There is no shortage of predictions about AI and cyber security. Most of them are either overly confident or strategically vague. The reality, as ever, sits somewhere less dramatic but more consequential: change is already happening, and most organisations are only partially prepared for it.
What follows is not a set of speculative forecasts. It is a view based on current incident patterns, regulatory direction, and what is actually happening inside organisations. In several cases, the issue is not whether these trends will materialise by 2026—they are already underway.
1. AI is already an attack surface—organisations just haven’t caught up
Many organisations are still treating AI as a productivity layer rather than what it is becoming: operational infrastructure.
That distinction matters. Infrastructure gets attacked.
We are already seeing prompt injection used to manipulate model behaviour, and more subtle risks such as data leakage through user inputs. In practice, the problem is not just malicious actors—it is employees pasting sensitive information into tools they don’t fully understand.
There is also a growing body of research into model inversion and data extraction techniques. While not always trivial to execute, they underline a key point: AI systems are not deterministic software; they are probabilistic and, in many cases, opaque.
Treating them as trusted internal tools is a category error. They behave much more like third-party services—difficult to constrain, hard to audit, and increasingly embedded in critical workflows.
2. Shadow AI is not a future risk—it’s a current control failure
If you ask most organisations whether they allow the use of public AI tools, the answer is usually cautious. If you look at employee behaviour, the answer is very different.
Usage is already widespread, often completely outside formal governance structures. The pattern is familiar: this is Shadow IT with a more serious data exposure problem.
The uncomfortable truth is that prohibition does not work. People will use tools that make them more efficient.
The more effective approach is controlled adoption—clear policies, approved platforms, and, critically, user education. Even then, enforcement is inconsistent. Most organisations are still relying on policy statements where technical controls are required.
3. Identity is becoming the control plane—and it’s increasingly fragile
We have been talking about “identity as the new perimeter” for years. What has changed is the threat model.
It is no longer just about stolen credentials. Identity itself is becoming easier to fabricate.
Deepfake voice and video are no longer theoretical risks. There are credible, documented cases of AI-generated impersonation being used in fraud. Combined with increasingly sophisticated social engineering, this shifts the problem significantly.
Zero Trust architectures—where access is continuously verified based on context—are often presented as the solution. In practice, many implementations are partial at best.
The more immediate issue is that organisations still rely heavily on human judgement in identity verification processes (e.g. service desks), and that is precisely where attackers are focusing their efforts.
4. AI is scaling cybercrime faster than it is improving defence
There is a tendency to assume that AI benefits defenders and attackers equally. That is not what current evidence suggests.
Attackers are using AI to:
- Improve phishing quality
- Automate reconnaissance
- Lower the skill threshold required to launch attacks
The most important shift is not sophistication—it is scale.
It is now easier to produce large volumes of convincing, targeted attacks with minimal effort. That changes the economics of cybercrime. You don’t need to be highly skilled if the tools compensate for it.
Defensive use of AI is progressing, particularly in detection and triage, but it is constrained by integration challenges, data quality, and trust in outputs.
5. Regulation is diverging—and creating more work, not clarity
If organisations are waiting for a harmonised global approach to AI regulation, they will be waiting a long time.
The EU has taken a structured, risk-based approach. The UK has opted for a more flexible, regulator-led model. The US continues to evolve through a mix of state and sector-specific initiatives.
This is not just a legal nuance—it creates operational complexity. Multinational organisations are already dealing with conflicting requirements around data usage, transparency, and accountability.
There is also a persistent misconception that regulatory compliance equates to security maturity. It does not. At best, it sets a baseline. At worst, it creates a false sense of assurance.
6. Privacy is becoming a trust issue—but not always a priority
There is strong evidence that individuals care about how their data is used, particularly in AI-driven services. Organisations are starting to reflect this in their messaging—privacy is increasingly positioned as part of brand and trust.
However, there is a gap between stated concern and actual behaviour.
In procurement contexts—especially enterprise—privacy and data handling practices are becoming more influential. In consumer contexts, convenience still often wins.
So while privacy is becoming more visible as a differentiator, its impact varies significantly depending on context. Organisations that treat it purely as a compliance exercise are missing the opportunity—but those expecting it to drive behaviour universally may be overestimating its influence.
7. Privacy-Enhancing Technologies are progressing—but remain constrained
Privacy-Enhancing Technologies (PETs) are often presented as a solution to the tension between data use and data protection.
Techniques such as differential privacy (which introduces statistical noise to protect individuals), federated learning (which avoids centralising raw data), and homomorphic encryption (which enables computation on encrypted data) are all advancing.
Large technology providers are already using some of these approaches in production environments.
The challenge is practical implementation. PETs introduce complexity, computational overhead, and, in some cases, reduced accuracy. As a result, adoption tends to be concentrated in high-risk or highly regulated use cases.
Despite the attention they receive, most organisations are still some distance from deploying these techniques at scale.
8. Supply chain risk now includes models, not just software
Supply chain risk has been well understood since incidents such as SolarWinds and Log4j. What is less widely appreciated is how AI extends that risk.
Organisations are increasingly dependent on:
- Third-party models
- External datasets
- AI service providers
This introduces new attack vectors. Model poisoning—where training data is manipulated to influence outputs—is one example. Less sophisticated but equally problematic is the use of poorly understood or unverified data sources.
In practice, many organisations do not have visibility into the provenance of the models or datasets they rely on. That is a governance issue as much as a technical one.
9. Security teams are adopting AI—but not always critically
AI is already embedded in many security tools, particularly in areas such as alert triage and anomaly detection. Given the volume of data security teams deal with, this is inevitable.
However, there is a subtle risk emerging: over-reliance.
Automation bias—the tendency to trust automated outputs without sufficient scrutiny—is well documented in other domains. There is no reason to assume cyber security will be immune.
The role of the analyst is changing, but not disappearing. The skill is shifting towards interpretation, validation, and challenge. Organisations that treat AI outputs as authoritative rather than advisory are likely to encounter problems.
10. Data governance is still the limiting factor—and often neglected
There is a persistent narrative that AI success is driven by model sophistication. In reality, most organisations are constrained by far more basic issues.
Data is often:
- Poorly classified
- Inconsistently managed
- Owned by multiple stakeholders with unclear accountability
These are not new problems, but AI amplifies them.
Weak governance leads directly to unreliable outputs, compliance risk, and security exposure. Yet it remains one of the least prioritised areas because it is complex, slow, and organisational rather than technical.
In practice, many AI initiatives stall not because the models are inadequate, but because the underlying data environment is not fit for purpose.
A broader observation: the risks are converging
Taken individually, none of these trends are entirely new. What is changing is how they interact.
AI, identity, and data are no longer separate domains. They are increasingly interdependent:
- AI relies on data
- Data access is controlled through identity
- Identity is now a primary attack vector
At the same time, the root causes of many incidents remain consistent: human error, misconfiguration, and gaps in governance.
This is worth emphasising because it challenges a common assumption—that new technology is the primary source of risk. In many cases, it simply exposes existing weaknesses more clearly.
By 2026, the organisations that are struggling will not necessarily be those that failed to adopt AI. They will be those that adopted it without addressing the surrounding fundamentals.
Three things are becoming increasingly clear:
- AI is embedded, whether formally governed or not
- Identity is both a control mechanism and a vulnerability
- Data governance is the foundation everything else depends on
The uncomfortable reality is that none of these are purely technical problems. They require coordination across security, legal, data, and business functions—something many organisations still find difficult to achieve.
That, more than any specific technology trend, is likely to define the next few years.