AI will further reshape cybersecurity in 2026, predict CISOs. From agentic AI defensive toolchains to MCP server risks, explore the anticipated shifts.
Look into our cybersecurity crystal ball for the rest of 2026, and you probably won't be surprised to see a familiar acronym appear: AI.
What's new this year is that -- three years after ChatGPT first burst into public consciousness -- CISOs are now getting down to the nitty-gritty of AI threats and opportunities like never before. High-level concerns about AI supply chain risk have given way to granular discussions of audit-ready AI activity logs, software-bill-of-materials (SBOM)-style model attestation and Model Context Protocol (MCP) server security. Additionally, mostly theoretical musings on AI agents' potential to transform the security operations center (SOC) have now become practical conversations about breaking defensive tasks into agentic workloads.
You'll find all of this and more in the following collection of 2026 cybersecurity predictions, as shared with SearchSecurity by your fellow industry leaders.
1. AI-enabled social engineering campaigns will escalate
Think that's your boss on Zoom? Think again. Many experts predict 2026 will be the year that typical enterprise users learn -- some the hard way -- that they can no longer trust their own eyes and ears.
"We're poised to see a new phase of cyber-risk in 2026," warned Andy Ulrich, CISO at Vonage, part of Ericsson. That's because attackers are using generative AI and deepfakes to launch increasingly convincing phishing attacks at scale, regardless of native language and social engineering skills.
Enterprises, Ulrich added, must double down on training users to approach every digital interaction -- even with trusted colleagues -- with healthy skepticism. At Vonage, for example, he has already begun including AI-enabled social engineering scenarios in security awareness training to demonstrate what such attacks look like in practice.
"It's become increasingly critical for employees across departments to understand what's possible so they are better prepared for the increased level of sophistication that AI will bring to the table," he said.
George Gerchow, faculty advisor at IANS and CSO at data security provider Bedrock Data, argued that it's time to shift focus from training people to implementing proof-based systems and deepfake-resistant procedures.
"Executives must publish standing 'how I will contact you' policies with approved channels and verification phrases," Gerchow said. "Any request for data, credentials, funds or banking changes should require out-of-band two-factor verification with a designated approver."
2. Security defenders will embrace agentic AI -- or fall behind
The best security programs in 2026 won't necessarily have the biggest budgets, predicted Sergio Oliveira, director of development at DesignRush, a B2B design and marketing agency directory platform. Rather, they will be the ones using agentic AI to its full potential, rather than merely treating it as a "shiny new toy."
This year, AI-enabled threat intelligence will become the linchpin of modern security architecture, Oliviera added. "Agentic AI will act as your analyst in real time, ingesting and correlating signals across identity, applications, cloud and endpoints faster than any existing human teams can do."
To realize the technology's potential in the SOC, said GitLab CISO Josh Lemos, defenders must scale up their agentic AI tool chain in the same way adversaries break down attack phases into separate agentic workloads.
"AI agents that leverage internal system resources -- systems that provide deep visibility into source code, infrastructure code, software composition and dependencies -- can break down defensive tasks to identify and remediate vulnerabilities prior to adversarial exploitation," Lemos said.
AI could prove especially beneficial for SMBs with limited IT and security staff, added Jason Ruger, CISO at PC maker Lenovo, namely by augmenting their incident response capabilities. "That's something I'm optimistic about," he said.
3. Autonomous AI agents will cause a major data breach
Many security experts have warned that business leaders' enthusiasm for agentic AI is leading to deployments that disregard proper security controls. Jack Cherkas, global CISO at cloud services firm Syntax, predicted autonomous AI agents will cause a high-profile data breach in 2026, shaking public confidence and leading to senior staff dismissals.
"Pressured systems will sacrifice accuracy for speed, leading to costly security failures," Cherkas said. "Without identity controls, activity tracking and data provenance safeguards, AI agents risk becoming the most dangerous insider threat."
Boards, he added, must treat the security of AI agents not just as a technical challenge but also as a governance issue, with "minimum viable security" frameworks, granular access controls, agent behavior monitoring and digital provenance tracking.
"This will protect business integrity and prevent scapegoating when incidents occur," Cherkas said.
4. Boards and regulators will hold CISOs accountable for AI governance
With great power comes great responsibility -- and in 2026, AI is increasingly powerful. As business executives and regulators grapple with the technology's risks, CISOs will likely see AI governance become a higher board-level priority in the coming months.
"Expect boards to demand audit-ready logs for every AI action, plus SBOM-style attestation for models and data lineage," said Andrei Blaj, co-founder of medical imaging infrastructure provider Medicai. "CISOs get 'safe harbor' only if those controls are live."
Security leaders should be prepared to produce AI audit trails, model risk assessments and incident response readiness plans, said DesignRush's Oliveira. "Regulators will expect CISOs to demonstrate not just an investment in technology but the establishment of effective governance processes," he said. "'I didn't know' will no longer be a legitimate defense."
Without identity controls, activity tracking and data provenance safeguards, AI agents risk becoming the most dangerous insider threat.Jack CherkasGlobal CISO, Syntax
At Medicai, Blaj plans to deploy a virtual private cloud for AI, implement no-AI fallbacks and establish policy-as-code that enables administrators to deactivate an AI agent with a single click. "That's proof you can show a regulator at 2 a.m.," he said.
Digital provenance -- the traceability and verifiability of digital assets and transactions to combat AI-enabled fraud -- will become an organizational priority, a cornerstone of compliance and a massive pain point for the unprepared, added Syntax's Cherkas.
"Firms with full provenance integration will breeze through compliance. Others will scramble retrofits and face reputational damage," Cherkas said. He added that security leaders should assess their digital provenance maturity now -- especially across ERP, content and transactional systems -- to ensure future compliance and protect customer trust.
5. AI regulation will become a major challenge for vendors
Lenovo's Ruger said he expects organizations like his that offer AI services will also struggle to contend with tightening regulations, especially on the privacy front.
"In the next year or two, we will see, like with the EU AI Act, regulations that say a company that provides AI services needs to monitor what is being asked of the LLM and what the LLM is outputting," Ruger said.
He added that, as a private company, Lenovo's position is to leave the decision to its customers. If a customer wants complete privacy, Lenovo will never know what they ask the LLM or what the model outputs. Ruger noted, however, that regulators don't necessarily seem interested in allowing customers the choice to opt out of having providers monitor their use of LLMs.
6. MCP server threats will require new security tools and practices
MCP servers connect AI models to third-party data, tools and services, underpinning many critical enterprise AI use cases. But the explosion in MCP server popularity also brings a host of new security risks, cautioned Dave Stapleton, chief trust officer at ProcessUnity, a third-party risk management service provider.
"There are thousands of MCP servers now out there -- many barely used or monitored -- and it's clear the ecosystem is moving faster than the security practices around it," Stapleton said. Risks include weak access controls, misconfigured permissions and software supply chain issues, as well as novel AI threats such as command injection, tool poisoning and context spoofing.
"We need to start treating MCP like a critical integration layer with real guardrails, visibility and accountability baked in," he said. "As MCP adoption continues to grow, we can expect an increase in purpose-built security tools to help enterprises identify and manage associated risks."
Stapleton said he particularly hopes to see the emergence of tools and services that offer the following:
MCP server code scanning.
Expanded runtime monitoring of MCP server actions and connections.
Integration of MCP servers with SIEM systems and other security data aggregation tools.
MCP server gateways or proxies.
MCP server risk assessments.
The application of zero-trust concepts to MCP server technology.
7. Security capabilities will drive AI buying decisions
Concerns about AI threats and vulnerabilities will increasingly influence B2B purchasing decisions in 2026, predicted Docusign CISO Michael Adams, adding that built-in security and compliance capabilities will become the ultimate AI tooling differentiators.
"We'll see a shift toward platforms that can scale innovation safely, pairing AI-driven efficiency with the same rigor traditionally reserved for critical infrastructure," Adams added. "The most successful companies will be those that treat trust as a design principle, ensuring every AI capability meets enterprise-grade security and compliance standards."
8. Cyberattacks on critical infrastructure will intensify
Many experts have predicted that attacks on critical infrastructure and operational technology (OT) will become more sophisticated, targeted and widespread in 2026.
Expect threat actors to increasingly target vulnerable, high-impact sectors ranging from shipping and logistics to food and agriculture, said Jeanette Miller-Osborn, field cyber intelligence officer at AI threat intelligence firm Dataminr.
"We've seen this happen already with the recent cyberattack on United Natural Foods, which left Whole Foods' shelves bare," Miller-Osborn added. "This year, we will see an increase in disruptive attacks, as adversaries prod new pain points that inflict equal, if not more, disruption on society."
Joe Slowik, director of Dataminr's cybersecurity alerting strategy, further predicted that overly confident or technically inept threat actors will cause damage beyond their intended scope. "If the attacks are politically driven, we could even see a cyber operation result in physical conflict," Slowik added.
To address the predicted surge in OT attacks, organizations will need to harden infrastructure, step up threat detection and conduct more frequent cyber-resilience exercises, said Rob Gregory, CISO at cybersecurity services provider Optiv.
"Segmentation, identity-based access and resilience testing are becoming mandatory for OT/IT integration," he added.
9. CISOs will take on more IT responsibilities
Emilio Escobar, CISO at observability and security platform vendor Datadog, predicted that cybersecurity leaders will increasingly take on traditional CIO functions, enabling them to own IT rather than just report into IT.
"I see more CISOs now being responsible for IT or having some sort of operational infrastructure responsibility," said Escobar, who previously held security positions at Hulu and PlayStation. At Datadog, for example, security owns both IT and -- as of about a year and a half ago -- site reliability engineering.
"It just made sense to become more of a resiliency function rather than reliability and security being seen as two separate components of risk," Escobar said.
10. Passwords will become less common
Passwords remain a stubbornly fixed element of modern work life. In many workplaces, they are as unloved as they are unavoidable. While rumblings of going passwordless have been happening for years, it might finally be the technology's time to shine.
Remote access vendor TeamViewer has already taken the plunge, and the company's CISO, Jan Bee, predicted that the benefits of passwordless will inspire more companies to make the change.
"We enforced many new measures in our identities," Bee said, noting that implementing passkeys to bind a user's identity to a specific device has not only helped reduce digital friction, but has also added a level of convenience that at first seemed almost too good to be true. "You don't have to remember any password -- there is no password," he said.
To ease users' concerns about passwordless and passkey security, Bee recommended explaining that biometric data is stored locally on a device, reducing the risk of identity theft in a breach. He also stressed the importance of addressing vulnerabilities such as session theft as a secondary layer of defense.
Alissa Irei is senior site editor of Informa TechTarget's SearchSecurity.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics.
