As we enter 2026, the evolving digital landscape presents new security challenges for organizations. A recent readership poll has highlighted the growing concern around agentic AI risks, signaling it as the leading focus for cybersecurity teams in the upcoming year.

The poll was inspired by insights gathered during a Reporter's Notebook videocast discussion, where cybersecurity experts shared their predictions for security operations in 2026. The experts emphasized the pressing issues that security teams are likely to face, leading to a thought-provoking exploration of the potential trends for the year.

Agentic AI as a Major Target

According to the poll, nearly half (48%) of respondents anticipate that agentic AI will become the primary attack vector for cybercriminals and nation-state threats by the close of 2026. This shift is attributed to the increasing adoption of agentic AI across various enterprises, utilized for streamlining operations and staying competitive in sectors like software development.

Experts express concern that the rapid integration of agentic AI could occur at the expense of security. Rik Turner, a chief analyst in cybersecurity, points out that the expanded attack surface resulting from agentic AI's access and autonomy is alarming. He warns of the risks associated with developers potentially deploying insecure code in their eagerness to utilize this innovative technology.

The rise of open-source AI agents and "shadow AI" further complicates the security landscape, as employees may introduce unmonitored AI applications into their work environments.

Deepfakes as a Social Engineering Tool

Another significant finding from the poll revealed that 29% of respondents believe deepfakes are likely to become the primary method for cyber attackers targeting high-profile individuals and organizations. The increasing sophistication of deepfake technology has made it a viable tactic for cybercriminals.

Turner highlights that while deepfakes were a topic of concern since the emergence of AI technologies like ChatGPT in 2022, they only gained prominence in 2025. This rise in visibility is attributed to a surge in convincing AI-generated content, leading to more frequent exploitation by attackers.

The ongoing use of deepfakes in state-sponsored campaigns, such as North Korea's efforts to mislead and manipulate, underscores the need for organizations to bolster their defenses against such tactics.

Cyber Risk Recognition at the Board Level

While only 13% of respondents viewed the elevation of cyber-risk to a Tier 1 operational priority for boards as likely, this still marked a more significant acknowledgment than many anticipated. Turner expressed skepticism about whether this recognition will translate into meaningful action or if cyber-risk insurance might act as a false sense of security.

Experts believe that the growth of agentic AI should illuminate the seriousness of cybersecurity risks within organizations. Amy Worley, a leader in privacy and information compliance, argues that boards often underestimate these risks, particularly as AI capabilities evolve toward autonomous decision-making.

Challenges of Password Elimination

In a less prominent position, only 10% of respondents foresee password elimination and passkey adoption becoming the norm in 2026. Despite the recognition of the importance of stronger authentication methods, investment in such technologies appears to lag behind other priorities.

Adam Etherington, a cybersecurity practice leader, warns that as agentic systems proliferate, the risks associated with inadequate password protections will only grow. Major software vendors are increasingly incorporating agentic capabilities, further complicating the security landscape.

Despite the challenges, there is a silver lining: passkeys have gained traction, supported by endorsements from major tech companies, although many still doubt their widespread adoption in the near future.

In conclusion, as we look toward 2026, cybersecurity professionals are faced with a myriad of challenges, from the risks posed by agentic AI to the implications of deepfake technology. The need for robust security strategies and proactive measures has never been more critical, as organizations must navigate an increasingly complex threat landscape.

Source: Dark Reading News