After a year marked by large-scale incidents — including the largest recorded attack on the Brazilian financial ecosystem — Brazil enters 2026 with an expanded risk surface and increasingly sophisticated threats. This assessment comes from Rodolfo Almeida, COO of ViperX, an offensive protection startup of the Dfense Group, who analyzed the main movements of digital crime in 2025 and projected what companies and users should expect for the coming year.
“In 2025, sectors such as finance, public, and data-intensive areas — health, education, and retail — were among the most affected. The year was marked by supply chain attacks, AI-enhanced social engineering, and an advance of ransomware, which grew 25% globally. We saw a country that has evolved technically but remains reactive and dependent on poorly protected suppliers, now the main entry point for attacks,” states Almeida.
Artificial Intelligence moved out of the lab and became a central weapon of digital crime.
According to the COO, 2025 marked the moment when AI ceased to be a promise and became a frontline tool for criminal groups. The company observed three main trends:
- Realistic Social Engineering — Approximately 80% of phishing emails already utilize AI-based generation, producing perfect and contextualized texts. Deepfakes and voice cloning fueled “fake boss” scams and even “virtual kidnappings,” which have already prompted FBI alerts.
- Dynamic Malware — AI tools began generating malware that changes its signature with each execution, evading traditional defenses.
- Fraud at Scale — In 2025 alone, the FBI recorded over $262 million stolen in account takeover, scams, many supported by fake websites and AI-automated communications.
“The challenge is that offensive AI scales much faster than defensive AI. Today, any criminal with low technical skill can generate near-perfect texts, audios, and fake pages. Companies need to stop treating AI solely as a productivity tool and start seeing it as part of their threat model,” emphasizes Almeida.
Main frauds predicted for 2026
The projection is that 2026 will be even more critical, with an intensification of financial fraud, scams via PIX, and attacks sustained by AI and third-party vulnerabilities. Concern is also growing regarding the advancement of Shadow AI's, with companies adopting internal models without clear governance — increasing risks of data leaks and attacks via prompt injection..
Ransomware is expected to remain at a high level, especially against the public and health sectors. The geopolitical landscape tends to reinforce the blend between cybercrime, hacktivism, and digital espionage, raising the complexity of threats.
Consequently, the company highlights six priority frauds on the radar for 2026::
- Virtual kidnapping and AI-powered extortion scamsVoice and video deepfakes simulating relatives or executives, combined with real-time social engineering.
- Mass account takeover with AIHighly realistic fake websites, ads, and communications for credential and MFA theft, targeting banks and digital wallets.
- Instant payment and loan fraudsExploitation of digital journeys and leaked data to target vulnerable profiles, such as the elderly and small business owners.
- Business Email Compromise (BEC) with deepfake“CFO/CEO” audios and videos authorizing payments or changing supplier banking details.
- Synthetic identity and onboarding fraudCombination of leaked CPFs, social media data, and AI-forged documents.
- Extortion using sensitive data leaksUtilization of data leaks and deepfakes to pressure key employees.
What is missing for Brazil to move from reactive to preventive
Following the major leaks of 2025, the expert emphasizes that technology alone does not solve the problem. For him, four structural changes are essential to prevent 2026 from repeating the same cycle:
- Strong governance, with direct sponsorship from the board.
- Corporate culture of shared responsibility among technology, legal, risk, and fraud departments.
- Clearer regulation, with effective oversight of critical suppliers.
- Technical shift: move away from a perimeter focus and adopt continuous threat exposure management (CTEM).
“2025 confirmed that the most fragile perimeter is not the company's firewall, but the critical supplier with low maturity. What is still lacking is for Brazil to treat cybersecurity as critical trust infrastructure, not as an IT cost. When data leaks and digital fraud are measured with the same yardstick as credit risk or operational risk, we will see the shift from reactive to preventive,” he concludes.
