As we move into 2026, the cybersecurity landscape is undergoing significant transformations, with agentic AI emerging as a critical focus for security teams. A recent poll has revealed that agentic AI risks are leading concerns for many organizations, reflecting a consensus on its growing importance in cybersecurity strategies.
Agentic AI: A Primary Target for Cybercrime
According to the poll, nearly half of the respondents (48%) predict that agentic AI will become the top attack vector for cybercriminals and nation-state threats by the end of 2026. This trend is fueled by the increasing adoption of agentic AI across various industries, where it is used for operational efficiencies such as predictive maintenance and smart manufacturing. However, this rapid adoption raises concerns about security measures being sidelined in the rush to implement new technologies.
Rik Turner, a cybersecurity analyst, emphasized the expanded attack surface resulting from the combination of agentic AI's access levels and its autonomy. He warned about the potential for insecure code deployment as developers rush to meet project deadlines, highlighting the need for secure coding practices amidst growing enthusiasm for agentic AI.
Deepfakes: Emerging Threat for High-Value Targets
In addition to agentic AI, deepfake technology is also gaining traction as a significant social engineering tool. Nearly 29% of respondents believe that deepfakes are on track to become the primary method for cyber attackers targeting high-profile individuals and organizations, including Fortune 500 companies and government entities.
Turner notes that deepfakes, which have been a concern since the introduction of platforms like ChatGPT in late 2022, have now become prevalent, particularly in state-sponsored campaigns. The sophistication of deepfake tools is increasing, while many enterprises are not sufficiently investing in defenses against these tactics. Rapid detection and response capabilities are essential for mitigating potential threats posed by deepfakes.
Boards Elevate Cyber-Risk to Priority Status
Despite the challenges posed by agentic AI and deepfakes, only 13% of poll respondents believe that corporate boards will effectively prioritize cyber-risk as a Tier 1 operational issue in 2026. Turner expressed skepticism about this finding, suggesting that while the existence of cyber-risk insurance may focus attention on the issue, it could also create a false sense of security.
Amy Worley, an expert in privacy and information compliance, argues that agentic AI represents a critical security risk that must be addressed by boards. She believes that as AI technology becomes more autonomous, small errors or malicious actions can escalate into significant security incidents, making proactive measures essential.
Password Elimination and the Rise of Passkeys
In the realm of authentication, only 10% of respondents foresee a move towards password elimination and widespread adoption of passkeys in 2026. While stronger authentication methods are necessary, they currently take a backseat in terms of investment and focus. Adam Etherington, a cybersecurity practice leader, highlighted the risks associated with agentic systems, which increasingly leverage API connectors and non-human identities.
Despite the low expectations for password elimination, there is growing momentum for passkeys, driven by endorsements from major technology companies. However, the future of passwords remains uncertain, as experts debate whether they will become obsolete or continue to coexist with newer technologies.
As organizations navigate the complex landscape of cybersecurity threats, the focus on agentic AI risks, deepfakes, and the prioritization of cyber-risk at the corporate level will shape the strategies and investments made in 2026. The ongoing evolution of these technologies underscores the need for robust security measures to protect against emerging threats.
Source: Dark Reading News