The channel was full of new advancements, innovations, and partnerships in 2025, boosting cybersecurity posture across the IT landscape. Organizations have already started planning for 2026, and that includes predicting what will come next for the channel.
Channel Insider connected with a number of experts across the ecosystem to get a better picture of what 2026 will bring in the cybersecurity realm.
Learn more about what predictions experts have shared after gazing into their crystal balls:
Cybersecurity remains critical in all verticals, with emerging threats rising
Overall, cybersecurity will continue to become more critical for organizations in every vertical, from manufacturing and healthcare to the financial and public sectors.
Experts from Fortra, Bitsight, and Netskope predict that enterprises must adopt nation-state-grade defenses, quantum security will take a more prominent role, and awareness of gaps between operational technology (OT) and IT infrastructure will need to increase.
“Attacks on critical infrastructure will accelerate. Nation-state and criminal actors will target energy, healthcare, and transportation systems with cyber-physical impacts, turning outages and disruptions into strategic weapons,” said Josh Taylor, lead security analyst at Fortra. “Enterprises in these sectors must treat cybersecurity as a safety imperative and plan for worst-case operational scenarios.”
Taylor adds that the line between APTs and criminal gangs will disappear. State-backed groups and cybercriminal gangs will blend tactics, share infrastructure, and obscure attribution, creating hybrid threats that defy traditional classifications. Defenders will need to focus on behavior, intent, and impact rather than relying on actor labeling.
“Nation-state operations will expand to target commercial enterprises,” Taylor said. “Advanced persistent threat actors will increasingly target private-sector companies for economic disruption, IP theft, and espionage aligned with geopolitical goals. Enterprises must adopt nation-state-grade defenses and treat geopolitical risk as part of their cyber threat model.”
Vulnerabilities appear quicker than patches: why providers will need to catch up in 2026
According to Travis Volk, VP of global technology solutions and GTM, Carrier, at Radware, exploited vulnerabilities are arising quicker than vendors can patch them, and attackers aren’t slowing down for anyone’s maintenance window.
“Service providers will see a spike in zero-day events and will need in-line protection that operates at runtime, not after the fact. Think of it as moving from ‘firefighting’ to ‘fire prevention,’” said Volk. “If they don’t, the cost hits the bottom line, especially with encrypted workloads being the most expensive assets to protect. 2026 is the year DevSecOps becomes a living, breathing runtime discipline. If you’re only securing at build-time, you’re already behind.”
Stephen Boyer, Co-founder and Chief Innovation Officer, Bitsight, explains that the increasing volume of newly disclosed vulnerabilities is turning the CISO’s job into a constant fire drill – combined with flat or shrinking security budgets, handcuffing security teams in addressing every exposure impacting them or their extended supply chains.
Boyer says that “2026 will mark the pivot point where security operations increasingly adopt intelligent, risk-prioritized automation.”
“This automation, powered by continuous cyber risk intelligence, will be the principal approach for CISOs to manage the overwhelming exposure,” said Boyer. “Intelligent prioritization and risk-based resources allocation will allow CISOs to identify and act on the vulnerabilities and third-parties being actively exploited by threat actors.”
Boyer adds that OT and critical infrastructure will move from an under-the-radar concern to a high-impact threat.
“Nation-state and criminal groups will aggressively exploit the growing number of significant security maturity gaps that still exist between IT and OT systems,” said Boyer. “The targeting of systems like building management and industrial controls – evidenced by threat actors like Volt Typhoon – will lead to several minor-to-moderate, localized disruptions of essential services that will elevate public awareness of IT risks.”
Quantum security risks rise as encrypted data gets closer to its unlock date
Quantum security concerns will not alleviate in 2026 either, according to David Fairman, CIO & CSO, APAC Netskope.
“In 2026, the conversation on quantum security will shift decisively from the ‘why’ to the ‘how.’ This shift will be driven by a growing understanding of the key threat: encrypted data stolen today can be stored by attackers and unlocked by the quantum computers of tomorrow,” said Fiarman. “Protecting long-term company secrets will therefore become a tangible, board-level priority. Consequently, the first practical steps for most companies will be to launch a foundational project: to find and map all of their current encryption. This internal audit will be the necessary groundwork before any upgrades can be planned.”
Hackbots and AI threats show need for automated human intelligence
Additionally, in HackerOne’s Hacker-Powered Security Report, over 560 reports submitted by hackbots have been valid. Laurie Mercer, senior director of solutions engineering at HackerOne, explains that by 2026, over 100 autonomous hackbots will surge across the digital frontier.
“[Hackbots] are brilliant at spotting specific bugs like XSS, but they fail at the complex stuff, such as business logic flaws, privilege escalations and chained exploits,” said Mercer. “Hackbots now combine AI efficiency with human expertise, ensuring that legitimate vulnerabilities aren’t lost in the noise while maintaining the nuanced judgement that security decisions require. Leaders in the space embrace AI for scale and speed, but always within a framework that values transparency, responsibility, and human expertise.”
She adds that a significant number of researchers already see hackbots as allies in amplifying creativity and productivity.
“It is becoming increasingly clear that the future isn’t AI versus humans – it’s AI plus humans, and organizations will see the rapid rise of bionic hackers across all organizations. That means automation for coverage, but people for creativity,” says Mercer. “In 2026, 4,000 security vulnerabilities will be discovered or validated using AI-assisted or autonomous tools, representing around five percent of total findings on major vulnerability platforms.”
AI-enabled breaches & attack surfaces
Experts from cybersecurity organizations Fortra and CyberProof agree that 2026 will see more AI-based attacks and breaches, along with increased infostealing.
“In 2026, we are likely to witness several high-profile breaches where initial access is achieved through the theft and resale of authentication cookies and cloud tokens,” Stan Hegt, manager and security specialist at Fortra, says. “This trend is driven by the continued proliferation and professionalization of underground marketplaces that trade in such credentials (such as Russian Market).”
The proliferation of AI has increased the attack surface for organizations of all sizes. Doron Davidson, managing director of global security operations and delivery at CyberProof, believes that in 2026, phishing and deepfakes will become more complex and scale further.
“As we see more AI-based attacks, our attack surface will continue to expand. We are seeing deepfakes and phishing grow more complex, and attacks are spanning every channel – including LinkedIn and Facebook,” says Davidson. “As our attack surface grows, we’ll see an increased need for solutions like Continuous Threat Exposure Management (CTEM) and Attack Surface Management (ASM) that constantly evaluate the security posture, providing the CISO with relevant risk analysis to help stay ahead.”
Because our attack surface will continue to expand and the number of phishing attempts will increase, the scope of stolen and harvested information will also grow.
CyberProof Platform Support Engineer, Archana Manoharan, predicts that infostealers will remain one of the most common ways attackers gain initial access into systems.
“Stealers like Lumma, Vidar, and Rhadamanthys enable adversaries to rapidly harvest passwords, cookies, SSH keys, cloud credentials, and crypto wallets at scale,” explains Manoharan. “These stolen credentials are then reused for secondary actions such as ransomware deployment, business email compromise, session hijacking, and covert data theft, making infostealers a critical precursor to larger breaches.”
Breaching systems and harvesting data is about gaining leverage.
Phishing techniques and social engineering are about leverage. And now, threat actors are starting to focus on reputational damage to achieve an impact akin to a breach itself.
“In 2026, we expect extortion groups to increasingly use regulatory exposure as deliberate leverage. After the major consumer-facing breaches and stricter reporting rules that followed, attackers have realized that the threat of investigations, fines, and public scrutiny can be more damaging to organizations than the breach itself,” said Liora Ziv, cyber threat intelligence analyst at CyberProof. “Ransom notes are already referencing GDPR, UK reporting timelines, and sector-specific disclosure rules, with some groups threatening to notify regulators directly or leaking small data samples to force mandatory reporting.
“This turns compliance obligations into an attack surface: the pressure doesn’t only come from encrypted systems or stolen data, but from the legal and reputational consequences adversaries now know how to exploit,” adds Ziv.
AI security posture concerns: transparency, MCP risks, and more enter the conversation in 2026
The rush to hop on the AI bandwagon is also going to create some holes in cybersecurity posture.
Experts from Blackfog, Secure Code Warrior, and Bitsight say that AI use by threat actors and organizations’ enthusiasm to adopt AI without a plan in place can leave channel organizations vulnerable next year.
“The frenzied rush to adopt AI will inadvertently create a massive, newly exposed attack surface. New, immature protocols designed for easy AI-to-system connection – like Model Context Protocol (MCP) – are being deployed without many of the foundational security controls,” says Stephen Boyer, co-founder and chief innovation officer at Bitsight.
“This will lead to the rapid discovery of widespread security exposures where connections to enterprise databases and administrative systems are left open to abuse. These vulnerabilities, along with automated attack orchestration, will accelerate exploitation and force many organizations to relearn many of the hard lessons of basic cyber hygiene.”
CyberProof CEO Tony Velleca echoes a similar sentiment, saying that companies are already adopting agentic AI without incurring a solid foundation and need to prioritize foundational data estate management to utilize AI agents effectively.
“As we move into 2026, organizations need to trust both the quality and the security of its data, but far too many organizations struggle with this because they haven’t prioritized foundational estate management and won’t be able to utilize AI agents effectively,” said Velleca. This will be pertinent for organizations looking to run AI agents to boost productivity and efficiency.”
Keepit’s CISO, Kim Larsen, adds that leaders must demand transparency as AI offenses evolve faster than defenses.
“By 2026, adversaries will use AI systems that map entire infrastructures in seconds, identify weak links deep in the supply chain, and shift tactics in real time to bypass defenses. Hybrid warfare will amplify this trend as hostile actors blend geopolitical intent with AI-enabled automation at scale,” said Larsen.
“Defenders will match this only if they adopt AI with intention and transparency. Security teams will use AI to understand exposure, strengthen detection, and model where risk concentrates. But success will depend on knowing how an AI system works, what data it relies on, and how decisions are made,” Larsen continued.
AI creates efficiencies for threat actors
Further, AI will allow an increasing number of small-time threat actors to gain capabilities that previously required significantly more resources and expertise, says Ziv, adding that the gap between top-tier and opportunistic actors will be much narrower.
“Throughout 2025, most AI use by threat actors focused on making more of what they already do well: producing multilingual phishing campaigns, crafting personalized lures, and producing simple malware variants,” said Ziv. “The shift we expect in 2026 is toward AI assisting with entire campaigns. That includes automated victim profiling, adaptable ransomware negotiations in real time, and on-demand malware variants tailored to the victim environment.”
Despite the warning signs that AI can have just as much of a negative impact as a positive one, Pieter Danhieux, CEO & Co-Founder, Secure Code Warrior, says we won’t achieve global consensus on AI regulation – even when it causes a prominent breach.
“AI will cause a prominent breach, but we won’t achieve global consensus on AI regulation. Research from Aikido Security has revealed that a staggering one in five security breaches is now thought to be caused by AI-generated code,” Danhieux says. “The same report also found that when AI tooling and the code it produces malfunction, security teams and developers still tend to get the blame. In 2026, it’s highly likely that we will live through a high-impact security incident that can be pinned solely on the use of AI-generated code.”
Danhieux attributes the imminent AI-powered breach to unchecked AI use across multiple disciplines, with no guardrails or safety nets.
Despite websites tracking global AI regulation and policy being helpful, they give the impression that security leaders will not be subject to GDPR-like legislation, that would result in a unified, global push for AI safety related to coding assistants and agents.
Additionally, AI Security Posture Management (AI-SPM) will play an essential role in 2026 as human biohacking becomes more prevalent in the threat landscape. Organizations and users will need to develop verification protocols as biohacking crosses into cybersecurity.
“As AI agents proliferate, AI-SPM emerges as the new security platform for monitoring systems, while MCP servers become the components those agents rely on that AI-SPM must inventory, test, and enforce,” said Dr. Darren Williams, founder and CEO of Blackfog.
“Meanwhile, human biohacking crosses into cyber: expect executive impersonation and access fraud blending implants or wearables with deepfake voice technology. Verification protocols must replace awareness training as the critical control. Audit focus shifts entirely to evidence: insurers and regulators will demand AI change logs, adversarial test results, and decision provenance. Vendor and model supply chains become primary attack surfaces, making traceability shift from optional to essential. The metrics that matter are data-first: time to inventory new AI pipelines, artifacts expired on schedule, and cost per incident defended.”
At the end of the day, resilience won’t come from adding more tools, explains HackerOne CEO Kara Sprague. It will be from having verified vulnerabilities, reproducible exploit paths, and clear severity insights while acting on them quickly.
Two factors will cause this shift, she says:
“First, AI is reshaping the threat landscape. Attackers are using AI to accelerate their workflow – automating discovery, chaining exploits, and evading defenses faster than before. At the same time, enterprise adoption of AI systems is exploding, which dramatically expands the attack surface and exposes organizations to new classes of vulnerabilities such as prompt injection and model manipulation,” said Sprague. “Second, agentic security is starting to change the game. Defenders now have AI agents that can automatically probe systems, reproduce exploit chains, score impact, and even trigger fixes. Combined with human creativity, this creates a feedback loop that adapts as fast as attackers do.
She adds that in that world, crowdsourced security becomes even more essential.
“When human ingenuity pairs with AI-validated findings, organizations get fewer false positives, clearer prioritization, and a faster path from ‘something looks suspicious’ to ‘we know what’s exploitable and how to fix it,’” said Sprague.
Further, cybersecurity in 2026 will mean keeping an eye on state-sponsored attacks and protecting trust beyond networks by safeguarding reputations:
Stan Hegt also said that state-sponsored cyberattacks will take a different shape in 2026 and that the line distinguishing cybercriminal activity from state-sponsored activity will be even harder to define.
“Notably, marketplaces that once primarily catered to financially motivated cybercriminals will increasingly attract nation-state actors seeking to purchase initial access rather than develop bespoke intrusion capabilities,” said Hegt. “This blurring of lines between criminal and state-sponsored activity will make attribution and defense even more complex in the year ahead.”
Recently, Blackfog launched ADX Vision, a solution to detect shadow AI, prevent data exfiltration on endpoints, and provide real-time visibility into AI-driven risks. Learn more about this latest security capability and the concern that shadow Ai is causing for organizations.
