Kaspersky data demonstrates that in 2025, password stealer attacks increased by 83% year-over-year in Kenya and 56% across Sub-Saharan Africa
The digital maturation of the East African market has caught the attention of sophisticated global threat actors. Kaspersky’s latest intelligence report highlights a critical friction point: while Kenyan professionals are aggressively adopting AI tools, with nearly 88% using AI for daily work tasks, only 35% have received formal training on the associated security risks. This knowledge gap is creating fertile ground for Shadow AI, where employees unknowingly leak sensitive corporate data into public AI models, bypassing IT oversight and creating massive vulnerabilities.
The data reveals that cyber-criminals are not just using AI to automate their own workflows; they are weaponizing the technology to bypass traditional defenses. Key findings from 2025 indicate:
- Credential Theft: Password-stealer attacks spiked by 83% in Kenya, significantly higher than the 56% regional average, pointing to a targeted effort to hijack corporate identities.
- Spyware and Backdoors: Spyware attacks mirrored the password-stealer surge (83%), while backdoor access attempts rose by 25% in Kenya.
- Advanced Persistent Threats (APTs): Highly organized APT groups are now combining AI-enhanced social engineering with targeted intrusion, accounting for nearly one-quarter of all high-severity incidents.
Kaspersky warns of an emerging class of threats rooted in AI exploitation. Malicious actors are now deploying malware disguised as legitimate AI productivity tools and leveraging deepfakes to conduct industrial-scale social engineering. Even more concerning is the rise of Autonomous AI Agents. As these systems begin acting on behalf of users, they present a new attack surface where misconfigured autonomy or adversarial prompt injection can trigger harmful, real-world consequences, such as unauthorized financial transactions or data exfiltration.
“As organisations in Kenya and the wider region accelerate digital transformation, cybersecurity is becoming a board-level priority. We are seeing growing awareness that innovation and security must develop hand in hand,” says Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.
