Research Report: 2026 State of the Underground

Download Now

Stay ahead of underground threats.

The threat landscape isn't quieting down. It's reorganizing. Some indicators declined in 2025, but a lower number is not a safer number. Ransomware groups attacks increased 19%, compromised credentials reached 2.8 billion unique sets, and AI is beginning to compress the time between vulnerability disclosure and active exploitation. The 2026 Bitsight State of the Underground draws on Bitsight Threat Intelligence (TI) to map where underground activity is shifting, who is driving it, and what that means for your organization.

Highlights include:

  • Ransomware volume and payment dynamics, and what declining payments signal about attacker strategy.
  • Why a 41% decline in observed breaches demands more scrutiny, not less.
  • How geopolitical tensions are shaping hacktivism, APT activity, and critical infrastructure targeting.
  • The role of frontier AI in shrinking the defender window between disclosure and exploit.

Download the report to understand how threats are evolving and where your organization may be exposed.

 

"The most important question for defenders is no longer just whether a vulnerability is severe — it is whether it is relevant to their environment, their sector, and their vendor ecosystem."
 
 - Bitsight Threat Intelligence

 

Download Now
Bitsight's State of the Underground 2025 Report Cover

Get your research

    • We will use your information to communicate with you about this contact form and other solutions and related resources that may be of interest to you. You may unsubscribe at any time. For more information, please see our Privacy Policy.

  • required
    Read more

    I consent to sharing this information with BitSight Technologies, Inc. (“Bitsight”) for sales and marketing communications, as detailed in our Privacy Policy. I understand I may unsubscribe.