AI Security Statistics in US 2026 | Key Facts, Threats & Defense Data

AI Security Statistics in US 2026 | Key Facts, Threats & Defense Data

  • Post category:Tech

AI Security in America 2026

Artificial intelligence has fundamentally transformed the cybersecurity landscape in the United States, simultaneously empowering defenders with unprecedented detection capabilities while arming cybercriminals with tools that lower the barrier to launching sophisticated, high-volume, and deeply convincing attacks. For the first time in its 25-year history, the FBI’s Internet Crime Complaint Center (IC3), the nation’s primary federal repository for cybercrime data, introduced a dedicated “artificial intelligence” crime descriptor in its 2025 Annual Report, released on April 7, 2026. The findings were striking: 22,364 AI-related complaints were filed with the IC3 in 2025, generating adjusted losses exceeding $893 million — a figure the FBI itself acknowledges is almost certainly a significant undercount, since most victims never recognise that AI tools were used against them in the first place. This inaugural AI classification appeared within a broader national cybercrime picture that broke every previous record: total IC3 losses reached $20.877 billion in 2025, a 26% year-on-year increase from $16.6 billion in 2024, with the IC3 receiving more than one million total complaints for the first time in its history — averaging nearly 3,000 complaints per day.

What makes the 2026 AI security landscape especially consequential is the speed and scale at which AI is reshaping both the threat environment and the defensive posture of American organisations. The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 94% of global security leaders now identify AI as the single most significant driver of cybersecurity change, while a parallel HiddenLayer survey of 250 IT leaders confirmed that 74% had already experienced a confirmed AI-related breach in the past year. Yet the same technology is delivering measurable defensive gains: organisations deploying AI and automation in their security operations contained breaches 108 days faster than those without such tools, according to IBM’s Cost of a Data Breach Report 2025, and saved an average of $2.22 million per incident compared to peers relying on traditional security approaches alone. This article draws exclusively on verified data from the FBI IC3 Annual Report 2025, IBM Cost of a Data Breach Report 2025, the World Economic Forum, NIST, OWASP, Gartner, Microsoft, and HUMAN Security, to present an accurate, comprehensive statistical picture of AI security in the United States in 2026.

AI Security Key Facts in the US 2026

Before exploring detailed statistical breakdowns, the following key facts establish the fundamental scope, threat landscape, and defensive investment that define AI security across America today.

AI SECURITY KEY FACTS SNAPSHOT — US 2026
==========================================

  Total US Cybercrime Losses (2025, FBI IC3)   ████████████████████  $20.877 billion (+26% YoY)
  AI-Related Complaints (IC3, 2025)              ████░░░░░░░░░░░░░░░░  22,364 (first-ever IC3 category)
  AI-Related Losses (IC3, 2025)                   ████░░░░░░░░░░░░░░░░  $893 million
  BEC Losses (2025, FBI IC3)                        ████████████████████  $3.046 billion (#2 loss type)
  Phishing Loss Growth (2024→2025)                   ████████████████████  +208% ($70M → $215.8M)
  US Avg. Data Breach Cost (IBM 2025)                 ████████████████░░░░  $9.36 million
  Global AI Cybersecurity Market (2025)                ████████████████░░░░  $28.5–$34.1 billion
  AI in Cyber Defense: Breach Cost Saving               ████████████████░░░░  $2.22 million per org
Key Fact Detail
Total US cybercrime losses (2025, FBI IC3 Annual Report) $20.877 billion (+26% from $16.6B in 2024)
Total IC3 complaints received (2025) 1,008,597 (first time exceeding 1 million)
AI-related complaints (2025, first-ever IC3 AI category) 22,364 complaints
AI-related losses (2025, FBI IC3) $893 million (acknowledged floor, not ceiling)
Largest AI-related loss category Investment fraud, $632 million
AI-related BEC losses $30 million (AI component within broader $3.046B BEC total)
Business email compromise (BEC) total losses (2025) $3.046 billion (second-largest crime type by loss)
Phishing losses (2025) $215.8 million (+208% year-on-year from $70M in 2024)
Cumulative cybercrime losses, 2020-2025 $71.3 billion (~400% increase from $4.2B in 2020)
Average US data breach cost (IBM, 2025) $9.36 million (nearly double the $4.88M global average)
AI cybersecurity market size (2025) $28.51 to $34.10 billion globally
AI in security: average breach cost saving per organisation $2.22 million (IBM Cost of a Data Breach Report 2025)
AI in security: breach detection time reduction 108 days faster (277 days → 174 days average)
94% of WEF leaders Identify AI as the single most significant cybersecurity change driver

Source: Federal Bureau of Investigation (FBI), 2025 Internet Crime Report (IC3 Annual Report), released April 7, 2026, ic3.gov; IBM, Cost of a Data Breach Report 2025; World Economic Forum, Global Cybersecurity Outlook 2026; Gartner, Information Security Forecast Q3 2025

The $20.877 billion in cybercrime losses recorded by the FBI IC3 in 2025 represents both an absolute record and a trajectory that shows no sign of reversal: cumulative losses over the five years from 2020 to 2025 exceeded $71.3 billion, a nearly 400% increase from the $4.2 billion recorded in 2020 alone, confirming that the scale of digital crime in America has been growing at a pace that fundamentally outstrips most other categories of economic harm. Within this context, the FBI’s decision to classify AI-related crime as a formal reporting category for the first time in the 2025 IC3 report marks a definitional and institutional acknowledgement that AI has crossed the threshold from an emerging threat factor to a mainstream criminal tool — one whose influence now permeates investment fraud, business email compromise, voice cloning scams, and identity theft at a scale measurable in hundreds of millions of dollars.

The $9.36 million average cost of a US data breach, as calculated by IBM’s 2025 Cost of a Data Breach Report, is nearly double the $4.88 million global average, reflecting both the scale of American enterprise targets, the maturity and aggressiveness of threat actors focused on the US market, and the US legal and regulatory environment that imposes notification, remediation, and liability costs that many international peers do not face to the same degree. The US also accounts for 24.8% of all analysed cyberattacks globally, making it the most targeted country in the world, a statistic confirmed by multiple independent threat intelligence sources and reinforced by the reality that American organisations hold the world’s highest concentration of financially valuable data, intellectual property, and critical infrastructure.


AI-Powered Cyber Threats in the US 2026

AI has supercharged the offensive capabilities of cybercriminals, enabling attacks that are faster, cheaper to execute, and far more convincing than anything achievable with pre-AI social engineering or malware development, with measurable consequences across every major attack category.

AI-POWERED THREAT GROWTH — US & GLOBAL DATA 2025-2026
========================================================

AI-assisted attack volume increase (2024→2025)  ████████████████████  +72%
Phishing attacks powered by GenAI                ████████████████████  +1,265% since ChatGPT launch
Voice phishing (vishing) attacks YoY increase     ████████████████████  +442% (H1→H2 2024)
Post-login account compromise attempts (per customer) ████████████████░░░░  402,000/customer (+300% YoY)
Fake account creation attempt growth (2024→2025)   ████████████████████  +89%
Global attack volume increase from 2022 to 2025     ████████████████████  +138%
AI-generated phishing open rate                       ████████████████████  78% (vs ~20% traditional)
Average detection time: AI-assisted breach            ██░░░░░░░░░░░░░░░░░░  11 minutes to penetrate
AI Threat Metric Statistic Source
AI-assisted attack volume increase (2024 to 2025) +72% Total Assure, citing 2025 threat intelligence data
Phishing surge since generative AI tools became widely available +1,265% SlashNext State of Phishing Report, 2025
AI-generated phishing email open rate 78% (vs ~20% for traditional phishing) 2025 cybersecurity threat data
AI-generated phishing click-through rate 21% Same source
Voice phishing (vishing) attack increase (H1 to H2 2024) +442% Cisco/industry threat reports
AI voice cloning market value (2025) $3.5 billion globally AI threat landscape research, 2025
1 in 10 adults globally Has experienced an AI voice scam McAfee/industry survey, 2025
Post-login account compromise attempts per customer (2025) 402,000 (quadrupled from ~100,000 in 2024) HUMAN Security, 2026 State of AI Traffic Report
Fake account creation growth (2024 to 2025) +89% (after +259% the prior year) HUMAN Security, 2026 State of AI Traffic Report
Global attack volume increase (2022 to 2025) +138% HUMAN Security, 2026 State of AI Traffic Report
Average time for AI-assisted breach to penetrate defences 11 minutes (vs days or weeks for traditional attacks) 2025 threat intelligence analysis
NIST increase in AI-specific CVEs since 2022 More than 2,000% NIST National Vulnerability Database (NVD)
Prompt injection: #1 vulnerability category for LLM applications Top of OWASP LLM Top 10, 2025 OWASP, 2025

Source: FBI, 2025 IC3 Annual Report, April 2026; HUMAN Security, “2026 State of AI Traffic & Cyberthreat Benchmark Report,” April 2026; SlashNext, 2025 State of Phishing Report; OWASP, Top 10 for LLM Applications, 2025; NIST National Vulnerability Database (NVD); Cisco, 2025 Cybersecurity Readiness Index

The 1,265% surge in phishing attacks since generative AI tools became widely accessible represents one of the starkest quantitative illustrations of AI’s dual-use threat. Traditional phishing campaigns were constrained by the obvious grammatical errors, awkward phrasing, and generic formatting that trained employees could learn to spot. AI-generated phishing emails eliminate these tells entirely, producing contextually personalised messages that match a CEO’s known writing style, reference recent company events, and pass basic linguistic scrutiny — factors that explain why AI-generated phishing achieves a 78% open rate compared to the roughly 20% typical of traditional campaigns. When this capability is combined with phishing-as-a-service (PhaaS) platforms that give low-skill criminals access to turnkey attack kits, the result is a democratisation of high-quality phishing that the FBI IC3 data directly validates: phishing complaint volumes barely changed in 2025 (191,561 vs 193,407), but financial losses from phishing tripled from $70 million to $215.8 million, confirming that AI is making each individual attack far more financially destructive.

The HUMAN Security 2026 State of AI Traffic & Cyberthreat Benchmark Report — drawing on platform-level data rather than self-reported complaint figures — captures dimensions of AI-driven attack scaling that the FBI IC3 data alone cannot. The finding that post-login account compromise attempts quadrupled from approximately 100,000 to 402,000 per customer in 2025 illustrates how AI is enabling attackers to shift from crude brute-force credential attacks to sophisticated post-authentication exploitation that abuses session tokens, manipulates account settings, and maintains persistent access after a legitimate user has already logged in. Similarly, the 138% increase in overall attack volume between 2022 and 2025 tracked across the HUMAN platform demonstrates that the threat environment is expanding at a structural rate that reflects AI’s role in enabling automation at previously impossible scales — with only half of one percent separating benign automated traffic from malicious automated traffic across the entire universe of interactions the platform analysed, a razor-thin margin that highlights why distinguishing legitimate from malicious automation has become one of the most technically demanding challenges in modern cybersecurity.


AI-Related Cybercrime Losses by Category in the US 2026

The FBI IC3’s first-ever breakdown of AI-related crime losses across specific categories provides the clearest government-verified picture of exactly where AI is generating measurable financial harm for American victims.

AI-RELATED CYBERCRIME LOSSES BY CATEGORY — US 2025 (FBI IC3)
==============================================================

Total AI-related losses (22,364 complaints)   ████████████████████  $893 million
  Investment fraud (AI component)              ████████████████████  $632 million (70.8% of AI total)
  BEC with AI component                          ███░░░░░░░░░░░░░░░░░  $30 million
  Tech support (AI component)                     ███░░░░░░░░░░░░░░░░░  $19.5 million

BROADER CYBERCRIME LOSSES (ALL CATEGORIES, 2025):
  Investment fraud (total)   ████████████████████  $8.648 billion
  BEC (total)                  ████████████░░░░░░░░  $3.046 billion
  Tech support scams (total)    ████████░░░░░░░░░░░░  $2.134 billion
  Cryptocurrency (total)         ████████████████████  $11.36 billion (highest crypto losses ever)
  Phishing (total)                ██░░░░░░░░░░░░░░░░░░  $215.8 million (+208% YoY)
  Government impersonation         ███░░░░░░░░░░░░░░░░░  $797.9 million (nearly doubled)
Crime Category / AI Loss Metric Losses (2025) Source
Total AI-related losses (22,364 complaints, FBI IC3) $893 million FBI, 2025 IC3 Annual Report
Largest AI loss category: investment fraud $632 million Same source
AI-component BEC losses $30 million Same source
AI tech support scam losses $19.5 million Same source
Total investment fraud losses (all categories) $8.648 billion (#1 crime by loss) Same source
Total BEC losses (all categories) $3.046 billion (#2 crime by loss) Same source
BEC complaints filed (2025) 24,768 (2.5% of complaints, ~15% of all losses) Same source
Total tech support scam losses $2.134 billion Same source
Total cryptocurrency-related losses $11.36 billion (record high) Same source
Total phishing losses $215.8 million (+208% from $70M in 2024) Same source
Government impersonation losses $797.9 million (complaints doubled to 32,424) Same source
Ransomware complaints (2025) 3,611 (losses exceeding $32 million in reported costs) Same source
Americans over 60: total losses (2025) $7.7 billion (+37% from 2024) Same source

Source: Federal Bureau of Investigation (FBI), 2025 Internet Crime Report, Internet Crime Complaint Center (IC3), released April 7, 2026, ic3.gov; Alston & Bird Privacy, Cyber & Data Strategy Blog, April 10, 2026, summarising IC3 2025 findings

The $632 million in AI-related investment fraud losses — representing more than 70% of all AI-tagged losses in the FBI’s 2025 report — reflects the devastating effectiveness of AI-generated synthetic content in sustaining the “pig butchering” and romance investment scam model, where victims are cultivated over weeks or months through AI-powered chatbots that maintain consistent, personalised, emotionally engaging communication at a scale that human operators alone could never sustain. These scams, which the FBI IC3 categorises as the single largest driver of overall losses at $8.648 billion across all variants, fundamentally depend on maintaining credibility over extended timeframes — a task for which AI-generated conversational agents are uniquely well-suited, since they can operate 24 hours a day, tailor responses to a victim’s emotional state and financial circumstances, and present consistent synthetic identities complete with AI-generated profile photographs, fabricated social media histories, and deepfake video calls.

The parallel finding that BEC losses reached $3.046 billion in 2025 — with AI now confirmed as a component in at least $30 million of that total, though the true AI-contribution figure is widely believed to be far higher — illustrates how AI is eroding the last reliable defences against business email fraud. Traditional BEC detection training taught employees to look for generic language, imperfect email formatting, and requests that felt slightly “off.” AI tools allow attackers to generate emails that precisely match a known executive’s writing style, include accurate references to current company projects, and follow up with AI-cloned voice calls that replicate a CFO’s voice — the exact technique the FBI’s IC3 report describes when it references voice cloning used to confirm fraudulent wire transfer instructions. The per-complaint loss average for BEC of over $122,000, derived from 24,768 complaints generating over $3 billion, confirms that these are not small-scale individual frauds but targeted, high-value attacks against corporate financial workflows.


AI Threats Across US Industries in 2025

Industry-specific data reveals that no sector of the American economy is insulated from AI-augmented cyber threats, though healthcare, financial services, and critical infrastructure face distinctly elevated exposure given the nature and value of the data they hold.

AI CYBER THREAT EXPOSURE BY US INDUSTRY — 2025
=================================================

Healthcare average breach cost (2025)    ████████████████████  $9.77 million (#1 for 13th year)
Defense sector average breach cost        ████████████░░░░░░░░  $5.46 million
Banking cyberattacks increase             ████████████████████  +280% since pre-AI baseline
Healthcare ransomware attacks (2025)      ████████████████████  460 (highest critical infrastructure sector)
Healthcare data breaches (2025)            ████████████████░░░░  182 (highest critical infrastructure sector)
98% of organisations                        ████████████████████  Use SaaS apps with embedded AI
Fewer than 30%                               █████░░░░░░░░░░░░░░░  Have formal AI vendor risk assessment
CISA #1 emerging threat                       ████████████████████  AI-assisted critical infrastructure attacks
Industry / Sector Metric Statistic Source
Healthcare average data breach cost (2025) $9.77 million — highest of any industry, 13th consecutive year IBM Cost of a Data Breach Report 2025
Healthcare ransomware attacks (2025, critical infrastructure) 460 attacks (highest of any critical infrastructure sector) FBI, 2025 IC3 Annual Report
Healthcare data breaches (2025, critical infrastructure) 182 data breaches (highest of any critical infrastructure sector) Same source
Defense sector average breach cost $5.46 million Preveil, citing industry breach data
Defense sector: organizations breached in past 12 months Over 80% Same source
Banking sector cyberattack increase +280% since pre-AI baseline AllAboutAI, citing industry reports
CISA-identified #1 emerging threat category AI-assisted attacks on critical infrastructure CISA, cited in Practical DevSecOps report, 2026
Organisations using SaaS apps with embedded AI 98% Industry survey, 2025
Organisations with formal AI vendor risk assessment Fewer than 30% Same source
North America AI-related breach increase (2025 vs prior year) +39% year-on-year (highest regional spike globally) 2025 cyberthreat intelligence data
US share of all analysed cyberattacks globally 24.8% (most targeted country) Multiple threat intelligence sources

Source: IBM, Cost of a Data Breach Report 2025; FBI, 2025 IC3 Annual Report, April 2026; CISA, cited in Practical DevSecOps, “AI Security Statistics 2026,” March 2026; HiddenLayer, 2025 AI Threat Landscape Report

Healthcare’s 13th consecutive year as the most expensive industry for data breaches — at $9.77 million average per incident in 2025 — reflects the unique combination of factors that make American hospitals, health systems, and insurance companies such high-value targets: the extreme sensitivity and permanence of health data (a stolen credit card can be cancelled, a health record cannot), the life-or-death operational pressure that forces many systems to pay ransoms quickly rather than accept the patient safety risks of prolonged downtime, and the legacy technology infrastructure that many healthcare providers operate, which was often designed and installed before modern cybersecurity requirements existed. The 460 ransomware attacks against the healthcare and public health sector in 2025 — more than against any other critical infrastructure category tracked by the FBI — confirms that ransomware gangs have deliberately calculated healthcare’s particular vulnerability to operational disruption as a lever for extracting payments.

The 98% of organisations using at least one third-party SaaS application with AI capabilities embedded — combined with the finding that fewer than 30% have a formal AI vendor risk assessment process — identifies what CISA has formally classified as the number-one emerging threat to US critical infrastructure: the exploitation of AI systems embedded in third-party tools and supply chains that organisations deploy without adequate security vetting. This dynamic, sometimes described as “shadow AI” — where AI tools are adopted by individual employees or departments without IT security review — creates attack surfaces that are genuinely new and for which traditional security frameworks were not designed. The OWASP Top 10 for LLM Applications 2025, which ranks prompt injection as the single most dangerous vulnerability category for AI systems, and the NIST National Vulnerability Database’s confirmation of a more than 2,000% increase in AI-specific Common Vulnerabilities and Exposures (CVEs) since 2022, provide the technical evidence base for why unsecured AI infrastructure in enterprise environments represents such a rapidly expanding attack surface.


AI in Cybersecurity Defence in the US 2025

Defensive AI has moved from an optional enhancement to a fundamental requirement within US enterprise security operations, with measurable performance gaps now separating organisations that have invested in AI-powered defence from those still relying primarily on traditional security approaches.

AI DEFENCE ADOPTION & EFFECTIVENESS — US 2025
===============================================

Enterprises deploying security AI (IBM 2025)       ████████████████████  51% (two in three SOCs)
Average breach cost saving with AI defence          ████████████████████  $2.22 million per org
Breach detection time with AI                        ████████████████░░░░  174 days (vs 277 without)
Mean time to detect (MTTD) reduction                  ████████████████░░░░  −50% with AI-augmented SOC
Manual triage workload reduction (AI-augmented SOC)    ████████████████░░░░  −60%
Global information security spending (2026, Gartner)    ████████████████████  $244.2 billion (+13.3% YoY)
Orgs assessing AI security pre-deployment (2025 vs 2024) ████████████████████  64% (up from 37%)
Microsoft: AI-powered fraud blocked (Apr 2024–Apr 2025)  ████████████████████  ~$4 billion thwarted
AI Defence Metric Statistic Source
Enterprises deploying security AI or automation (2025) 51% IBM Cost of a Data Breach Report 2025
Two-thirds of organisations Now deploy AI and automation across SOC environments IBM, 2025
Average breach cost saving: extensive AI deployment vs none $2.22 million per organisation IBM Cost of a Data Breach Report 2025
Average breach detection time with extensive AI 174 days (down from 277 days without AI) Same source
AI in security: breach containment days saved 108 days faster Same source
MTTD reduction in AI-augmented SOC −50% (mean time to detect) Practical DevSecOps, citing IBM/industry data
Manual triage workload reduction (AI-augmented SOC) −60% Same source
SOC analysts handling more alerts with AI assistance 68% report 2–3x more alerts processed per analyst IBM/industry survey data, 2025
AI defence: first-year positive ROI 74% of adopters; 88% among early adopters Industry survey data, 2025
Global information security spending (2026, Gartner forecast) $244.2 billion (+13.3% year-on-year) Gartner Q3 2025 Information Security Forecast
AI cybersecurity market CAGR (Gartner) 74% CAGR; AI data security at 155% CAGR Same source
Microsoft AI-powered fraud thwarted (April 2024–April 2025) Approximately $4 billion Microsoft Cyber Signals Issue 9, April 2025
Microsoft: bot signup attempts blocked per hour 1.6 million Same source
Organisations assessing AI security pre-deployment (2025) 64% — doubled from 37% in 2024 WEF Global Cybersecurity Outlook 2026

Source: IBM, Cost of a Data Breach Report 2025; Gartner, Information Security Forecast Q3 2025; Microsoft, Cyber Signals Issue 9, April 2025; World Economic Forum, Global Cybersecurity Outlook 2026; Practical DevSecOps, “AI Security Statistics 2026 Research Report,” March 2026

The $2.22 million average breach cost saving per organisation for those deploying AI and automation extensively in their security operations — and the 108-day reduction in breach containment time — represent some of the most compelling and concrete return-on-investment data points the cybersecurity industry has produced in recent years. These figures, drawn from IBM’s annual benchmark study covering hundreds of global organisations, translate directly into both financial resilience and strategic positioning: the 174-day average breach detection time for AI-equipped organisations versus 277 days for those without means that AI-powered defenders identify intrusions during the period when attackers have access but before they have fully exfiltrated data, monetised ransomware, or established persistent backdoors that are far more expensive to eradicate. The 68% of security analysts who report handling two to three times more alerts per analyst with AI assistance reflects a genuine workforce productivity multiplier that is particularly important given the well-documented global cybersecurity skills shortage that leaves most American organisations chronically understaffed in their security operations centres.

Gartner’s projection of $244.2 billion in global information security spending in 2026 — growing at 13.3% year-on-year, with AI cybersecurity specifically growing at a 74% CAGR and AI data security at 155% CAGR — confirms that the market is responding to the AI threat environment with substantial capital commitment. The WEF’s finding that the share of organisations conducting formal AI security assessments before deploying AI tools nearly doubled from 37% to 64% in a single year suggests that organisational maturity around AI-specific risk is accelerating rapidly, driven partly by regulatory pressure — the EU AI Act’s enforcement provisions take effect in August 2026, and the SEC’s cybersecurity disclosure rules now require material AI-related incidents to be reported via Form 8-K within four business days — and partly by the growing volume of well-publicised AI-related breaches and fraud losses that have made the business case for investment undeniable. Microsoft’s confirmation that its AI-powered security systems thwarted approximately $4 billion in AI-powered fraud between April 2024 and April 2025, while blocking 1.6 million bot signup attempts per hour, provides perhaps the clearest single illustration of the scale at which the AI security arms race is now being fought — and the magnitude of the losses that proactive AI-powered defence is capable of preventing.

Disclaimer: The data research report we present here is based on information found from various sources. We are not liable for any financial loss, errors, or damages of any kind that may result from the use of the information herein. We acknowledge that though we try to report accurately, we cannot verify the absolute facts of everything that has been represented.

📩Subscribe to Our Newsletter

Get must-read Data Reports, Global Insights, and Trend Analysis — delivered directly to your inbox.