Mexico is facing an alarming increase in cyberattacks targeting its infrastructure in 2026, primarily driven by advancements in autonomous AI and a persistent shortage of specialized investments. Data indicates that Mexico ranks as the second most targeted nation in Latin America, grappling with complex ransomware threats and systemic vulnerabilities that endanger the energy, banking, and government sectors.
The evolving security landscape in Mexico reflects a rapid shift in AI capabilities from supporting tools to autonomous offensive agents. Criminal organizations are now leveraging advanced AI models to automate the detection and exploitation of system weaknesses, operating at speeds beyond the defensive capabilities of human actors. “The tools of AI will search for and exploit zero-day vulnerabilities without a human needing to touch a keyboard,” states Konstantin Levinzon, CEO of Planet VPN. “It is almost certain that we will see these types of autonomous attacks this year.”
Levinzon argues that while AI previously enabled criminals to coordinate and expedite attacks, the current environment features agents capable of functioning independently. Evidence from Anthropic suggests that its Claude platform executed between 80% and 90% of its operations without human intervention. Additionally, models like Evil GPT are available on the dark web for as little as US$10, significantly lowering the entry barrier for less skilled actors while enhancing the capabilities of seasoned cybercriminals.
Mexico’s vulnerabilities are not new, but the scale of the threat has escalated dramatically. In the first quarter of 2025, over 40 billion cyberattack attempts were recorded in Mexico, solidifying its status as a key target for organized cybercrime in the region. The World Economic Forum (WEF), in conjunction with Accenture, has identified three major risks for 2026: vulnerabilities tied to AI, geopolitical attacks, and a global rise in fraud. In the Global Cybersecurity Outlook 2026 report, 73% of respondents reported being affected by cyber fraud or knowing a victim in 2025. Jeremy Jurgens, Managing Director at WEF, emphasizes that cyber fraud has emerged as one of the most disruptive forces in the digital economy, eroding trust and distorting markets.
Trust in national capabilities to manage serious cyber incidents is notably low in Latin America and the Caribbean, with confidence levels at 84% in the Middle East, plummeting to 13% in Latin America. This disparity highlights a widening gap between resilient organizations and those lagging due to inadequate resources and specialized skills.
Ransomware has evolved in Mexico from isolated incidents to a significant structural risk affecting the country’s institutional and economic operations. IQSEC reports that the number of organizations in Mexico with data exposed on leak portals doubled in 2025 compared to the previous year, amounting to 74 confirmed cases. Fernando Guarneros, Director of Operations at IQSEC, describes ransomware as a systemic risk that causes service disruptions and long-term economic damage. Notably, the government and education sectors have become primary targets, surpassing industries such as manufacturing. International criminal groups like Qilin, Kazu, and CL0P have gained notoriety by employing targeted deception campaigns and double extortion strategies.
Despite the escalating threats, Mexico’s economic response remains inadequate. Industry projections value the country’s cybersecurity market at US$3 billion, reflecting a growth rate of 9.2% from 2025. However, both the Organization of American States (OAS) and the Inter-American Development Bank (IDB) describe the situation as one of “chronic underinvestment.” The dearth of specialized talent further complicates the defense landscape, with the WEF reporting that 65% of organizations in the region lack the necessary skills to achieve their security objectives, particularly in areas like digital forensic analysis and complex incident response.
Victor Ruiz, founder of SILIKN, identifies a fundamental challenge in Mexico’s cybersecurity strategy: a persistent gap between strategy design and effective execution. While the state has integrated cybersecurity into high-level frameworks like the National Development Plan and established the Digital Transformation and Telecommunications Agency in 2025, these initiatives have yet to produce significant results. Ruiz asserts that the national defense architecture is fragmented and overly reliant on reactive measures. As cyber attacks continue to evolve in sophistication, the judicial system struggles to process cybercrimes, hampered by a lack of training in handling digital evidence.
The trajectory of Mexico’s cybersecurity landscape throughout the remainder of 2026 hinges on the implementation of the National Cybersecurity Plan 2025–2030. For the country to develop meaningful resilience, the allocated budget must translate into concrete technical capabilities, such as multi-factor authentication, network segmentation, and isolated backup systems.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
