An Australian ICT service provider that works across the government and defence sectors expects artificial intelligence to radically change the cyber security landscape in 2026.
According to sovereign technology firm Kinetic IT, AI and machine learning are already baked into criminal toolkits, leading to standardised tactics across both attack and defence.
“We can expect more sophisticated phishing and social engineering, powered by AI-generated content and deepfakes so convincing that spotting pretext without advanced tools will be near impossible,” Tony Campbell, enterprise security service line manager at Kinetic IT, said in a statement.
Campbell expects AI to accelerate attacks, while “agentic” malware capable of scanning networks for exploitable vulnerabilities and adapting to network dynamics on the fly will emerge. Cyber-crime-as-a-service operations will provide hackers and scammers with deepfake videos complete with dynamic voices to impersonate trusted contacts.
“Defenders will respond in kind, with security teams increasingly relying on intelligent agents in security operations centres (SOC) to automate detection, correlation, and response,” Campbell said.
“AI ‘tier zero’ analysts will handle triage, sift logs, prioritise alerts, and even execute containment actions in seconds, turning cutting-edge capabilities into standard practice. By year’s end, AI-driven triage and incident analysis will be commonplace.”
Here are Kinetic IT’s enterprise security predictions for 2026
Room-temperature quantum computing will change everything
Stanford University’s work on room-temperature quantum communication has largely been missed, but Campbell expects it to be a game changer.
“Quantum communication typically requires ultra-cold laboratory conditions, and it’s so fragile that even breathing near the equipment can ruin the experiment. Now, researchers have managed to send quantum signals at room temperature, using a novel method that stabilises those notoriously fragile quantum states,” Campbell said.
“This is not a marginal improvement. Quantum communication, especially the sort that doesn’t require a cryogenic freezer the size of a small caravan, is the beginning of a strategic shift, because once quantum communication becomes affordable, portable, and industrial rather than academic, we enter the age of guaranteed interception detection.”
Cyber security will converge with wearable technology
As they become more widespread, securing medical devices and wearables will become an urgent priority.
“Wearables bring their own challenges. Health trackers and the data they collect – such as heart rate, location, sleep patterns – are prime targets. Breaches of fitness platforms or insurer wellness programs could expose deeply personal information,” Campbell said.
“Expect moves towards security certification for consumer IoT health devices, building on Australia’s voluntary IoT Trust Mark and emerging smart device standards.”
Smart cities and critical infrastructure will come under siege
Hyper-connected cities will greatly expand the national attack surface, with every connected system becoming a potential point of entry for malicious actors.
“In 2026, expect at least one major city to suffer a coordinated cyber attack with a real possibility of ransomware taking down IT networks and connected services,” Campbell said.
“The pace of development demands faster modelling of attack scenarios, because the consequences of failure will be systemic and potentially catastrophic.”
Digitising government services will lead to heightened threats
Government portals, payment systems, and citizen databases will become targets for financially motivated hackers and nation-state hackers alike, leading to agencies such as Australia’s National Office for Cyber Security and positions like national cyber security coordinator becoming whole-of-government defence hubs.
“In 2026, expect attackers to escalate tactics, moving beyond data theft to manipulation, such as altering permit records or health data to sow chaos,” Campbell said.
“With elections looming in some jurisdictions, electoral systems and disinformation campaigns will face increased targeting as hacktivists and state actors seek to undermine trust.”
Secure by design principles will become essential
Security by design will cease to be a ‘nice-to-have’ and will instead become non-negotiable. Regulatory pressure both at home and abroad will drive this shift, with Australia’s Security of Critical Infrastructure Act (SOCI Act) a perfect example of centring risk management at the heart of managing critical infrastructure.
“Market forces reinforce this trend. Buyers now demand proof of security hygiene with ISO 27001 compliance, regular penetration tests, and secure coding practices becoming deal-breakers,” Campbell said.
“Cyber insurance providers increasingly require evidence of controls before issuing policies. In practice, expect widespread adoption of DevSecOps ‘shift-left’ testing and secure coding training. Products will ship with multifactor authentication enabled, encryption by default, and sensible privacy settings.
“Governments may introduce consumer-facing security labels for Internet of Things devices, similar to energy rating labels, to raise the baseline and eliminate low-hanging fruit like default passwords. Continuous compliance monitoring replaces annual audits, with dashboards providing real-time visibility into security posture.”
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.