Microsoft’s security team warned this week that sophisticated actors tied to Russia and China are increasingly leveraging artificial intelligence to enhance the speed, scale and stealth of cyberattacks against U.S. networks, amplifying risks for companies, financial institutions and everyday consumers.

In a blog post and accompanying analysis, Microsoft described a broadening of tactics: AI tools are being used to automate reconnaissance, generate highly convincing phishing messages and fabricate audio or video that can deceive employees and officials. “We are seeing nation-state actors combine AI tools with traditional cyber capabilities to rapidly increase the scale and effectiveness of operations,” the company wrote, attributing the pattern to groups aligned with those two states. Microsoft did not name new, specific operations in the post but said the trend accelerates threats already exposed by incidents such as SolarWinds and other high-profile intrusions.

The implications are both technical and economic. Security experts warn that automated vulnerability discovery and AI-assisted social engineering could reduce the time between discovery and exploitation from weeks to hours, forcing organizations to invest more heavily in defensive tools and staff. That spending will ripple through corporate budgets at a time when companies are already grappling with tariffs, inflationary pressures and volatile financial markets, analysts say. For some firms, higher cybersecurity outlays could compress margins; for cybersecurity vendors and cloud providers, demand may drive revenue growth.

Markets have responded to past waves of cyber concern with short-term volatility in affected sectors and longer-term appreciation for firms with strong security portfolios. Bankers and insurers are also watching; more frequent or sophisticated intrusions could increase operational losses and claims, potentially affecting credit conditions and investor confidence. At the consumer level, experts note the prospect of deeper identity fraud and more convincing scams, threats that undermine financial wellness for households already vulnerable to economic strains.

The Microsoft warning arrives amid growing calls for clearer international rules around the civilian use of AI and for strengthened public-private information sharing. U.S. officials have recently leaned on sanctions, export controls and diplomatic pressure to deter state-backed cyber campaigns. But experts say technological change complicates traditional levers: AI tools are globally available, often inexpensive, and can be repurposed quickly.

“There’s a mismatch between the pace of technological evolution and the speed of policy response,” said a former U.S. cybersecurity official who briefed lawmakers on the matter. “If attackers can automate the kind of tailored social engineering that used to require teams of specialists, defenders need tools and authorities to match.”

For businesses, the immediate prescription is familiar but urgent: patching, multi-factor authentication, employee training and collaboration with cloud providers and government cyber centers. Longer term, the Microsoft alert underscores the need for multinational agreements on AI limits in offensive cyber operations, investments in defensive AI, and transparency from platforms that host and market the very tools being repurposed for harm. Failure to act risks a more automated, more damaging era of cyber competition with tangible consequences for economies and individual financial security.