, in Q1 2026:

• More than 2.67 million attacks utilizing malware, adware, or unwanted mobile software were prevented.
• The Trojan-Banker category was the prevalent mobile malware threat with a 10.86% share of total detections.
• More than 306,000 malicious installation packages were discovered, including:
  • 162,275 packages related to mobile banking Trojans;
  • 439 packages related to mobile ransomware Trojans.

Quarterly highlights

The number of malware, adware, or unwanted software attacks on mobile devices decreased to 2,676,328 in Q1, down from 3,239,244 in the previous quarter.

Attacks on users of Kaspersky mobile solutions, Q3 2024 — Q1 2026 (download)

The overall drop in attack volume stems primarily from a reduction in adware and RiskTool detections. Nonetheless, this trend does not equate to a lower risk for mobile users. As shown later in this report, the number of unique users targeted by these threats remained relatively stable.

In Q1, Synthient researchers identified a link between the notorious Kimwolf botnet and the IPIDEA proxy network. This network was later taken down in cooperation with GTIG.

In early 2026, we discovered several apps on Google Play and the App Store that contained a new version of the SparkCat crypto stealer.

The Trojan code, meticulously concealed, was embedded into the infected Android apps. The obfuscated malicious Rust library was decrypted using a Dalvik-like virtual machine custom-built by the attackers. The iOS version of the malware also underwent several changes; specifically, the attackers began leveraging Apple’s proprietary Vision framework for optical character recognition (OCR).

Mobile threat statistics

The number of Android malware samples saw a slight increase compared to Q4 2025, reaching a total of 306,070.

Detected malicious and potentially unwanted installation packages, Q1 2025 — Q1 2026 (download)

The detected installation packages were distributed by type as follows:

Detected mobile apps by type, Q4 2025* — Q1 2026 (download)

* Data for the previous quarter may differ slightly from previously published figures due to certain verdicts being retrospectively revised.

Threat actors once again ramped up the production of new banking Trojans; as a result, this category overtook all others in volume, accounting for more than half of all installation packages.

Share* of users attacked by the given type of malicious or potentially unwanted app out of all targeted users of Kaspersky mobile products, Q4 2025 — Q1 2026 (download)

* The total percentage may exceed 100% if the same users encountered multiple attack types.

Following the surge in banking Trojan installation packages, the number of associated attacks also rose, causing Trojan-Banker apps to climb one spot in terms of their share of targeted users. Mamont variants emerged as the most prevalent banking Trojans, accounting for 73.5% of detections, with the rest of the users encountering Faketoken, Rewardsteal, Creduz, and other families.

Yet banking Trojans were still outpaced by adware and RiskTool-type unwanted apps when measured by the total number of affected users. Despite a decrease in their share of installation packages, these two app types retained their positions as the top two threats by attack volume. The most common adware detections involved HiddenAd (44.9%) and MobiDash (38.1%), while most frequently seen RiskTool apps were Revpn (67%) and SpyLoan (20.5%).

TOP 20 most frequently detected types of mobile malware

Note that the malware rankings below exclude riskware or potentially unwanted software, such as RiskTool or adware.

Verdict %* Q4 2025 %* Q1 2026 Difference in p.p. Change in ranking Backdoor.AndroidOS.Triada.ag 2.62 7.09 +4.48 +10 DangerousObject.Multi.Generic. 6.75 5.84 -0.92 -1 DangerousObject.AndroidOS.GenericML. 3.52 5.51 +1.99 +6 Trojan-Banker.AndroidOS.Mamont.jo 0.00 5.28 +5.28 Trojan.AndroidOS.Fakemoney.v 5.40 3.44 -1.96 -1 Trojan-Downloader.AndroidOS.Keenadu.l 0.00 3.35 +3.35 Trojan-Banker.AndroidOS.Mamont.jx 0.00 3.09 +3.09 Backdoor.AndroidOS.Triada.z 4.87 3.08 -1.79 -2 Trojan.AndroidOS.Triada.fe 5.01 2.98 -2.02 -4 Backdoor.AndroidOS.Keenadu.a 2.07 2.73 +0.66 +6 Trojan-Banker.AndroidOS.Mamont.jg 0.34 2.37 +2.03 Trojan.AndroidOS.Triada.hf 2.15 2.23 +0.07 +3 Trojan.AndroidOS.Boogr.gsh 2.35 2.15 -0.20 0 Trojan.AndroidOS.Triada.ii 5.68 2.07 -3.60 -11 Backdoor.AndroidOS.Triada.ae 1.91 1.76 -0.16 +3 Backdoor.AndroidOS.Triada.ab 1.79 1.72 -0.08 +3 Trojan.AndroidOS.Triada.gn 2.38 1.58 -0.80 -5 Trojan-Banker.AndroidOS.Mamont.gg 1.56 1.50 -0.06 +2 Trojan.AndroidOS.Triada.ga 1.48 1.50 +0.01 +4 Backdoor.AndroidOS.Triada.ad 0.53 1.40 +0.87 +44

* Unique users who encountered this malware as a percentage of all attacked users of Kaspersky mobile solutions.

The pre-installed Triada.ag backdoor rose to the top spot; it is similar to the older Triada.z version we documented previously. Because the same variant was pre-installed across a wide range of devices, the total number of affected users is aggregated. Consequently, Triada outpaced even Mamont, as users encountered a variety of Mamont variants, causing the share of that banking Trojan to spread across multiple rows. Other pre-installed Triada variants (Triada.z, Triada.ae, Triada.ab, and Triada.ad) also made the rankings. Furthermore, we observed increasing activity from the Keenadu.a backdoor, while diverse variants of the embedded Triada Trojan remained in the rankings.

Mobile banking Trojans

Q1 2026 saw a characteristic rise in mobile banking Trojan activity, with the number of packages totaling 162,275, a 50% increase compared to the prior quarter.

Number of installation packages for mobile banking Trojans detected by Kaspersky, Q1 2025 — Q1 2026 (download)

We saw a similar growth in the previous quarter, with banking Trojan volumes rising by 50% during that period as well. Various Mamont variants accounted for the absolute majority of packages and represented nearly every entry in the rankings of most frequent banking Trojans by affected user count.

TOP 10 mobile bankers Verdict %* Q4 2025 %* Q1 2026 Difference in p.p. Change in ranking Trojan-Banker.AndroidOS.Mamont.jo 0.00 15.75 +15.75 Trojan-Banker.AndroidOS.Mamont.jx 0.00 9.22 +9.22 Trojan-Banker.AndroidOS.Mamont.jg 1.47 7.08 +5.61 +24 Trojan-Banker.AndroidOS.Mamont.gg 6.79 4.48 -2.32 -3 Trojan-Banker.AndroidOS.Mamont.ks 0.00 3.98 +3.98 Trojan-Banker.AndroidOS.Agent.ws 6.03 3.78 -2.25 -2 Trojan-Banker.AndroidOS.Mamont.hl 4.30 3.27 -1.03 +1 Trojan-Banker.AndroidOS.Mamont.iv 6.00 3.08 -2.92 -3 Trojan-Banker.AndroidOS.Mamont.jb 3.93 3.07 -0.86 +1 Trojan-Banker.AndroidOS.Mamont.jv 0.00 2.79 +2.79

* Unique users who encountered this malware as a percentage of all users of Kaspersky mobile security solutions who encountered banking threats.

IT threat evolution in Q1 2026. Non-mobile statistics
IT threat evolution in Q1 2026. Mobile statistics

The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing statistical data.

Quarterly figures

In Q1 2026:

• Kaspersky products blocked more than 343 million attacks that originated with various online resources.
• Web Anti-Virus responded to 50 million unique links.
• File Anti-Virus blocked nearly 15 million malicious and potentially unwanted objects.
• 2938 new ransomware variants were detected.
• More than 77,000 users experienced ransomware attacks.
• 14% of all ransomware victims whose data was published on threat actors’ data leak sites (DLS) were victims of Clop.
• More than 260,000 users were targeted by miners.

Ransomware Quarterly trends and highlights Law enforcement success

In January 2026, it was reported that the FBI had seized the domains of the RAMP cybercrime forum, a major platform used extensively by ransomware developers to advertise their RaaS programs and to recruit affiliates. There has been no official statement from the FBI, nor is it clear if RAMP servers were seized. In a post on an external website, a RAMP moderator mentioned law enforcement agencies gaining control over the forum. The takedown disrupted a key element of the RaaS ecosystem, creating ripple effects for ransomware operators, affiliates, and initial access brokers.

A man suspected of links to the Phobos group was apprehended in Poland. He was charged with the creation, acquisition, and distribution of software designed for unlawfully obtaining information, including data that facilitates unauthorized access to information stored within a computer system.

In March, a Phobos ransomware administrator pleaded guilty to the creation and distribution of the Trojan, which had been used in international attacks dating back to at least November 2020.

In March, the U.S. Department of Justice charged a man who had acted as a negotiator for ransomware groups. The company he worked for specializes in cyberincident investigations. The prosecution alleges the suspect colluded with the BlackCat threat actor to share privileged insights into the ongoing progress of negotiations. Additionally, the suspect is alleged to have had a prior direct role in BlackCat attacks, serving as an affiliate for the RaaS operation.

In a separate development this March, a U.S. court sentenced an initial access broker associated with the Yanluowang ransomware group to 81 months of imprisonment. According to the U.S. Department of Justice, the convict facilitated dozens of ransomware attacks across the United States, resulting in over $9 million in actual loss and more than $24 million in intended loss.

Vulnerabilities and attacks

The Interlock group has been heavily exploiting the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software since at least January 26, 2026. The vulnerability enabled arbitrary Java code execution with root privileges on the affected device. This campaign demonstrates the ongoing reliance on zero-day vulnerabilities for initial access, a focus on network appliances as high-value entry points, and the rapid weaponization of new vulnerabilities within the ransomware ecosystem.

The most prolific groups

This section highlights the most prolific ransomware gangs by number of victims added to each group’s DLS. This quarter, the Clop ransomware (14.42%) returned to the top of the rankings, displacing Qilin (12.34%), which had held the leading position in the previous reporting period. Following closely is a new threat actor, The Gentlemen (9.25%). Emerging no later than July 2025, the group had already surpassed the activity levels of mainstays such as Akira (7.25%) and INC Ransom (6.13%).

Number of each group’s victims according to its DLS as a percentage of all groups’ victims published on all the DLSs under review during the reporting period (download)

Number of new variants

In Q1 2026, Kaspersky solutions detected six new ransomware families and 2938 new modifications. Volumes have returned to Q3 2025 levels following a surge in Q4 2025.

Number of new ransomware modifications, Q1 2025 — Q1 2026 (download)

Number of users attacked by ransomware Trojans

Throughout Q1, our solutions protected 77,319 unique users from ransomware. Ransomware activity was highest in March, with 35,056 unique users encountering such attacks during the month.

Number of unique users attacked by ransomware Trojans, Q1 2026 (download)

Attack geography TOP 10 countries and territories attacked by ransomware Trojans Country/territory* %** 1 Pakistan 0.79 2 South Korea 0.64 3 China 0.52 4 Tajikistan 0.40 5 Libya 0.38 6 Turkmenistan 0.36 7 Iraq 0.35 8 Bangladesh 0.33 9 Rwanda 0.30 10 Cameroon 0.28

* Excluded are countries and territories with relatively few (under 50,000) Kaspersky users.
** Unique users whose computers were attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country/territory.

TOP 10 most common families of ransomware Trojans Name Verdict %* 1 (generic verdict) Trojan-Ransom.Win32.Gen 33.90 2 (generic verdict) Trojan-Ransom.Win32.Crypren 6.38 3 WannaCry Trojan-Ransom.Win32.Wanna 5.87 4 (generic verdict) Trojan-Ransom.Win32.Encoder 4.68 5 (generic verdict) Trojan-Ransom.Win32.Agent 3.80 6 LockBit Trojan-Ransom.Win32.Lockbit 2.80 7 (generic verdict) Trojan-Ransom.Win32.Phny 1.99 8 (generic verdict) Trojan-Ransom.MSIL.Agent 1.96 9 (generic verdict) Trojan-Ransom.Python.Agent 1.93 10 (generic verdict) Trojan-Ransom.Win32.Crypmod 1.89

* Unique Kaspersky users attacked by the specific ransomware Trojan family as a percentage of all unique users attacked by this type of threat.

Miners Number of new variants

In Q1 2026, Kaspersky solutions detected 3485 new modifications of miners.

Number of new miner modifications, Q1 2026 (download)

Number of users attacked by miners

In Q1, we detected attacks using miner programs on the computers of 260,588 unique Kaspersky users worldwide.

Number of unique users attacked by miners, Q1 2026 (download)

Attack geography TOP 10 countries and territories attacked by miners Country/territory* %** 1 Senegal 3.19 2 Turkmenistan 3.06 3 Mali 2.63 4 Tanzania 1.62 5 Bangladesh 1.06 6 Ethiopia 0.95 7 Panama 0.88 8 Afghanistan 0.79 9 Kazakhstan 0.77 10 Bolivia 0.75

* Excluded are countries and territories with relatively few (under 50,000) Kaspersky users.
** Unique users whose computers were attacked by miners as a percentage of all unique users of Kaspersky products in the country/territory.

Attacks on macOS

In Q1 2026, Google uncovered a new cryptocurrency theft campaign. The scammers directed victims to a fraudulent video call, prompting them to execute malicious scripts under the guise of technical support fixes for connection problems.

In March, researchers with GTIG and iVerify reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices. The exploit kit was apparently marketed on the dark web, providing threat actors with a suite of spyware capabilities alongside specialized cryptocurrency exfiltration modules. The exploit was delivered via drive-by downloads when victims visited various compromised websites. Our analysis confirmed that the toolkit included an updated version of a component previously identified in the Operation Triangulation attack chain.

Devices running macOS were similarly impacted by the high-profile supply chain attack targeting the Axios npm package, a widely used HTTP client for JavaScript. The installation of the infected package led to the deployment of a backdoor on macOS devices.

TOP 20 threats to macOS

Unique users* who encountered this malware as a percentage of all attacked users of Kaspersky security solutions for macOS (download)

* Data for the previous quarter may differ slightly from previously published data due to some verdicts being retrospectively revised.

The share of PasivRobber spyware attacks is beginning to decline, giving way to more traditional adware and Monitor-class software capable of tracking user activity. The popular Amos stealer also maintains its presence within the TOP 20.

Geography of threats to macOS TOP 10 countries and territories by share of attacked users Country/territory %* Q4 2025 %* Q1 2026 China 1.28 1.97 France 1.18 1.07 Brazil 1.13 0.98 Mexico 0.72 0.52 Germany 0.71 0.45 The Netherlands 0.62 0.75 Hong Kong 0.49 0.53 India 0.42 0.48 Russian Federation 0.34 0.37 Thailand 0.24 0.27

* Unique users who encountered threats to macOS as a percentage of all unique Kaspersky users in the country/territory.

IoT threat statistics

This section presents statistics on attacks targeting Kaspersky IoT honeypots. The geographic data on attack sources is based on the IP addresses of attacking devices.

In Q1 2026, the share of devices attacking Kaspersky honeypots via the SSH protocol saw a significant increase compared to the previous reporting period.

Distribution of attacked services by number of unique IP addresses of attacking devices (download)

The distribution of attacks between Telnet and SSH maintained the ratio observed in Q4 2025.

Distribution of attackers’ sessions in Kaspersky honeypots (download)

TOP 10 threats delivered to IoT devices

Share of each threat delivered to an infected device as a result of a successful attack, out of the total number of threats delivered (download)

The primary shifts in the IoT threat distribution are linked to the activity of various Mirai botnet variants, although members of this family continue to account for the majority of the list. Furthermore, a new variant, Mirai.kl, surfaced in the rankings. We also observed a significant decline in NyaDrop botnet activity during Q1.

Attacks on IoT honeypots

The United States, the Netherlands, and Germany accounted for the highest proportions of SSH-based attacks during this period.

Country/territory Q4 2025 Q1 2026 United States 16.10% 23.74% The Netherlands 15.78% 17.57% Germany 12.07% 10.34% Panama 7.72% 6.34% India 5.32% 6.05% Romania 4.05% 5.82% Australia 1.62% 4.61% Vietnam 4.21% 3.50% Russian Federation 3.79% 2.35% Sweden 2.25% 2.09%

China continues to account for the largest proportion of Telnet attacks, though there was a marked increase in activity originating from Pakistan.

Country/territory Q4 2025 Q1 2026 China 53.64% 39.54% Pakistan 14.27% 27.31% Russian Federation 8.20% 8.25% Indonesia 8.58% 6.71% India 4.85% 4.66% Brazil 0.06% 3.30% Argentina 0.02% 2.51% Nigeria 1.22% 1.38% Thailand 0.01% 0.55% Sweden 0.54% 0.55% Attacks via web resources

The statistics in this section are based on detection verdicts by Web Anti-Virus, which protects users when suspicious objects are downloaded from malicious or infected web pages. These malicious pages are purposefully created by cybercriminals. Websites that host user-generated content, such as message boards, as well as compromised legitimate sites, can become infected.

TOP 10 countries and territories that served as sources of web-based attacks

The following statistics show the distribution by country/territory of the sources of internet attacks blocked by Kaspersky products on user computers (web pages redirecting to exploits, sites containing exploits and other malicious programs, botnet C&C centers, and so on). One or more web-based attacks could originate from each unique host.

To determine the geographic source of web attacks, we matched the domain name with the real IP address where the domain is hosted, then identified the geographic location of that IP address (GeoIP).

In Q1 2026, Kaspersky solutions blocked 343,823,407 attacks launched from internet resources worldwide. Web Anti-Virus was triggered by 49,983,611 unique URLs.

Web-based attacks by country/territory, Q1 2026 (download)

Countries and territories where users faced the greatest risk of online infection

To assess the risk of malware infection via the internet for users’ computers in different countries and territories, we calculated the share of Kaspersky users in each location on whose computers Web Anti-Virus was triggered during the reporting period. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries and territories.

This ranked list includes only attacks by malicious objects classified as Malware. Our calculations leave out Web Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.

Country/territory* %** 1 Venezuela 9.33 2 Hungary 8.16 3 Italy 7.58 4 Tajikistan 7.48 5 India 7.21 6 Greece 7.13 7 Portugal 7.10 8 France 7.05 9 Belgium 6.83 10 Slovakia 6.80 11 Vietnam 6.62 12 Bosnia and Herzegovina 6.57 13 Canada 6.56 14 Serbia 6.50 15 Tunisia 6.36 16 Qatar 6.01 17 Spain 5.95 18 Germany 5.95 19 Sri Lanka 5.89 20 Brazil 5.88

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky users.
** Unique users targeted by web-based Malware attacks as a percentage of all unique users of Kaspersky products in the country/territory.

On average during the quarter, 4.73% of users’ computers worldwide were subjected to at least one Malware web attack.

Local threats

Statistics on local infections of user computers are an important indicator. They include objects that penetrated the target computer by infecting files or removable media, or initially made their way onto the computer in non-open form. Examples of the latter are programs in complex installers and encrypted files.

Data in this section is based on analyzing statistics produced by anti-virus scans of files on the hard drive at the moment they were created or accessed, and the results of scanning removable storage media. The statistics are based on detection verdicts from the On-Access Scan (OAS) and On-Demand Scan (ODS) modules of File Anti-Virus and include detections of malicious programs located on user computers or removable media connected to the computers, such as flash drives, camera memory cards, phones, or external hard drives.

In Q1 2026, our File Anti-Virus detected 15,831,319 malicious and potentially unwanted objects.

Countries and territories where users faced the highest risk of local infection

For each country and territory, we calculated the percentage of Kaspersky users whose computers had the File Anti-Virus triggered at least once during the reporting period. This statistic reflects the level of personal computer infection in different countries and territories around the world.

Note that this ranked list includes only attacks by malicious objects classified as Malware. Our calculations leave out File Anti-Virus detections of potentially dangerous or unwanted programs, such as RiskTool or adware.

Country/territory* %** 1 Turkmenistan 47.96 2 Tajikistan 31.48 3 Cuba 31.03 4 Yemen 29.59 5 Afghanistan 28.47 6 Burundi 26.93 7 Uzbekistan 24.81 8 Syria 23.08 9 Nicaragua 21.97 10 Cameroon 21.60 11 China 21.09 12 Mozambique 21.02 13 Algeria 20.64 14 Democratic Republic of the Congo 20.63 15 Bangladesh 20.44 16 Mali 20.35 17 Republic of the Congo 20.23 18 Madagascar 20.00 19 Belarus 19.78 20 Tanzania 19.52

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky users.
** Unique users on whose computers local Malware threats were blocked, as a percentage of all unique users of Kaspersky products in the country/territory.

On average worldwide, Malware local threats were detected at least once on 11.55% of users’ computers during Q1.

Russia scored 11.92% in these rankings.

The trend shows no sign of slowing. McKinsey’s latest The State of AI report suggests that 88% of organizations now use AI in at least one business function. As adoption expands, so too will experimentation and tool creation — much of it occurring outside traditional IT processes and often beyond formal oversight.

For IT leaders, the implications are significant. They are no longer managing a closed, centrally controlled environment, but one where technology can emerge anywhere, spread rapidly, and influence core business processes in ways that are difficult to predict or contain.

“Shadow usage is dramatically outpacing production,” said Chris Drumgoole, president of global infrastructure services at IT service provider DXC Technology. In many organizations, unofficial AI usage already exceeds sanctioned deployments by several multiples. Worse, he said, IT teams often have very little visibility into where and how these tools are being used.

From rollout to invisible adoption

What’s happening inside enterprises doesn’t resemble a coordinated rollout. It looks more like a distributed shift in how work gets done.

Employees are experimenting with AI assistants and no-code tools, building apps and automating workflows — often independently and without IT’s knowledge. In many cases, these efforts start as small productivity experiments but quickly evolve into shared tools that influence team-level or even business-critical processes.

In earlier waves of technology adoption, that activity was constrained by budget and formal approval processes. Those constraints have largely disappeared, replaced by tools that are easy to access, inexpensive, and often already familiar from personal use.

“The world used to have a finite number of software products you could buy,” said Jonathan Tushman, CTO and chief AI officer at Hi Marley, an AI platform for the insurance sector. “Now we have access to an infinite amount of software.”

Instead of selecting tools from a catalog, employees can now create what they need on demand. Andrea Malagodi, CTO at Sonar, which makes software to boost developers’ code quality and security, sees this across business functions. A finance employee experimenting with generative AI can assemble a working internal application in days — something that once required a development team, formal requirements, and months of work.

“The challenge isn’t that this is entirely new,” he said. “It’s that it’s happening much, much faster.”

Why AI sprawl is harder to contain

Speed alone does not explain the scale of the problem. What makes AI sprawl different is how it manifests — and how it enters the organization.

In the SaaS era, applications were still tied to vendors, contracts, and systems of record. AI, by contrast, appears in fragments: scripts, agents, workflows, and embedded features that may not be visible as standalone systems.

Alla Valente, principal analyst at Forrester Research, sees AI sprawl emerging from multiple directions. Some of it is driven by formal initiatives, but a growing share comes from unsanctioned employee usage or as new features added to existing software and services.

Many vendors are adding AI capabilities to products companies already use, often without those features being fully tracked or categorized. In some cases, these capabilities are enabled by default or introduced through routine updates, making them easy to miss.

“AI is entering organizations as embedded features of existing software as much as through structured procurement of AI tools,” Valente said.

That creates a fundamental inventory problem. Even when applications are known, the AI functionality within them may not be vetted, documented, or understood. And beyond enterprise systems, employees are also using free or low-cost tools that never go through procurement processes. As a result, organizations may be using AI in far more places than they realize.

Organizations are trying to regain visibility using indirect signals such as expense reports, network traffic, and employee surveys, but those methods only capture part of the picture.

“I’ve yet to see any organization take a serious look at how AI is being used internally and not be surprised,” DXC’s Drumgoole said.

Employees are not necessarily trying to bypass IT, but they are often reluctant to disclose their use of AI tools if they believe access might be restricted or taken away.

“They’re afraid they’re going to get shut down,” he said.

Risk is scaling faster than governance

As Valente notes, the pace of AI innovation is outstripping governance. Risks are evolving faster than policies and controls, leaving organizations to manage them in real time rather than through established frameworks.

One of the most immediate concerns is data exposure. Employees experimenting with AI tools may upload sensitive information including financial data, engineering designs, or customer records without fully understanding how that data is handled or where it might end up.

“A financial analyst trying to do the right thing might upload non-public information into a model,” Drumgoole said. “Now it’s out there.”

There is also growing concern about AI-generated outputs. These systems often produce responses that sound authoritative but are incorrect (colloquially known as “hallucinations”), increasing the risk that flawed information enters business decisions or operational workflows.

Cost is another factor. As AI usage spreads organically across teams, expenses can escalate quickly, often in ways that are difficult to track or attribute to specific business value.

Malagodi from Sonar points to a different issue that often surfaces later: ownership. When employees create tools independently, it is not always clear who is responsible for maintaining them, validating outputs, or answering for failures. Over time, these tools can become embedded in workflows, even as their creators move on.

“If an auditor asks why a number is what it is, and the answer is ‘because someone built a tool,’ that’s a problem,” he said.

The IT balancing act

The challenge is not just managing risk, but balancing it against the need for innovation.

Traditional governance models rely on review and approval before deployment. That approach breaks down when tools are created and adopted faster than those processes can operate.

By the time IT becomes aware of a tool, it may already be in use — and shutting it down can have unintended consequences, including disrupting productivity or pushing usage further underground.

“The organizations that are managing risk really well, from a traditional standpoint, may actually be the ones losing,” Drumgoole said. “That’s because they’re not getting the innovation.”

Rather than trying to prevent AI usage, many organizations are shifting toward defining how it can occur safely, accepting that some level of experimentation is both inevitable and necessary.

“Instead of saying no, you have to show up as the Department of Yes,” Drumgoole said.

As organizations begin to understand the scope of the problem, attention is shifting from diagnosis to action.

5 ways to bring AI sprawl under control

While no organization has fully solved AI sprawl, patterns are emerging in how forward-thinking companies are responding. Those responses point to five practical steps CIOs can take now.

1. Build real visibility, not just inventories.

Traditional inventories are no longer enough. AI is being used through personal accounts, embedded in third-party tools, and created internally in ways that rarely appear in standard systems.

As Valente notes, much of the challenge stems from not knowing where AI is operating — particularly when it enters through third-party applications or is used outside formal procurement processes.

Leading organizations are starting to combine telemetry, identity systems, and usage data to build a more dynamic view of AI activity. Some are introducing internal registries to track applications, agents, and workflows as they emerge.

2. Replace control with enforceable guardrails.

Blocking AI usage outright is impractical. Instead, organizations are defining clear rules around data use, model access, and acceptable use cases, and enforcing those rules through technical controls.

“It’s a lot of rudimentary stuff,” Drumgoole said, pointing to basic but critical measures such as restricting access to sensitive data and setting clear usage boundaries.

The shift, he added, is toward enabling safe use rather than trying to prevent it altogether.

3. Formalize what works.

Employees can now build useful tools in days. Turning those into enterprise assets requires structured intake processes that evaluate what has been created and determine what should be scaled.

As Malagodi emphasized, organizations need a way to take employee-built tools and bring them into a managed environment, with defined ownership, auditability, and governance. Without that step, useful innovations risk becoming unmanaged liabilities.

4. Build infrastructure for continuous creation.

AI sprawl reflects a deeper shift: software is no longer built only by IT.

Organizations need to provide internal platforms, hosting environments, and standardized patterns that allow employees to build safely within the enterprise. Tushman at Hi Marley points to the need for new infrastructure layers — including internal registries, hosting environments, and AI operations capabilities — to support this model.

5. Extend governance to vendors and third parties.

A growing share of AI is not built internally at all; it is introduced through vendors, partners, and existing software providers.

Valente warns that many organizations are already using AI through third parties without realizing it, because those capabilities are embedded in tools they already trust. “You are likely not classifying them as AI vendors,” she said, even as those tools process enterprise data.

Leading organizations are responding by tightening vendor oversight: adding AI-specific questions to RFPs, updating contracts to address data use and model behavior, and aligning third-party expectations with internal AI policies.

AI sprawl is no longer a future risk. It is already part of the enterprise — and increasingly, part of how work gets done. The challenge for CIOs is not to stop it, but to shape it, building enough structure to manage risk without slowing the innovation that makes it valuable in the first place.

Related reading:

• Gartner sees untamed growth in agentic AI
• New agentic AI tools bring new threat: agent sprawl
• Taming agent sprawl: 3 pillars of AI orchestration

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is [email protected]

Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. [...]

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte) Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]

A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]

A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. "Fast16's hook engine is selectively interested in Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems.  [...]

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana said in a series of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]