The year 2023 was marked by rampant enthusiasm surrounding artificial intelligence (AI). In 2024, organizations commenced rigorous experimentation with AI technologies. Moving into 2025, the discourse shifted to recalibrating expectations regarding the AI bubble.
As we glance toward 2026, the pivotal query emerges: will the AI bubble burst altogether, or merely deflate? Moreover, will tangible returns on investment (ROI) from AI endeavors finally materialize?
Within the domain of cybersecurity, a pressing inquiry looms: how will malicious entities leverage AI to perpetrate attacks?
It is widely recognized that AI equips threat actors with the tools necessary to create increasingly authentic phishing scams, fabricate deepfakes that impersonate real employees, and concoct polymorphic malware that successfully eludes detection mechanisms.
Furthermore, AI systems are not impervious; they harbor vulnerabilities that nefarious actors can exploit, notably through prompt injection attacks.
Several industry experts have ventured predictions regarding offensive AI in the year 2026:
- “An agentic AI deployment will result in a public data breach and subsequent employee terminations.” Paddy Harrington, analyst at Forrester.
- “Offensive autonomous and agentic AI will emerge as an imminent peril, enabling attackers to unleash fully mechanized phishing, lateral movement, and exploit-chain engines with minimal or no human oversight.” Marcus Sachs, senior vice president and chief engineer at the Center for Internet Security (CIS).
- “As assailants increasingly adopt AI and pivot toward agent-based attacks, the incidence of living-off-the-land assaults will escalate.” John Grady, analyst at Omdia, a division of Informa TechTarget.
- “AI continues to dominate both media attention and the security landscape.” Sean Atkinson, CISO at CIS.
Atkinson’s forewarnings are already manifesting, evidenced merely a week into the new year, as highlighted in this week’s featured reports.
Moody’s 2026 Outlook: AI Threats and Regulatory Challenges
Moody’s 2026 cyber outlook report forecasts an uptick in AI-driven cyberattacks, encompassing adaptive malware and autonomous threats, as enterprises increasingly embrace AI without adequate protective measures.
AI has already fueled more personalized phishing endeavors and deepfake schemes, while prospective hazards include model poisoning and accelerated, AI-assisted hacking activities.
While the incorporation of AI-driven defenses is crucial, Moody’s warns that they also introduce novel risks characterized by unpredictability, necessitating robust governance frameworks.
The report further elucidates the disparate regulatory frameworks being pursued by the EU, the U.S., and countries in the Asia-Pacific region.
As the EU works towards coordinated frameworks such as the Network and Information Security Directive, U.S. regulatory initiatives are either on hold or have been curtailed.
Moody’s anticipates regional harmonization by 2026, although it predicts that achieving global consistency will remain an arduous task due to clashing domestic agendas.
AI-driven Cyberattacks Prompt CIOs to Bolster Security Protocols
While AI propels innovation to new heights, it simultaneously unleashes substantial cybersecurity threats.
Nearly 90% of Chief Information Security Officers (CISOs) have identified AI-driven attacks as a significant concern, as highlighted in a study from cybersecurity firm Trellix.
The healthcare sector, in particular, is exceptionally susceptible; 275 million patient records were exposed in 2024 alone.
CIOs from organizations such as UC San Diego Health are augmenting their investments in AI-driven cybersecurity measures while juggling budgetary constraints related to technological advancements.
Moreover, AI is exacerbating sophisticated phishing assaults, with 40% of business email compromise incidents now believed to be AI-generated.
Experts stress the necessity of fundamental security protocols, including zero trust architectures, security awareness training, and multi-factor authentication (MFA), as vital defenses against the evolving landscape of AI threats.
NIST Seeks Public Input on Addressing AI Security Risks
The National Institute of Standards and Technology (NIST) has called for public feedback regarding strategies to manage security risks associated with AI agents.
Through its Center for AI Standards and Innovation (CAISI), NIST intends to collect insights on best practices, methodologies, and case studies aimed at optimizing the secure development and deployment of AI systems.
The agency has expressed acute concern regarding inadequately secured AI agents, which pose significant threats to critical infrastructure and public safety.
The public’s contributions will guide CAISI in formulating technical guidelines and voluntary security standards designed to tackle vulnerabilities, assess risks, and fortify AI security measures. Submissions will be accepted for a period of 60 days.
AI-Powered Impersonation Scams Expected to Surge in 2026
A report from identity technology provider Nametag predicts a significant escalation in AI-driven impersonation scams aimed at enterprises, propelled by the increasing accessibility of deepfake technologies.
Swindlers are progressively employing AI to replicate voices, images, and videos, facilitating nefarious acts such as hiring fraud and social engineering schemes.
High-profile incidents, including a staggering $25 million scam involving the British firm Arup, underscore the imminent risks.
Departments such as IT, HR, and finance are at heightened risk, with deepfake impersonations becoming a conventional stratagem.
Nametag cautions that the evolution of agentic AI could amplify these threats, urging organizations to reassess their workforce identity verification practices to ensure appropriate human accountability for all actions.
Source link: Techtarget.com.
