As the digital landscape evolves, cybersecurity threats are becoming more sophisticated. In a recent panel discussion, industry reporters shared their insights on the top predictions for 2026, drawn from an AI-generated summary of hundreds of executive forecasts. The conversation covered ten key trends, from agentic AI to password elimination, and explored their likely impact on businesses.

Agentic AI and Autonomous Systems Become Primary Targets

The top prediction is that agentic AI and autonomous systems will become primary targets for threat actors. One reporter noted, 'I think this could be a really short episode if we just said AI 10 times.' The panel agreed that AI is ready for a reality check, as many companies adopt AI for productivity gains without adequate security controls. Threat actors are expected to exploit agentic AI's capabilities, especially when AI agents have human-level permissions. The lack of robust guardrails could lead to major breaches.

Identity, Zero Trust, and Nonhuman Identities (NHIs)

Tied for first place is the prediction that identity will replace the network as the primary security boundary. With machines communicating autonomously, nonhuman identities (NHIs) will far outnumber human users. Reporters emphasized that organizations must test their zero-trust frameworks rigorously. 'If one obscure link is given improper permissions, it can wreak havoc,' one expert warned.

AI-Driven Social Engineering and Deepfakes

AI-driven social engineering and deepfakes are expected to erode trust further. Voice cloning and synthetic media will become the preeminent vectors for high-value access. The panel noted that while current deepfake content often has telltale signs, 2026 may see an inflection point where even sophisticated users cannot distinguish real from fake. 'You don’t even need a good deepfake; voice cloning alone can capture authentication,' one reporter said.

Supply Chain and Third-Party Risk

Supply chains will become the top access point for adversaries, targeting small vendors to reach thousands of downstream environments. The panel highlighted attacks on manufacturing and logistics that can disrupt production for days. Software bills of materials (SBOMs) are critical, but many organizations remain vulnerable. 'It would be surprising if we didn’t see major supply chain attacks in 2026,' one analyst commented.

Executive Accountability and AI Governance

Boards are expected to recognize cyber-risk as a tier-one operational priority, but opinions diverge on personal liability for CISOs. While some fear rising legal pressure, others note that recent cases have seen charges dropped. 'I hope CISOs are not held personally liable; that seems unfair,' one panelist said. The consensus is that governance structures must ensure top executives are informed of risks.

OT, IoT, and Critical Infrastructure

Operational technology and IoT are becoming top cyber-risks. Reporters expressed concern that many organizations lack awareness of OT security. 'It’s surprising we haven’t had more attacks on critical infrastructure given the security gaps,' one noted. The panel expects more incidents in 2026 as threat actors target production lines and utilities.

Visibility, Attack Surface Management, and Data Sprawl

Traditional perimeter thinking is obsolete, and data sprawl is widening. Sensitive data is leaking into third-party repositories like Salesforce instances. 'If your most sensitive information is somewhere you have no control over, who do you blame?' one reporter asked. Attack surface management and visibility remain critical gaps.

Cyber Resilience and Recovery Over Prevention

The focus is shifting from prevention to resilience and recovery. Organizations now assume breach and prioritize defensible, recoverable systems. Board-level awareness of cyber-risk as risk management is growing. 'Companies prepared for catastrophic impacts will be the ones that can plow through events,' an expert said.

Quantum Computing Threats

Quantum computing is moving from theoretical to tangible, but panelists remain skeptical about near-term impact. 'I think we’re a lot further away than people think,' one reporter stated. However, the risk of 'harvest now, decrypt later' persists, and quantum-safe encryption is gaining attention.

Password Elimination and Passkey Adoption

Despite years of predictions, passwords persist. The panel called this prediction aspirational. 'We keep going back to the same bad habits,' one reporter said. Adoption of passkeys may accelerate in forward-thinking organizations, but widespread change remains slow.

In conclusion, the cybersecurity landscape in 2026 will be shaped by AI, identity, and resilience. Organizations must balance innovation with protection, prepare for inevitable breaches, and stay ahead of emerging threats. The full discussion underscores the need for vigilance, collaboration, and proactive measures.

Source: Darkreading News