By Michael Daniel, CTA President & CEO
Cyber threats have never been static, and 2026 will be no different. The digital environment will continue to evolve, with malicious actors and defenders changing behaviors in response to each other. While some surprises are inevitable at a small scale, the changes in cyber threats at the macro level will likely be more incremental than dramatic. Four trends will likely drive most of the evolution in cyber threats in 2026, including the increasing use of AI tools by malicious actors, the further internationalization of cybercrime, the impact of scams and fraud, and the disruption of critical infrastructure.
Malicious cyber actors have been incorporating AI tools into their activities, using them to get more efficient and to increase their scale. This trend will accelerate in 2026, as malicious actors learn to manage AI tools more effectively and overcome their limitations. Malicious actors will increasingly use AI tools for social engineering, making convincing hyper-personalized phishing emails and realistic deepfake audio and videos more common. In addition, malicious actors could start using agentic AI tools to manage even more of their processes, further increasing the scope and scale of malicious activity.
Cybercrime will further internationalize in 2026. The combination of AI tools that make translation into local languages easier and the improvement in cyber defenses in Europe and North America will encourage cyber criminals to expand their activities to new regions and populations. These populations have less experience with cybercrime and may not have the cultural habits in place to avoid victimization.
While high-profile cyber incidents tend to get the most media coverage, cyber-enabled scams and fraud affect more people and cause more economic and social damage in aggregate than most other kinds of malicious cyber activity. Already a significant issue, the increased use of AI tools and the further internationalization of cybercrime will make cyber-enabled scams and fraud an increasingly measurable economic drag across many of the world’s economies. Moreover, the human toll from these activities is enormous – even more then business email compromise or ransomware attacks, scams and fraud exact a tremendous psychological and emotional toll on victims. These effects will further intensify in 2026.
Finally, geo-political conflicts will fuel further disruptions of critical infrastructure, especially in Europe. Russia will continue to use its cyber capabilities to cause problems in Europe and potentially beyond, whether to weaken those nations or to try to deter them from opposing its activities. Similarly, Iran could try to strike back at the West through cyber operations, and other countries could employ Russia’s playbook in their regions and local conflicts. The frequency, size, and impact of these disruptions will likely increase over the course of 2026.
These four trends will inevitably combine in unexpected ways to have unanticipated effects, such as affecting devices never previously targeted by malicious actors or enabling new types of scams. Predicting these combinations in advance is almost impossible, which puts a premium on making our defenses adaptive to surprises. Defenders cannot anticipate every threat, but they can make investments to reduce the impact of surprises.
These four trends also mean that defenders cannot rely on traditional approaches. They will have to incorporate AI tools even more effectively, share more information across international boundaries more rapidly, develop more potent ant-scam capabilities, and increase the resilience of critical infrastructure. Without these improvements, cyber threats will have an increasingly disruptive impact on countries’ national security, economic prosperity, and public health and safety.