AI-Driven Cyberattacks Set to Target Mexico’s Critical Industries

Mexico faces a critical surge in cyberattacks against infrastructure in 2026, driven by autonomous AI and a chronic lack of specialized investment. Data indicates the country remains the second most targeted nation in Latin America, facing sophisticated ransomware and systemic vulnerabilities that jeopardize the energy, banking, and government sectors.

The complexities of the security environment in Mexico stems from the rapid transition of AI from a supportive tool to an autonomous offensive agent. Criminal organizations now utilize advanced models to automate the identification and exploitation of system weaknesses at speeds that exceed human defensive capabilities.

"The tools of AI will search for and exploit zero-day vulnerabilities without a human needing to touch a keyboard," says Konstantin Levinzon, CEO, Planet VPN. "It is almost certain that we will see these types of autonomous attacks this year."

Levinzon notes that while AI previously allowed criminals to organize and accelerate attacks, the current landscape involves agents capable of operating independently. This shift is supported by evidence from Anthropic, which revealed a campaign where its Claude platform performed between 80% and 90% of operations autonomously. Furthermore, models such as Evil GPT are now available on the dark web for as little as US$10, lowering the barrier to entry for low-skilled actors while expanding the reach of experienced cybercriminals.

A Record Volume of Intrusions and Global Risk Trends

Mexico’s vulnerability is not new, but the scale of the threat has reached unprecedented levels. As MBN previously reported, Mexico recorded over 40 billion cyberattack attempts during 1Q25. This volume confirms the status of the country as a primary target for professionalized cybercrime in the region.

The World Economic Forum (WEF), in collaboration with Accenture, identifies three dominant risks for 2026: vulnerabilities related to AI, geopolitical attacks, and a global expansion of fraud. In the Global Cybersecurity Outlook 2026 report, the organization highlights that 73% of respondents were affected by cyber fraud or knew a victim in 2025. Jeremy Jurgens, Managing Director, WEF, says that cyber fraud has become one of the most disruptive forces in the digital economy, undermining trust and distorting markets.

In Latin America and the Caribbean, confidence in national capacities to manage serious cyber incidents is notably low. While trust levels reach 84% in the Middle East, they drop to 13% in the Latin American region. This disparity reflects a growing gap between highly resilient organizations and those falling behind due to a lack of resources and specialized skills.

Ransomware and Sectoral Impact

In Mexico, ransomware has transitioned from an isolated event to a structural risk for the institutional and productive operations of the country. IQSEC reports that the number of Mexican organizations with data exposed on leak portals doubled in 2025 compared to 2024, reaching 74 confirmed cases.

Fernando Guarneros, Director of Operations, IQSEC, says that ransomware is now a systemic risk that causes service interruptions and long-term economic damage. Guarneros notes that the government and education sectors have become primary targets, surpassing industries like manufacturing. International criminal groups, including Qilin, Kazu, and CL0P, have gained prominence by utilizing highly targeted deception campaigns and double extortion strategies.

The economic response to these threats remains insufficient despite a growing market. Industry data project Mexico’s cybersecurity market to have a value of US$3 billion. This represents a growth rate of 9.2% compared to 2025. However, the Organization of American States (OAS) and the Inter-American Development Bank (IDB) describe the situation as "chronic underinvestment."

The lack of specialized talent further complicates the defense architecture. The WEF reports that 65% of organizations in Latin America and the Caribbean do not have the necessary skills to meet their security objectives. This deficit is particularly visible in areas such as digital forensic analysis and complex incident response.

Regulatory Challenges and Strategic Execution

Victor Ruiz, Founder, SILIKN, says the central problem in Mexico is the persistent distance between the design of strategies and their effective execution. Although the state has integrated cybersecurity into high-level instruments like the National Development Plan and created the Digital Transformation and Telecommunications Agency in 2025, these actions have not led to meaningful changes.

Ruiz claims that the national defense architecture is fragmented and relies excessively on reactive measures. While attacks evolve with technical efficiency and automated business models, the judicial system faces difficulties in processing cybercrimes due to a lack of training in the chain of custody for digital evidence.

The trajectory of the country through the remainder of 2026 will depend on the implementation of the National Cybersecurity Plan 2025–2030. To build meaningful resilience, the allocated budget must translate into tangible technical capabilities, such as multi-factor authentication, network segmentation, and isolated backup schemes.