AI-Enhanced Cyberattacks Against Canadian Critical Infrastructure

Canada's signals intelligence agency assesses that AI is "almost certainly enhancing the quality, scale, and precision of malicious cyber threat activity" against Canadian targets. This assessment, from CSE's National Cyber Threat Assessment 2025-2026, identifies AI as one of five structural trends shaping Canada's cyber threat environment.

The threat is already materializing at the capability level. State-associated attackers from Russia, China, Iran, and North Korea are actively using AI in their operations — for reconnaissance, vulnerability research, social engineering content generation, malware development, and exfiltration processing. Microsoft's threat intelligence reports that threat actors use AI to "automate 80-90% of certain intrusion workflows." In the DARPA AI Cyber Challenge finals (August 2025), an AI agent autonomously identified 77% of vulnerabilities in real software, placing in the top 5% of 400+ mostly human teams. The NCSC UK assesses that AI will "almost certainly continue to make elements of cyber intrusion operations more effective and efficient" and that the time between vulnerability disclosure and exploitation — already shrinking — will decrease further.

Canadian critical infrastructure is actively under attack. In 2024-2025, CSE responded to 2,561 cyber incidents: 1,155 against federal institutions and 1,406 against critical infrastructure partners. In October 2025, pro-Russian hacktivists breached Canadian critical infrastructure facilities — tampering with pressure valves at a water treatment facility, manipulating an automated tank gauge at an oil and gas company, and exploiting controls at a grain drying silo. CSE's Ransomware Threat Outlook 2025-2027 identifies ransomware as the top cybercrime threat to Canadian critical infrastructure and states that AI makes ransomware operations "cheaper and faster to conduct and harder to detect." In 2024, CCCS issued 336 pre-ransomware notifications to over 300 Canadian organizations.

The structural condition is an asymmetry between offence and defence. AI lowers the skill floor for attackers — tools that previously required nation-state capabilities are becoming accessible to criminal groups and hacktivists. Meanwhile, defensive adaptation requires institutional change, procurement, and training that moves at bureaucratic speed. Canada's critical infrastructure includes legacy operational technology (OT) systems in water treatment, power generation, transportation, and healthcare that were designed before cybersecurity was a primary concern. The October 2025 ICS attacks succeeded through basic methods — default credentials and exposed devices — demonstrating that even Canada's safety-critical systems have not addressed known vulnerabilities.

Defensive applications of AI are also advancing. CSE and CCCS are developing AI-augmented cyber defence tools, and major cybersecurity vendors offer AI-powered threat detection. The same AI capabilities that enhance offensive operations can strengthen defensive monitoring, anomaly detection, and incident response. The net effect on the offence-defence balance remains contested among cybersecurity researchers.