As 2026 approaches, the world of cybersecurity is becoming increasingly complex and more unpredictable. The past year has shown how threats and defense strategies have changed, driven by rapid advances in generative and agentic AI. Furthermore, an increasingly complex cloud environment the merging of nation-state and criminal tactics are making the threat landscape more complex than ever.
Cybersecurity experts from Proofpoint share their top predictions for the year ahead. Their analysis, from the expanding risks of AI bind spots and identity exploitation to the evolution of phishing and the role of geopolitics in cyber conflicts, leads to a key observation: the most successful defenders in 2026 will be those who best understand the humans — and the AI — behind every threat.
Ravi Ithal, Chief Product and Technology Officer, AI Security at Proofpoint, says, By 2026, autonomous copilots may surpass humans as the primary source of data leaks. Enterprises are rushing to roll out AI assistants without realizing they inherit the same data hygiene issues already present in their environments. Over-permissioned SharePoint folders, unclassified documents, and outdated access rules will allow these copilots to surface sensitive data to users who were never meant to see it.
These agents are not simply tools; they will become identities in their own right, with each one carrying a trust score, behaving as a peer actor in the ecosystem. The old model of phishing will be replaced by “prompt paths,” or avenues through which an agent is tricked or misled into extracting and exposing data. Security teams will no longer focus solely on human actors; they will be forced to treat their AI agents as first-class identities, managing their privileges, monitoring their behaviors, and scoring their risks.
Agentic AI Will Both Dominate and Redefine Security
Patrick Joyce, Global Resident CISO at Proofpoint, says:
“This might be the easiest and most difficult new year’s prediction to make. To predict that AI (and more specifically Agentic AI) will dominate in 2026 is easy. However, the ramifications may not be as expected or as predictable.
As organizations rush to deploy agentic systems to handle everything from customer support to security automation, they’ll soon discover that adoption comes with a steep learning curve. Data quality, security, and privacy challenges will slow full-scale implementation, while system interoperability will add friction. Successful agentic adoption has the potential to significantly change the landscape and, in essence, become the landscape. But only those who approach it with governance and patience will thrive.
Detection Engineering in the Age of AI-as-a-Service
Randy Pargman, Senior Director of Detection Engineering, says, “If 2025 was the year of QR phishing, 2026 will be the year attackers have to try harder to make weird QR codes. Defenders are good at detecting the normal variety, so attackers have already tried splitting the QR into chunks, using ASCII block characters to create QR codes, even randomly adding colorful “paint splatters” to confuse scanners. I’m sure they will keep innovating crazy QR codes for us to solve.
But the bigger shift we’re watching is the misuse of legitimate websites that offer quick AI-built web content. Although they are meant for good, cybercriminals never let a free account go to waste: they can simply type a description of a lure that promises anything from access to secure documents to a way to view some fictitious road toll bill or a fake court summons, and the AI will create convincing, very official-looking content with a button that leads straight to phishing or malware. Defending against these AI-generated lures will require smarter sandboxes and human-like interaction that can see through the legitimate AI web-hosting site to find the threats buried just under the surface. 2026 will see defenders with help from their AI tools wrestle with threat actors and their AI to find out who is more adaptable.
AI Blind Spots Will Become the Next CISO Nightmare
Molly McLain Sterling, Senior Director, Global Cybersecurity Strategists at Proofpoint, says,
“Going forward, one of the biggest blind spots for CISOs will be the lack of visibility into where and how AI is being used, especially by third parties, vendors, and partners. As AI becomes increasingly agentic, organizations may unknowingly interact with AI systems without realizing it. Even with strict internal policies, companies often have limited insight into the AI practices of their extended ecosystem. This lack of transparency poses serious risks, particularly around data access and control. Ensuring visibility into who has access to what data, and how it’s being used, will be more critical than ever.
AI Will Be Both the Tool and the Target
Selena Larson, Staff Threat Researcher at , says Proofpoint, “In 2026, expect to see AI woven into nearly every stage of the attack chain. Threat actors will use large language models to craft multilingual phishing lures, build scripts and injects, and spin up realistic fake websites in seconds using AI-powered web builders. But the bigger story isn’t just how attackers use AI; it’s how defenders misuse it.
As organizations rush to replace critical security and engineering functions with AI-driven automation, they’ll introduce new vulnerabilities faster than they can secure them. We’ll see more breaches not because AI makes attackers smarter, but because it makes organizations overconfident. And as enterprises integrate agentic AI tools into workflows, these systems themselves will become prime targets, exploited for the valuable data and access they hold.
Cloud Security Faces Its “FIDO Downgrade” Moment
Yaniv Miron, Senior Manager, Cloud Threat Research, says Proofpoint, “Expect attackers to target the very foundation of cloud security: authentication. We’re calling it the “FIDO downgrade year” where adversaries will focus on reverting secure authentication methods to less secure ones.
AI will play a major role here – helping attackers automate persistence, lateral movement, and data access in addition to OAuth applications manipulation. I also anticipate a rise in abuse of legitimate services like AWS and GCP for IP rotation.
At the same time, phishing will become frighteningly personal. AI-driven tools will make it easy for threat actors to tailor lures in real time, based on each target’s data. Underground marketplaces will be full of professional-grade phishing kits powered by AI. And as new connectivity like satellite internet expands access, we’ll see new regions and threat actors entering the game.
Espionage Actors Go Dark and Get Personal
Alexis Dorais-Joncas, Head of Espionage Research at Proofpoint, says, “
In 2026, I expect espionage campaigns to grow stealthier, more personal, and harder to detect. We’re already seeing some nation-state aligned actors moving away from traditional phishing emails and toward encrypted messaging apps like Signal and WhatsApp, where they can build trust through casual, credible conversation before launching their attack.
We’re also seeing a growing focus from South Asian and Indian threat actors targeting Western organizations — particularly those involved in technology, defense, and policy. These campaigns are increasingly sophisticated, often timed around key geopolitical events or trade negotiations.
At the same time, attackers are stealing nontraditional credentials through device code phishing campaigns and using legitimate remote management tools and cloud platforms to blend seamlessly into normal network traffic. In 2026, the most effective espionage won’t be loud or flashy — it’ll be invisible, hiding in plain sight behind the tools and platforms we trust every day.
