Derek Manky
Chief Security Strategist and Global VP, Threat Intelligence, at Fortinet
FortiGuard Labs expects to see the emergence of specialised AI agents designed to assist cyber criminal operations. Although these agents will not yet operate independently, they will begin to automate and enhance critical stages of the attack chain, including credential theft, lateral movement and data monetisation.
At the same time, AI will accelerate the monetisation of data. Once attackers gain access to stolen databases, AI tools will instantly analyse and prioritise them, determine which victims offer the highest return, and generate personalised extortion messages. As a result, data will become currency faster than ever before.
The underground economy will also become more structured. Botnet and credential-rental services will become increasingly tailored in 2026. Data enrichment and automation will enable sellers to offer more specific access packages based on industry, geography and system profile, replacing the generic bundles that dominate today’s underground markets. Black markets will adopt customer service, reputation scoring and automated escrow. Due to these innovations, cyber crime will accelerate its evolution towards full industrialisation.
Brad Jones
Chief Information Security Officer at Snowflake
The cyber security arms race has always been defined by the constant push and pull between attackers and defenders, but the rise of AI agents capable of researching, devising and executing attacks will tip the balance in alarming ways. By 2026, agentic cyber crime will become a front-line problem, with defenders facing a new class of adversary. One of the biggest risks with AI agents will be prompt injection – adversaries tricking systems into bypassing guardrails – and hallucinations that generate false or misleading outputs.
We can expect to see agents that will look at code, find a vulnerability and custom-build exploit kits to exfiltrate data and deploy ransomware. We’ll also see cases of AI creating sales documents or security claims that don’t exist, putting companies at risk of legal penalties. But this is only the beginning. The real inflection point will come when agents stop simply imitating attackers and begin creating entirely new strategies – and that’s when defenders will be facing a whole new level of trouble.
Adam Marrè
Chief Information Security Officer at Arctic Wolf
2025’s high-profile cyber attacks on the likes of M&S and Jaguar Land Rover have put CISOs under a microscope. Growing awareness of the near-crippling operational, financial and reputational fallout of a successful hack is putting mounting pressure on CISOs.
Concerningly, two-thirds of technology leaders admit to clicking malicious links, proving the issue isn’t only outside of the IT department. In 2026, CISOs will need to ensure they are both empowering employees to be vigilant and report suspicious activity but also setting the standard with their own security. Embedding cyber hygiene into company culture will be necessary to prevent and minimise threats before they become headlines in 2026.
Nadir Izrael
Co-founder and Chief Technology Officer at Armis
AI has moved from being a tool in the defender’s arsenal to a weapon in the attacker’s. Nation-states and organised cyber criminal groups are now deploying AI to discover zero-days, launch automated exploitation chains and mimic human behaviour at a scale and speed we’ve never seen before. The rise of AI-powered malware and state-sponsored chaos is no longer a prediction but our reality.
For 2026, the key challenge is clear: we must build security systems that don’t just react but anticipate. Traditional controls and reactive defences are not enough. What’s required now is continuous, intelligent proactive protection that can adapt in real time, spanning IT, OT, IOT and medical devices across physical, cloud and code environments.
Dmitry Volkov
CEO of Group-IB
The cyber security landscape in 2026 will be defined not by new vulnerabilities but by adversaries’ accelerating ability to weaponise artificial intelligence. From Group-IB’s vantage point tracking threat actor operations globally, we are observing a fundamental shift: attackers are embedding AI into every stage of their operations, compressing timelines, scaling capabilities and adapting faster than traditional defences can respond.
The imperative is clear: defences must evolve at the same pace as AI-enabled adversaries, or risk facing automated attacks that operate faster than human-speed detection and response can counter.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.