By Dr Martin Krämer, CISO Advisor at KnowBe4

KnowBe4, provider of the globally recognised cybersecurity platform for managing human and Agentic AI–related risks, has released its CISO Advisor team’s predictions for the cybersecurity landscape in 2026. Artificial intelligence will continue to dominate the sector next year, as it becomes increasingly embedded in defensive capabilities — and more widely exploited by cybercriminals.

AI agents to cut MTTR by up to 50 per cent

As attackers weaponise AI at unprecedented speed, defenders are expected to gain a crucial edge as agent-based AI systems reach maturity. Mainstream software products and services will be re-engineered to integrate autonomous AI agents, delivering measurable improvements in risk reduction compared with their non-AI predecessors.

For security operations centres, first-level triage, enrichment and containment will increasingly be governed by policy-driven AI agents. KnowBe4 predicts that experienced SOC teams will see their mean time to respond (MTTR) reduced by 30 to 50 per cent. These security agents will also generate tamper-proof audit trails and produce regulatory-compliant incident summaries automatically — cutting compliance overheads and accelerating post-incident analysis.

But adversaries are evolving in parallel. Cyber attackers are expected to deploy AI-enabled toolchains capable of more extensive and effective attacks than traditional methods. Model Context Protocol (MCP) servers — widely used by large language models — will become a prominent attack surface. Browser-based agents and prompt-injection techniques are forecast to dominate the vulnerability landscape. Attacks will become more targeted, sophisticated and realistic as automation and generative AI continue to enhance offensive capabilities.

Humans and AI agents will form the hybrid workforce

The most profound shift in 2026 will be the transition of AI from passive tooling to active, autonomous participants in the security workforce. As agent-based systems evolve from experimental prototypes into core operational components, organisations will need to rethink workforce management. “Employee training” will have to encompass not only human personnel but also AI agents — including clear policies, behavioural requirements and operational guidelines.

Quantum computing pressures mount

Digital identity will take on new importance as privacy-friendly identity frameworks gain mainstream adoption. Large-scale initiatives such as the EU Digital Identity Wallet, set for rollout to all EU citizens in 2026, will accelerate the shift towards verified online identities, even if they are not made mandatory.

Security teams must also brace for the long-anticipated Q-Day — the moment quantum computers can break today’s widely used asymmetric encryption. Many experts expect this milestone to be reached in 2026. Organisations will need to strengthen authentication through passkeys and device-bound credentials, applying equally rigorous controls to non-human identities such as service accounts, API keys and AI agent credentials.

Shadow cartels to target global flashpoints

KnowBe4 also anticipates a further convergence of organised crime and cybercrime, forming so-called “shadow cartels”. These groups are expected to deploy cyber tools alongside physical operations, targeting geopolitical hotspots and critical infrastructure worldwide.

“Geopolitical tensions will fuel both hacktivism and cybercrime, with the energy, water and transport sectors becoming increasingly exposed,” says Dr Martin Krämer, CISO Advisor at KnowBe4. “Digital sovereignty will reshape the technology landscape, with significant new investment expected in the Middle East.”

The predictions are based on insights from KnowBe4’s global team of CISO advisors, drawing on decades of cumulative cybersecurity experience.