The forecast focuses on three themes: adversary and defender use of artificial intelligence, cybercrime as the most disruptive global threat, and continued operations by nation-state actors to achieve their strategic goals. The report also features expertise from dozens of researchers, analysts, responders and experts across numerous Google Cloud security teams, including Google Threat Intelligence Group, Mandiant Consulting, Google Security Operations, and Google Cloud’s Office of the CISO.
Key Takeaways
The AI Arms Race:
Generative AI is expected to be fully leveraged by both attackers and defenders, noticeably transforming the cyber threat landscape by enhancing the speed, scope, and effectiveness of operations.
Cybercrime Landscape:
Ransomware and data theft extortion will remain the most financially disruptive category globally, with criminals escalating supply chain attacks and using multifaceted coercion tactics.
Geopolitical Cyber Agendas:
Nation-state actors from Russia, China, Iran, and North Korea will continue to pose significant and evolving threats, focusing on seeking strategic footholds in critical infrastructure and exploiting edge devices and zero-day vulnerabilities.
Adversary AI Progress
- Better Social engineering
Content creating capability used to make fake text, audio, and video
In 2026 and beyond, threat actors’ use of AI is expected to transition decisively from the exception to the norm, noticeably transforming the cyber threat landscape. The report anticipates threat actors fully leveraging AI to enhance the speed, scope, and effectiveness of operations, building upon the robust evidence and novel use cases observed in 2025. Additionally, threat actors will increasingly adopt agentic systems to streamline and scale attacks by automating steps across the attack lifecycle.
Prompt Injection Manipulates AI
Prompt Injection
A cyberattack that essentially manipulates AI, making it bypass its security protocols and follow an attacker’s hidden command. The increasing accessibility of powerful AI models and the growing number of businesses integrating them into daily operations create perfect conditions for prompt injection attacks. Threat actors are rapidly refining their techniques, and the low-cost, high-reward nature of these attacks makes them an attractive option.
AI-Enabled Social Engineering
Google anticipates that threat actors like ShinyHunters (UNC6240) will accelerate the use of highly manipulative AI-enabled social engineering, making it a significant threat.
Vishing is poised to incorporate AI-driven voice cloning to create hyper-realistic impersonations, notably of executives or IT staff. Other approaches include AI-enhanced reconnaissance, background research, and the crafting of realistic phishing messages. AI enables scalable, customized attacks that bypass traditional security tools, focusing on human weaknesses rather than the technology stack.
AI Agent Paradigm Shift
The report anticipate the rapid adoption of AI agents for executing workflows and decisions will introduce new challenges, since traditional security deployments were not designed to be operated by AI agents. Organizations will be required to develop and implement comprehensive methodologies, frameworks, and tools to effectively map their new AI ecosystems—and to assess any security vulnerabilities that are introduced.
Evolution of identity and access management (IAM).
The concept of identity will expand to treat AI agents as distinct digital actors, each with its own managed identity. This shift will necessitate moving beyond conventional human authentication and service account management towards more dynamic, granular control.
The rise of “agentic identity management,”
This will feature adaptive, AI-driven systems for continuous risk evaluation and context-aware access adjustments. The goal is to minimize the potential for privilege creep and unauthorized or unsafe actions. These identity solutions will follow the principle of least privilege and implement just-in-time access, granting temporary, task-specific permissions and a robust chain of delegation.
Supercharged Security Analysts
The rise of the “Agentic SOC” – the move past the model of analysts drowning in alerts, and into one where they direct AI agents; frontline intelligence effectively becomes the brain for these new AI partners. For an incident responder, this means an alert will include a full, AI-generated case summary, a decoded view of the obfuscated PowerShell command, and its mapping to the MITRE ATT&CK framework.
The analyst’s job shifts from manual data correlation to strategic validation, letting them approve a SOAR containment action in minutes, not hours. The AI will perform the heavy lifting of gathering and correlating petabytes of data. An intelligence analyst will provide a malware sample and preliminary notes, tasking the AI to draft a full threat report, complete with actor attribution and mitigations. The AI handles rote work, allowing the analyst to focus on high-level analysis and final judgment. It’s about scaling human intuition, not replacing it.
Shadow Agent Risk
The proliferation of sophisticated AI Agents will escalate the “Shadow AI” problem into a critical “Shadow Agent” challenge. In organizations, employees will independently deploy these powerful, autonomous agents for work tasks, regardless of corporate approval. This will create invisible, uncontrolled pipelines for sensitive data, potentially leading to data leaks, compliance violations, and IP theft. This demands a secure-by-design approach that integrates protection from the start. Companies must deploy AI controls to safely route and monitor all agent traffic. Successful organizations will create working environments that allow for AI innovation while maintaining auditable security.
Cybercrime
Ransomware and Data Theft Extortion
Targeting managed file transfer (MFT) software allows cybercriminals to execute high-volume data exfiltration across hundreds of targets simultaneously. Cybercriminals will continue to utilize initial access strategies such as voice phishing (vishing) and other targeted social engineering techniques to bypass multi-factor authentication (MFA). They may increasingly leverage zero-day vulnerabilities as part of more widespread extortion campaigns, and will also increasingly find more creative ways to coerce victims into paying extortion demands.
The On-Chain Cybercrime Economy
Threat actors will exploit blockchain characteristics like immutability and decentralization for considerable financial gain. The widespread adoption of crypto and stablecoins rapidly expands the attack surface for both traditional institutions and startups, creating new vulnerabilities in crypto-native solutions and enterprise IT systems alike.
By moving operations on-chain, adversaries gain unprecedented resilience against traditional takedown efforts.
The analysts and investigators of 2026 will need to become proficient blockchain investigators, requiring new competencies in tracing transaction histories, decoding malicious smart contract logic, and performing wallet analysis.
Organizations that neglect to upskill their teams in these Web3 fundamentals will be blind to an entire class of agile, persistent threat activity.
Enterprise Virtualization Under Threat
As security controls mature within guest operating systems, the report authors anticipate a significant pivot in threat actor focus towards the underlying virtualization infrastructure—notably for financial gain. This foundational layer, long considered a pillar of strength, is now emerging as a critical blind spot due to a confluence of systemic vulnerabilities: the inherent lack of endpoint detection and response (EDR) visibility, the persistence of outdated software versions, and the prevalence of insecure default configurations. While security teams have concentrated on user endpoints and in-guest defences, the core virtualization fabric—the host of all enterprise applications—remains largely unmonitored
When combined with deep-seated integrations into legacy core identity services, the hypervisor transforms from an infrastructure component into a high-leverage entry point, where a single compromise can grant adversaries control over the entire digital estate.
ICS and OT Targeting
Defenders will have to prioritize network segmentation to rigorously isolate the OT from the IT network, preventing ransomware from pivoting from the enterprise side. All remote access must be secured with multi-factor authentication (MFA) and least privilege principles to block entry via compromised credentials. To ensure recovery, implement immutable, offline backups of both industrial configurations and critical enterprise data (like ERP logs), and network monitoring to critical IT/OT paths.
Geopolitically, nation-state activity from Russia, China, Iran and North Korea will continue to pose significant and evolving threats, driven by distinct strategic interests and employing diverse cyber tactics.
Conclusion
2026 will usher in a new era of AI and security for both adversaries and defenders. While threat actors will leverage AI to escalate the speed, scope, and effectiveness of attacks, defenders will also harness AI agents to supercharge security operations and enhance analyst capabilities. However, this transformation introduces new challenges, such as “Shadow Agent” risks and the need to evolve identity and access management.
Have a cloud or security challenge? Let’s solve it.
