Top 6 Cybersecurity And AI Predictions For 2026

A surge in AI-generated vulnerabilities, more-autonomous cyber defense agents and impossible-to-identify deepfakes are among the developments expected by security experts this year.

Cybersecurity And AI Predictions For 2026

While the arrival of GenAI and agentic technologies have already had a massive impact in the cybersecurity world—both for defenders and attackers—2026 may mark a turning point. That’s according to a half-dozen cybersecurity experts who spoke with CRN recently, sharing their top predictions on cybersecurity and AI for 2026.

Major developments to expect in 2026 include a surge in AI-generated vulnerabilities, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike. “AI is suited for that, because AI can really start to dial in what data you’re throwing at that software to try to break it,” Meyers said. Ultimately, in 2026, AI-driven vulnerability research will become “more practical” and lead to a far greater number of vulnerabilities available in the market, he told CRN.

On the cyber defense side, the availability of more-autonomous cyber defense agents could help to even the scales, according to Rob Lefferts, corporate vice president for threat protection at Microsoft. Lefferts said he sees agentic-powered security quick moving beyond task-based automation and toward outcome-driven approaches. The next generation of AI-driven cyber defense is “when I have systems of agents, coordinating together—and it’s not task-specific, it’s [about the] outcome,” he told CRN.

Meanwhile, the continued improvement of video and voice deepfake technologies will likely make many deepfakes practically impossible for humans to identify in the near future, according to Bryan Sacks, field CISO at Myriad360, No. 110 on CRN’s Solution Provider 500 for 2025. “By mid to late 2026, it’ll be really hard to tell the difference,” Sacks said.

What follows are more cybersecurity and AI predictions for 2026.

Adam Meyers

Senior vice president for counter adversary operations

CrowdStrike

Prediction: Surge in AI-generated vulnerabilities and exploits

“We’ve already seen some evidence, from Google’s Big Sleep project last summer, [of] how to use AI for identifying and weaponizing vulnerabilities. If you think about an iOS vulnerability, it’s always talked about how that can cost upwards of hundreds of thousands to millions of dollars in R&D. There’s really two ways to develop a vulnerability. The first one is reverse engineering a particular target or product that they’d like to find a vulnerability in. And they figure out everything about it. And they find a bug, and they build the world’s most perfect exploit for that vulnerability. And then there’s the way that most people do it, which is called fuzzing. And with fuzzing, what you’re effectively doing is throwing a bunch of garbage at a piece of software at the input, and looking to see how it breaks. … AI is suited for that, because AI can really start to dial in what data you’re throwing at that software to try to break it. Now people are building all these tools to leverage the capabilities of AI, to actually start to do some of these vulnerability research projects. My big prediction for 2026 is that we’re going to see that become more practical. And as that happens, we’re going to start to see more vulnerabilities available in the in the market.”

Rob Lefferts

Corporate vice president for threat protection

Microsoft

Prediction: Arrival of security agents focused on outcomes, not tasks

“The first generation of AI is, I have an assistant. I have any one of the AI chatbots, and I can ask it questions and it gives me answers. The second generation is, I made an agent do something for me—and I sent it off on a task, and it comes back with the answers. And it’s kind of a transactional back-and-forth. But then the third generation is when I have systems of agents, coordinating together—and it’s not task-specific, it’s [about the] outcome. And I get to interoperate with them as supervising the direction, monitoring the results and guiding the next steps in the process. It’s already coming true in some places. Certainly inside of coding systems, we see more advanced firms operating in that [area]. And security is a place where we’re pushing hard. It is clearly of huge benefit to the security industry and companies’ individual security teams. They’re overwhelmed. They can’t get everything done. Let’s help them out.”

Oliver Tavakoli

CTO

Vectra AI

Prediction: AI fuels exponential increase in cyberattacks

“We’re kind of hitting this inflection point where, as hard as it has been for defenders to hang on, it is believable that over the next 18 months to two years, things will get 10X worse. And that is really the concerning thing. Part of this is intuition—just because the technology becomes available, doesn’t mean it becomes pervasively used. But when I talk to my security researchers, I ask, ‘18 months down the road, is it going to be roughly the same? Is it going to be twice as bad or 10X as bad?’ I think we end up with an average of 5X worse. So if you’re barely hanging on today, and you believe that things are going to get a lot worse, then what that says is incrementalism [in cyber defense improvements] isn’t going to get you there. You have to do something transformative.”

Bryan Sacks

Field CISO

Myriad360

Prediction: Deepfakes will be nearly impossible for humans to identify

“You’ve already seen a lot of the voice deepfake technologies out there that are working [in cybercrime]. That’s going to happen more often. In 2026, I think it’ll be hard to tell the difference. You can clearly still tell now. But I think it it’s like a hockey stick— it is just going to get that much better and ramp that quickly. I think by mid to late 2026, it’ll be really hard to tell the difference. And that’s going to create a lot of issues-not just for cyber teams, but globally.”

Diana Kelley

CISO

Noma Security

Prediction: Traditional cyber defense will fail as attacks accelerate

“Just going with the traditional defenses aren’t going to be enough, because the attackers are not using the traditional offense. We’ve got this ‘machine speed’ [on the defense side]—but when you have automated attacks, they’re going to go faster than if somebody has to go handcraft an attack or configure an attack. If we’re depending on humans looking at every single alert or checking every alert, when you’ve got these rapid, very fast-moving attacks that’s not going to be able to keep up. We do have automation on both sides—both the defenders and the attackers. So the defenders, I think, really need to lean in to doing more with automation in order to strengthen our defenses.”

Alex Bovee

Co-founder and CEO

ConductorOne

Prediction: Rise of personal AI agents feeds into hyperscale attacks

“My prediction is that 2026 is the year of the personal AI agent—where we’re really going to start to have more tools and capabilities that are available to folks that allow them to proliferate AI agents doing work on their behalf. And you can start thinking about like the knowledge worker of the future as being an orchestrator of agents to do work. Assuming that happens in 2026, that kind of is the world where you’ll start to see automated, hyperscale, AI-based attacks using AI tools and capabilities. And then that’s going to necessitate an equal and opposite reaction, I think, from a lot of companies to protect against those types of attacks.”