Kaspersky 2026 SMB Threat Report: AI Lures Surge Fivefold, Over 33,000 Attacks Detected
Kaspersky's 2026 SMB threat report reveals a fivefold increase in attacks disguised as AI tools, with over 33,300 incidents in early 2026, and highlights that most dark-web corporate access sales target small businesses.
Small and medium-sized businesses (SMBs) remain prime targets for cybercriminals, and a new report from Kaspersky shows that attackers are increasingly leveraging the hype around artificial intelligence to trick employees. In the first four months of 2026, Kaspersky solutions detected over 33,300 attacks on SMBs that masqueraded as popular AI tools like Claude and OpenClaw — a nearly fivefold increase compared to the same period in 2025. The report, released ahead of International SMB Day on June 27, also found that fake messenger and video conferencing apps were used in nearly 415,000 attacks, underscoring the persistent threat of social engineering.
The surge in AI-themed lures reflects a broader trend: threat actors follow the technology curve. As businesses adopt AI tools for productivity, cybercriminals create malicious files disguised as legitimate AI applications. Kaspersky identified more than 1,100 unique malware samples mimicking AI apps, primarily Trojans capable of downloading additional payloads. These Trojans can steal, delete, or modify data, posing a serious risk to SMBs that may lack robust cybersecurity defenses.
Beyond AI, attackers continue to exploit trust in communication and office software. From January to April 2026, Kaspersky blocked 414,736 attacks using fake messenger and video conferencing apps, a figure that remained high year-over-year. Additionally, over 24,000 attacks involved malicious files disguised as office applications and collaboration tools. The report notes that AI-related baits have now surpassed traditional office software lures in prevalence.
A key finding of the report is that the majority of initial accesses to corporate infrastructures sold on the dark web are allegedly accesses to SMBs. This is because SMBs often serve as trusted contractors for larger enterprises, making them an attractive entry point for supply chain attacks. Cybercriminals exploit weaker security postures at SMBs to gain a foothold and then pivot to more valuable targets.
Kaspersky emphasizes the importance of awareness and proactive defense. The company recommends that SMBs download software only from official sources, verify app availability across platforms, and implement robust security solutions. The report also highlights the need for employee training to recognize phishing attempts and fake software downloads.
The findings align with broader industry observations that SMBs are increasingly targeted by sophisticated campaigns. As AI tools become more integrated into business operations, the risk of AI-themed attacks will likely continue to grow. Kaspersky's data serves as a warning for SMBs to strengthen their cybersecurity posture before they become the next victim.