September 2025 underscored how rapidly the cyber threat landscape is escalating—becoming more disruptive, more complex, and more costly by the month. From manufacturing plants grinding to a halt to airports reverting to manual check-ins, the impact on critical infrastructure has been profound. At the same time, a new frontier has opened: adversaries are actively weaponizing artificial intelligence to scale ransomware, phishing, and disinformation campaigns.

Together, these developments highlight a sobering reality: whether in the private sector or the public domain, defending against today’s threats demands more than quick responses — it requires immediate, preventative action to stay ahead of adversaries.

When Critical Industries Grind to a Halt

A Cautionary Tale for Manufacturing 

Manufacturing continues to be under significant attack from ransomware actors. In 2024, 65% of manufacturing and production organizations reported being hit by ransomware, up from 56% in 2023 and 55% in 2022 (Sophos). In an industry that demands high availability and uptime, ransomware is crippling. Every day spent offline, investigating, eradicating ransomware, and bringing systems back online can result in millions lost. 

We saw this play out on a significant scale in September 2025 when Jaguar Land Rover (JLR) disclosed an incident and proactively shut down its IT and production systems worldwide. Independent analysts described the move as both “bold and necessary” in the face of a live attack, as it prevented lateral movement through its global infrastructure. 

The decision to halt operations carried immense costs. JLR normally produces about 1,000 vehicles per day across its three UK plants, employs roughly 33,000 staff, and supports a wider supply chain of over 104,000 jobs. With production frozen, revenue losses were estimated at £50 million per week, with additional disruption cascading across suppliers and logistics partners. Analysts noted that even a short halt in such an integrated manufacturing ecosystem can ripple across the entire automotive industry.

JLR’s experience underscores the reality that ransomware doesn’t just lock up data—it can shut down physical production lines, threatening entire economies. 

The JLR incident amplifies the call for Zero Trust security architectures, where identity-based access, network segmentation, and phishing-resistant MFA are essential to prevent attacks, contain attackers, and reduce downtime. 

Read our blog for a deeper analysis of the incident → 

Airports in Turbulence

A ransomware attack on Collins Aerospace’s check-in systems forced major airports—including Brussels and London Heathrow among others—to cancel dozens and delay most flights while reverting to manual processes. High-profile outages like this underscore the fragility of critical infrastructure when third-party systems are compromised.

Much like the JLR attack, this month’s upheaval at European airports further demonstrates the scale of disruption ransomware can cause to core national industries. Both attacks highlight the urgent need for Zero Trust architectures that can contain supply chain attacks of this nature. Ensuring ransomware is contained through segmentation is critical to minimizing impact—so incidents don’t escalate into national, or in this case, multi-national crises.

Governments Under Siege

It’s not just private enterprises in the crosshairs—reports from this month have confirmed that governments of all sizes are under attack as well. According to a survey by industry group Bitkom, the German economy suffered nearly €300 billion in cyber damages in 2024. Panama’s Ministry of Economy and Finance lost 1.5 terabytes of sensitive data, while Vietnam suffered a 160-million-record mega-breach impacting nearly its entire population. Even local governments have felt the strain. In St. Joseph, Missouri—a city of 77,000 residents—a cyber incident forced officials to invest more than $1 million in cybersecurity upgrades in its aftermath. 

These attacks don’t just disrupt services; they drain budgets, limit resources, and erode public trust. Just like private enterprises, governments of all sizes have the imperative to address these risks. 

The Weaponization of AI

Cyber attackers are rapidly embracing new technologies in their malicious pursuits. According to the Threat Intelligence Report published by Anthropic in late August 2025, AI is now an active enabler of cybercrime, not just a tool for experimentation. 

Threat actors are embedding large language models (LLMs) across the entire attack lifecycle: from reconnaissance and victim profiling to malware development, extortion, and even monetization. In one case outlined in the report, attackers used Anthropic’s Claude to automate data theft and draft ransom demands; in another, ransomware variants built with AI were sold on the dark web as “no-code malware kits,” lowering the barrier to entry for less skilled adversaries.

The report highlights several striking case studies. A “vibe hacking” campaign targeted 17 organizations, including healthcare and government bodies, using AI to extort victims without encryption—simply threatening to leak sensitive data. In another example, North Korean operatives used AI to fabricate résumés, pass technical interviews, and secure remote work at US tech firms, violating sanctions. These cases illustrate how AI is being weaponized both for traditional and completely novel forms of cyberattack.

To counter these trends, Anthropic has stepped up defensive measures, including banning abusive accounts, deploying classifiers to detect misuse patterns, and sharing indicators of compromise (IoCs) with industry and government partners. 

Yet the broader takeaway is clear: AI has democratized access to sophisticated cyber capabilities, giving even low-skill actors the ability to run complex operations. For defenders, this underscores the urgency of adopting proactive, Zero Trust controls to prevent data leakage, jailbreak attacks, and other forms of AI abuse. 

In addition to techniques exposed by Anthropic Threat Intelligence, another form of AI-driven attacks was reported this month—phishing schemes that use fake CAPTCHA pages capable of bypassing traditional defenses and fooling users into giving up credentials. Already, stolen valid credentials are one of the largest attack vectors. With AI-driven techniques, this will only become more of a risk. In the age of AI, it’s critical that enterprises eliminate their reliance on static credentials and static privileges, in favor of a just-in-time approach.