Quorum Cyber CEO on AI Threats and Security Outcomes in 2026

As AI enables faster phishing, identity abuse, and automated attacks, Quorum Cyber expects cyber risks to intensify in 2026. 

CEO Federico Charosky says providers that prioritize operational security fundamentals and measurable outcomes will be better positioned to deliver value as threat volumes rise.

AI is scaling phishing, identity abuse, and supply chain risk

To Charosky, much of what drove security conversations in 2025 will do the same this year, and he expects similar conversations taking shape throughout much of the next 12 months.

“I don’t think trends really have a yearly cut off,” Charosky said. 

In particular, he expects the following to remain priorities for his team and its customers this year:

• AI is fueling the industrialization of existing threats, meaning things like sophisticated phishing attempts and other attacks can now be carried out a larger scale than ever before.
• Third-party supply chains remain vulnerable to threats and open businesses to a variety of risks they might not be prepared for.

“2025 was the year that threat actors scaled identity abuse and social engineering, for sure,” Charosky said. “It’s a lot harder to trust what you see now.”

To address this, Charosky says, organizations need to stop chasing tools and start understanding the processes and operations that build a stronger security posture.

“Security is now a managed operating system,” added Charosky. “Customers are adjusting to this and prioritizing outcomes, not dashboards. It’s not about buying more things, it’s about operationalizing things moving forward.”

Why Quorum Cyber is cautious about AI-led security strategies

While AI is widening the attack surface and scaling the sheer amount of potential attacks, Charosky does not see it as the only pathway to success for MSSPs and other provider businesses.

“Everybody is running to AI, but I haven’t really seen anyone make it valuable yet,” Charosky said.

Charosky isn’t anti-AI; he says Quorum Cyber has continued to experiment with where to best apply it in workflows and has found value within the technology.

Still, the provider is deliberately not promising a full-spin shift that others in the industry have focused on as the only opportunity for growth this year.

“Our core strategy isn’t changing. We are threat-led and action-based in everything we do. We’re going to consider how we can use AI to do that better, of course, but we’re not changing course entirely,” Charosky added.

Emphasizing the fundamentals remains key to Quorum Cyber and its clients

When considering both the widening attack surface brought by AI and the ongoing gaps in third-party risk management, Charosky stresses the basic truths of security are still the most important.

“I think the way to do this right is still in the fundamentals. We can navigate the new landscape if we do the core things right,” said Charosky.

Those fundamentals, Charosky says, return the focus to understanding the threats approaching a business and building the best possible set of actions to address them. 

While areas like MDR are now what Charosky considers table stakes for providers to offer, they are still a crucial part of a holistic security posture.

Quorum Cyber research shows ransomware and vulnerability spikes

The provider also recently released its own security research. The 2026 Global Cyber Risk Outlook was derived from incidents and investigations observed across over 350 global organizations ranging in staff size from 10 to 10,000 throughout 2025.

The findings point to faster, more automated attacks that will challenge MSSPs relying on static tooling models.

Key findings from that outlook include:

• The number of newly formed ransomware groups increased by 30% in the year to October 2025 
• Global vulnerability disclosures rose 21%, surpassing 35,000 
• Early evidence of a nation-state group using AI agents to automate up to 90% of an intrusion 
• Cybercriminals are increasingly shifting away from encryption toward faster, lower-cost data exfiltration attacks 
• New white-label RaaS platforms enabling rapid launch of branded criminal operations 
• Average ransom demands surged across multiple sectors, including 179% in financial services and 97% in manufacturing 
• Nation-state threat actors associated with Russia, China, and Iran remain the top threats to the public sector, while North Korea-linked actors likely earned over $2 billion from cybercrime in 2025

The outlook also includes companion reports focused on nine industry sectors, including energy, financial services and insurance, healthcare and pharmaceuticals, higher education, housing and construction, legal and professional services, manufacturing, public sector, and retail. 

Each companion report outlines sector-specific threat dynamics and practical considerations for strengthening cyber resilience.

How MSSPs can demonstrate value as threats intensify

Quorum Cyber was recognized as the 2025 Microsoft Security MSSP of the Year, as well as a 2025 Microsoft Security Partner of the Year Award finalist. The provider continues to focus its portfolio on quality, not necessarily quantity, of services offered.

Charosky is confident the moves made by his team over the past year have strengthened how Quorum Cyber goes to market for existing and new clients. 

He is also confident the rise in sophisticated threats, paired with higher demands from customers, is beginning to highlight the types of partners actually equipped to offer managed security services.

“There was a lot of noise in the market, frankly. If we can parse that out, I can define and defend my value to clients,” Charosky said. “I think what’s exciting is that customers are starting to get it and understand what we can really bring them in terms of value.”

Charosky says the differentiator for Quorum Cyber remains its focus on continuous improvement for clients. As he notes, clients want to see how a provider can help them continuously become more secure over time.

“Our customers, we’ve seen, will pay for value. As long as we can demonstrate to them what the outcomes are that we’re helping them achieve, they see how we provide that value,” Charosky said.