As organisations continue to be shaped by rapid advances in artificial intelligence, the cybersecurity landscape is undergoing one of the most significant transformations in decades. AI is accelerating innovation, but it is also amplifying risk, lowering the barrier to entry for attackers and reshaping long-held assumptions about how trust is established online. In fact, the Thales Data Threat Reportfound that nearly 70% of organisations say the fast‑moving AI ecosystem is their biggest GenAI‑related security concern.
The years ahead will be defined by three shifts that together challenge the foundations of digital trust: the collapse of visual and verbal certainty, the emerging fragility of software supply chains, and the arrival of a threat landscape that never rests. Understanding these shifts is the first step in preparing for a radically different security reality.
Deepfakes will force a rethink of digital trust
For decades, organisations assumed that if you could see someone’s face or hear their voice, you could trust who they were. Generative AI now produces audio and video that is so convincing that even trained professionals struggle to detect manipulation. The speed is just as striking, with what once took hours of editing now generated in moments.
This changes more than how criminals deceive – it’s also about how organisations must think about identity itself. When a video call can no longer be trusted at face value, the entire model of human‑centred verification starts to look outdated. A new approach is emerging, one that sees identity as an ongoing process rather than a single gateway.
Across the year ahead and beyond, businesses will increasingly adopt continuous, multi-layered identity verification models. Instead of treating authentication as a single moment at login, identity will become something that must be validated repeatedly throughout an interaction. Expect to see the emergence of what could be described as “multi-factor authentication for life,” where every sensitive action triggers real-time validation.
To this end, there will be a real need to embed intelligent verification into the communication tools and workflows people already use, engineering trust rather than simply assuming it.
Supply chains will face their most significant AI-driven threat to date
Over the past few years, attackers have repeatedly demonstrated that compromising a third‑party software supplier can be far more effective than breaking into a target directly. With almost everyenterprise having a dependence on mission-critical software developed by someone else, even organisations with strong security controls remain exposed to weaknesses elsewhere in their supply chain, and they might not even know it.
AI-enabled software development introduces another dimension to this risk. More developers are now using AI-generated code as part of their workflows, accelerating productivity but also increasing the likelihood of subtle, undetected vulnerabilities entering production environments. When this code is incorporated into widely used libraries, packages or commercial software, a single flaw can ripple across thousands of organisations.
This supply chain complexity means a single flawed line of AI‑generated code has the potential to spread far and fast. The same technology helping developers write code is increasingly capable of finding and exploiting its weaknesses, and it means the time between a flaw being discovered and weaponised is shrinking rapidly. In 2026, it is not unrealistic to expect at least one major enterprise to experience severe disruption because an upstream software provider unknowingly distributed a vulnerability amplified by AI‑generated code.
The challenge is not theoretical. Open-source ecosystems, third‑party modules and rapid development pipelines create thousands of points of exposure. AI accelerates them all. Organisations will need continuous visibility into where their code comes from, who maintains it and how it changes over time. For security leaders, this means shifting from reactive assessments to continuous mapping and monitoring of the software supply chain, treating every dependency as a living source of potential risk.
The democratisation of AI will fuel a constant surge in cyber threats
Traditionally, cyberattacks rose and fell with recognisable patterns: financial year ends, major public events, holiday seasons. The rise of accessible AI tools has disrupted this balance entirely. Tools that once required deep expertise are now intuitive, fast and widely available. The result is a threat landscape with no off‑season.
This democratisation of capability means the traditional concept of the “script kiddie” no longer applies. Individuals who previously lacked the competence to carry out meaningful attacks can now use AI to level up and bridge those gaps instantly. In effect, AI has become a force multiplier for low-skilled actors.
This democratisation of offensive capability means organisations face a continuous wave of low‑effort, high‑volume attack attempts – each slightly altered and each harder to detect with traditional techniques.
Defenders will need systems that focus less on recognising known threats and more on identifying abnormal behaviours and patterns. Equally important is improving cyber literacy across the workforce. As AI expands the attacker pool, every employee becomes a potential target.
Building cyber resilience for an AI-driven future
The common thread across these trends is speed and uncertainty. AI accelerates both innovation and exploitation, compressing response times and expanding the attack surface. To navigate 2026successfully, organisations must prepare for a world where authentication is continuous, supply chain risk is amplified, and attacks emerge from an increasingly diverse set of actors.
That will extend to using AI as a cyber defence, just as it is being used maliciously, to help prioritise, drive efficiencies and create more space for human security experts to focus on higher level tasks.
Cyber resilience today will depend on proactive investment, continuous visibility and an organisational mindset that treats verification as an ongoing process. While AI introduces unprecedented challenges, it also presents an opportunity to redesign security architectures that are more adaptive, intelligence-driven and robust than those that came before.



