University of Kwazulu-Natal

Seven Cybersecurity Predictions For 2026 Newsbreak

Bonisiwe Shabane
-
seven cybersecurity predictions for 2026 newsbreak

Industry executives and experts share their predictions for 2026. Read them in this 18th annual VMblog.com series exclusive. Cybersecurity is entering a period of reckoning. The pace at which organizations have expanded their technology environments has outstripped the assumptions many security strategies were built on, creating growing tension between convenience, trust, and resilience. Businesses are more interconnected than ever, yet that connectivity has quietly expanded the attack surface far beyond what most teams can realistically see or control. Kentucky’s junior U.S.

Senator Rand Paul, R-Bowling Green, has introduced the Health Marketplace and Savings Accounts for All Act, to make all Americans eligible for Health Savings Accounts (HSAs). If you have ever looked up at the grab handle above your car window and noticed a tiny hook on the side, you are not alone if you had no idea what it was... Here is the short version: that little hook is a coat or clothes hook, designed so you can hang garments without wrinkling them or having them slide around the car. Automakers actually label it that way in their owner manuals. CALIFORNIA — In a sudden move, Howard's Appliances — a nearly 80-year-old appliance chain, has closed all its retail locations in Souther California, leaving employees and customers scrambling with little warning. In a striking sign of change across the American food and beverage landscape, two of the world’s most iconic beverage companies — Coca-Cola and PepsiCo — have recently announced multiple plant closures and major...

Enterprises Will Start Treating AI Systems as Insider Threats. Josh Taylor, Lead Security Analyst, Fortra As agents gain system-level permissions to act across email, file storage, and identity platforms, companies will need to monitor machine behavior for privilege misuse, data leakage, etc. The shift happens when organizations realize their AI assistants have broader access than most employees and operate outside traditional user behavior analytics. The first time an AI agent gets compromised through prompt injection or a supply chain attack and starts quietly exfiltrating customer data under the guise of “helping users,” organizations will realize they built privileged... John Wilson, Senior Fellow, Threat Research, Fortra

What will the cybersecurity landscape look like next year? Rather than speculation, these cybersecurity predictions represent logical progressions of current attack methodologies and threat actor behaviors already evident in today’s landscape. Our Vice President of Security Intelligence, Rik Ferguson, and Vice President of Research, Daniel dos Santos, weigh in on the top challenges and new trends you are likely to see soon enough. Take these predictions as helpful tips to prepare your defenses in advance. Attackers are shifting focus from stolen passwords to the permissions granted to connected apps. By abusing OAuth consents and refresh tokens from legitimate integrations in platforms, including Microsoft 365, Salesforce, and Slack, they can quietly move between tenants and keep access even after passwords are reset.

In 2026, these ‘token-hopping’ campaigns will rival traditional phishing as the most effective path to compromise. With password-less authentication gaining ground, the day OAuth abuse surpasses phishing is getting ever closer. Defenders should build an inventory of authorized apps, limit what each can do, and regularly revoke unused or suspicious tokens. Elimination of federal funding for the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) ... cyber threat actors (CTAs') ongoing use of artificial intelligence (AI) ... the AWS outage in October ...

these and similar developments created new risks for organizations like yours in 2025. In doing so, they shifted the conversation around your cybersecurity and compliance priorities going forward. There's so much change to decipher. Where do you focus your efforts? To put next year into context, we spoke to seven experts at the Center for Internet Security® (CIS®) about their 2026 cybersecurity predictions. Here's what they had to say.

AI Continues to Dominate the Headlines and Security Landscape. We will require contextualization of specific AI applications and use cases, including Model Context Protocol (MCP), Agentic AI, and Large Language Models (LLMs), and we will need to consider each in its own right. As more decision-making is placed on these technologies, organizations will need to assess them as tools, technologies, and personas within their environments — each with its own risk profile. Focused and Specific Threats to Critical Infrastructure and U.S. State, Local, Tribal, and Territorial (SLTT) Entities. Threats and risks facing these organizations continue to grow and become more sophisticated.

Organizations need assistance in the way of preparation, training, and support to confront talent shortages — all while navigating a lack of funding. by Serena Raymond on Oct 30, 2025 8:00:01 AM AI and other technologies are fundamentally reshaping the security world. It’s never too early to prepare, which is why we're dropping our predictions for 2026 ahead of schedule! We went straight to the source, surveying our internal team of cybersecurity and technology specialists to find out where they see the battle lines forming. Here’s what our experts predict.

From Mikey Pruitt, Global Partner Evangelist AI is no longer a trend on the edge of tech and security; today, it has become the backbone of how businesses operate, secure, and scale. In fact, AI traffic on the DNSFilter network has grown 69% over the past 12 months. For MSPs, that means survival and success will hinge on offering AI-powered services. Those who fail to adapt will be outpaced and out-innovated. AI is being used in countless ways to make workflows more efficient, and MSPs need to be creating these AI automations.

There is a huge opportunity for them to provide education on how to use AI and build AI automations for their clients, but the challenge is that they must do this in addition to... They can’t afford to slip on cybersecurity, cloud services, or anything else; they have to add this new service. However, the upside for MSPs that pull this off is that there’s a lot of room to make money, strengthen their brand reputation, and differentiate their company in an ever-growing ecosystem. Increase visiblity into your network with NetWitness. Want to know how? The rapid pace of cyber threats has outstripped the capability of many security teams to respond.

By 2026, the gap will have widened even further. Teams are already stretched thin. Detection is getting more and more complex. Every environment – cloud, hybrid, OT, and SaaS – needs ongoing insight and context, as opposed to on-demand scanning. Global investment shows the urgency of this pressure. Cybersecurity Ventures expects annual spending on security technologies to surpass $520 billion by 2026, which is nearly double of what organizations spent 5 years back.

The takeaway is simple: risk is outpacing the ability of teams to keep up manually. A modern operating model will place intelligence at its center. As organizations work across mixed environments, the current detect-and-alert model will be inadequate. The next step is an integrated threat detection, investigation, and response model utilizing automation, artificial intelligence, and human expertise. This article explores cybersecurity predictions 2026, top seven threat detection and response trends that will shape the state of cybersecurity predictions 2026 and assist technical leaders in preparing for that future. In what could be described as a banner year for technology advancements, 2025 showed how powerful—and dangerous—AI can be in the wrong hands.

With bad actors automating complex attacks, using AI tools to engage in social engineering campaigns and manipulating the AI agent to expose sensitive information, it’s no surprise that the year was a game of... And while the global average of the cost of a data breach fell 9% to USD 4.44 million, the average cost in the US hit a record high of USD 10.22 million. The cybersecurity threats didn’t end with automated chatbots spamming inboxes and tricking AI agents. This year, we saw what could happen when an organization is caught unprepared to deal with the consequences of integrating new tools like AI agents into their workflow: 13% of companies reported an AI-related... Last year’s cybersecurity predictions touched on AI’s increasingly important presence in the cybersecurity preparedness plan. This year, IBM’s predictions for 2026 center on how the integration of autonomous AI into enterprise environments can be both a boon and a burden, depending on whether the proper security measures are implemented—or...

The agentic shift is no longer theoretical; it’s underway. Autonomous AI agents are reshaping enterprise risk, and legacy security models will crack under the pressure. To stay resilient, organizations must drive a new era of integrated governance and security, built to monitor, validate and control AI behavior at machine speed. This transformation requires embedding security into the very fabric of AI development and governance—ensuring agents operate within ethical and operational boundaries from day one. Anything less risks fragmentation, blind spots and enterprise-wide exposure. AI is accelerating innovation—but also exposing enterprises to unprecedented risks of intellectual property (IP) loss.

In 2026, we’ll see major security incidents where sensitive IP is compromised through shadow AI systems: unapproved tools deployed by employees without oversight. These systems often operate across multiple environments, making it easy for one unmonitored model to trigger widespread exposure. This mirrors the rise of shadow IT a decade ago, but with far higher stakes—AI tools now handle proprietary algorithms, confidential data and strategic decision-making. Closing the gap will require security teams to move at the speed of innovation, delivering approved AI tools and governance frameworks that meet employee needs without sacrificing control.

People Also Search

Industry Executives And Experts Share Their Predictions For 2026. Read

Industry executives and experts share their predictions for 2026. Read them in this 18th annual VMblog.com series exclusive. Cybersecurity is entering a period of reckoning. The pace at which organizations have expanded their technology environments has outstripped the assumptions many security strategies were built on, creating growing tension between convenience, trust, and resilience. Businesse...

Senator Rand Paul, R-Bowling Green, Has Introduced The Health Marketplace

Senator Rand Paul, R-Bowling Green, has introduced the Health Marketplace and Savings Accounts for All Act, to make all Americans eligible for Health Savings Accounts (HSAs). If you have ever looked up at the grab handle above your car window and noticed a tiny hook on the side, you are not alone if you had no idea what it was... Here is the short version: that little hook is a coat or clothes hoo...

Enterprises Will Start Treating AI Systems As Insider Threats. Josh

Enterprises Will Start Treating AI Systems as Insider Threats. Josh Taylor, Lead Security Analyst, Fortra As agents gain system-level permissions to act across email, file storage, and identity platforms, companies will need to monitor machine behavior for privilege misuse, data leakage, etc. The shift happens when organizations realize their AI assistants have broader access than most employees a...

What Will The Cybersecurity Landscape Look Like Next Year? Rather

What will the cybersecurity landscape look like next year? Rather than speculation, these cybersecurity predictions represent logical progressions of current attack methodologies and threat actor behaviors already evident in today’s landscape. Our Vice President of Security Intelligence, Rik Ferguson, and Vice President of Research, Daniel dos Santos, weigh in on the top challenges and new trends ...

In 2026, These ‘token-hopping’ Campaigns Will Rival Traditional Phishing As

In 2026, these ‘token-hopping’ campaigns will rival traditional phishing as the most effective path to compromise. With password-less authentication gaining ground, the day OAuth abuse surpasses phishing is getting ever closer. Defenders should build an inventory of authorized apps, limit what each can do, and regularly revoke unused or suspicious tokens. Elimination of federal funding for the Mul...