Rapid7 reveals global findings in latest cyber-threat report – SecurityBrief Australia

Cybersecurity firm Rapid7 warns that organisations worldwide are entering a period of escalating cyber risk, driven by advances in artificial intelligence, quantum computing, and geopolitical tension.

Compiled by Senior Threat Intelligence Researcher Jeremy Makowski, the report outlines how emerging technologies are fuelling a new era of cyber warfare – one where AI serves as both weapon and target in an accelerating arms race.

Attackers are now using generative AI, deep learning, and reinforcement learning to automate intrusions, craft adaptive malware, and run large-scale, personalised phishing campaigns. AI-powered underground services and autonomous threat agents are cutting response times to seconds, learning from failed attempts and exploiting vulnerabilities faster than most defences can react.

Deepfake technology and synthetic media are further eroding trust, enabling convincing social engineering scams that challenge even the most robust awareness programs. The report warns that off-the-shelf AI attack platforms could soon allow inexperienced actors to launch complex operations, dramatically expanding the threat landscape.

Rapid7 advises organisations to embed AI and machine learning into detection and response, enhance threat intelligence collaboration, and ensure transparency in defensive AI systems to meet tightening compliance expectations.

Quantum Computing Threats Loom

Rapid7 also highlights the looming disruption of quantum computing, warning that the technology could render today’s encryption systems – such as RSA and elliptic curve cryptography – obsolete. Algorithms capable of breaking these standards threaten to undermine the foundations of secure global communication and financial systems.

The paper points to an emerging risk in “harvest-now, decrypt-later” attacks, in which adversaries steal encrypted data today, waiting to unlock it once quantum capabilities mature.

As breakthroughs in quantum technology accelerate, the report predicts uneven adoption of post-quantum cryptography (PQC), creating a dangerous window for exploitation.

Organisations are urged to begin the shift toward PQC now, with coordinated international action deemed essential to mitigate the risks of a future quantum decryption crisis.

Cyber Conflict Goes Hybrid

Rapid7’s analysis warns of escalating state-sponsored cyber operations that merge digital, economic and physical tactics – an approach increasingly visible in ongoing global conflicts. These hybrid campaigns target critical infrastructure across energy, healthcare, communications and food supply networks, often blurring the lines between espionage, warfare and crime.

Attribution is becoming more difficult as nation-states employ proxy groups, AI-driven deception, and state-sanctioned criminal networks – sometimes referred to as “cyber privateering.” The report notes a growing convergence between hacktivism and government-linked cyber operations, intensifying the threat environment for both public and private sectors.

Rapid7 calls for deeper intelligence sharing, supply chain scrutiny, zero-trust architectures and regular crisis management drills to bolster resilience.

Regulation Tightens the Screws

Governments worldwide are tightening cybersecurity regulations, with boards and executives facing new layers of accountability.

Rapid7 predicts that compliance obligations will become more prescriptive and immediate, particularly following major data breaches.

Rules governing AI transparency, data provenance, and post-quantum readiness are expected to emerge unevenly across jurisdictions, creating a patchwork of regional mandates. Australia and the United States are likely to mirror the global shift toward rapid breach reporting, quantum transition planning, and executive-level liability for cyber risk management.

To stay ahead, organisations must automate compliance, assign clear board-level accountability, and engage proactively with regulators and policymakers.

People Still the Weak Link

Despite the rise of automation and machine learning, human error continues to be a dominant cause of cyber incidents.

The report warns that security fatigue, burnout, and insider risks – both accidental and malicious – will grow as the pace of technological and organisational change accelerates.

Attackers are beginning to exploit behavioural data and AI-driven psychometrics to manipulate individuals in real time. Rapid7 expects new approaches to workforce resilience, including immersive cyber simulations, AI-powered training, and stronger mental health support, to become essential components of a modern defence strategy.

Building Resilience for the Future

Rapid7 concludes that the convergence of AI innovation, quantum disruption, regulatory pressure and geopolitical volatility demands a fundamental shift in how organisations approach cybersecurity.

The company’s outlook positions cyber resilience as a strategic imperative, not just a technical one. Businesses are encouraged to view security as a driver of trust, innovation, and competitiveness – an essential foundation for stability in an era of accelerating digital conflict.