On 9 June 2026, CrowdStrike published its 2026 Technology Threat Landscape Report. The headline finding is stark: technology has overtaken every other sector to become the most targeted industry in the world. The reason is not complicated. The most valuable intellectual property on the planet is now concentrated inside technology firms, and adversaries have adjusted their targeting accordingly.
For enterprises building or adopting agentic AI, the report carries a specific warning. The same capabilities that make AI agents transformative for business operations also make them a priority target for state-sponsored espionage, financially motivated crime and supply chain compromise. Security is no longer a separate workstream. It is a precondition for scaling.
What the report found
CrowdStrike's Counter Adversary Operations team tracks more than 280 named adversaries. Its latest report, drawn from frontline incident response and threat intelligence, reveals several trends that directly affect the agentic AI ecosystem.
China-nexus adversaries are targeting AI capabilities as industrial policy. Groups including MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA and WARP PANDA targeted technology organisations more than any other industry. MURKY PANDA's password-spraying campaign alone impacted more than 340 US-based entities. The objective is not disruption. It is theft of AI intellectual property and capabilities that Beijing cannot build fast enough domestically.
DPRK operatives are embedding inside technology firms using AI-enhanced personas. The FAMOUS CHOLLIMA group used AI-generated identities and US front companies to secure remote IT roles inside technology organisations. These intrusions accounted for 47% of all state-sponsored interactive operations against the sector. The revenue generated is channelled directly to the regime's weapons programmes.
Financially motivated attacks dominate. eCrime actors accounted for 65% of all interactive operations against technology firms. Initial access brokers advertised access to 277 technology organisations, a nearly 30% increase. Big game hunting adversaries named 572 technology entities on dedicated leak sites for extortion.
Adversaries are weaponising AI to scale attacks. eCrime groups used AI-generated scripts to dump credentials and erase forensic evidence at machine speed, collapsing the time defenders have to respond. Attackers also exploited surging AI adoption by distributing a novel macOS information stealer called Skrawl through fake OpenClaw extensions and counterfeit download sites impersonating legitimate AI tools.
Developer supply chains are under direct attack. STARDUST CHOLLIMA compromised the Axios NPM package, downloaded 100 million times per week, likely exposing millions of downstream users. Separately, prior to CrowdStrike's disruption of the Glassworm botnet, malware operators compromised 350 GitHub repositories to inject malicious code into JavaScript and Python projects.
Why this matters for agentic AI buyers
Enterprise buyers evaluating agentic AI platforms in 2026 are making procurement decisions against this threat landscape. The report makes several implications explicit.
Agent infrastructure is now high-value target infrastructure. AI agents typically require broad system access, integration with multiple enterprise applications, and persistent credentials. An agent that can read customer data, update CRM records, process invoices and orchestrate workflows is, by definition, a high-privilege entity. If adversaries are already targeting the technology sector at this intensity, enterprises deploying agents should expect their agent infrastructure to face similar attention.
Shadow AI expands the attack surface. The report notes that adversaries are exploiting unsanctioned AI tools and shadow deployments. When employees deploy agents or AI assistants outside official channels, those tools operate without the governance, monitoring and security controls that enterprise security teams rely on. The fake OpenClaw extensions and counterfeit AI tool sites are a direct example: users searching for popular AI tools can be tricked into installing malware.
Supply chain trust is fragile. The Axios NPM compromise and GitHub repository injections show that the tools used to build AI systems are themselves under attack. Enterprises adopting agentic AI need to understand not only the security posture of the agent platforms they buy, but also the integrity of the open-source libraries, models and development tools those platforms depend on.
Response time is shrinking. AI-generated attack scripts operate at machine speed. The window between initial compromise and credential dumping or forensic erasure is narrowing. Enterprise security operations need to match that speed with automated detection, response and containment, particularly for high-privilege agent accounts.
What this means for suppliers
For companies building and selling AI agent platforms, the CrowdStrike report is both a market validation and a competitive pressure point.
The validation is that agentic AI has become valuable enough to attract nation-state attention. That is a strong signal of market importance. The pressure is that security can no longer be treated as a feature to add later. Buyers will increasingly evaluate agent platforms on their security architecture from day one.
Suppliers should expect questions about runtime isolation, identity controls, audit logging, least-privilege access, supply chain integrity and incident response integration. Those that can demonstrate production deployments with clear security evidence, third-party validation and transparent vulnerability handling will differentiate themselves from competitors that treat security as a checkbox.
The report also highlights a specific risk for open-source agent tools. The fake OpenClaw extensions and counterfeit download sites show that popular open-source agent frameworks are being impersonated to distribute malware. Suppliers building on or distributing open-source components need to help users verify authenticity and maintain clear channels for security updates.
What enterprises should do now
The CrowdStrike report does not suggest enterprises should slow their agentic AI adoption. It suggests they should accelerate their security posture in parallel.
Key actions for enterprise security and procurement teams include mapping the full agent attack surface, including sanctioned and unsanctioned deployments; enforcing identity and access controls that treat agent accounts with the same rigour as human privileged accounts; monitoring agent behaviour for anomalous actions, particularly data exfiltration and unauthorised tool use; validating the integrity of open-source dependencies and model sources; and integrating agent security into existing security operations centres rather than treating it as a separate programme.
The Agentic Expo angle
Agentic Expo is built around market-ready AI agents. The CrowdStrike report is a reminder that market-ready also means security-ready. Buyers walking the floor at Olympia in March 2027 will not only ask what an agent can do. They will ask how it is protected, how its actions are audited, and what happens when an adversary targets it.
The suppliers that can answer those questions with evidence, not promises, will find a more receptive audience. The report makes clear that the organisations building and adopting AI are now the most targeted in the world. Security is not a cost centre holding back agentic AI. It is the foundation that makes scaled deployment possible.