In what could be described as a banner year for technology advancements, 2025 showed how powerful—and dangerous—AI can be in the wrong hands.
With bad actors automating complex attacks, using AI tools to engage in social engineering campaigns and manipulating the AI agent to expose sensitive information, it’s no surprise that the year was a game of cat and mouse in terms of mitigating cyberattacks from human and AI-powered enemies.
Just as attackers have long turned infected machines into botnets to launch large-scale attacks, our experts expect threat actors to seize control of a trusted commercial AI platform this year and then use herds of AI agents to target other systems.
How to prepare?
To mitigate such risk, our security experts recommends treating AI systems more like employees than tools, with clear ownership across onboarding, deployment, and offboarding, ongoing monitoring tied to performance indicators, defined escalation triggers, and explicit accountability for AI-agent actions.
Our security experts warn that the Model Context Protocol (MCP), an open standard that allows developers to connect data sources to AI tools, will become an attractive target for attackers as it expands. These attackers could exploit MCPs and code repositories by injecting malicious instructions, creating AI worms that spread silently but cause significant damage.
Attacks like this are likely to get worse before they get better. CISOs with low visibility into which AI tools are in use, what they’re connected to, and how they’re interacting with sensitive repositories will find themselves at a distinct and risky disadvantage.
How to prepare?
To address that risk, visibility across your entire network is critical. Our experts suggest pairing MCP-enabled agentic AI with strong access controls, continuous monitoring, and developers who are trained to think like security professionals.
Large language models (LLMs) often struggle in situations where understanding intent, motive, or appropriateness matters more than recalling facts. In 2026, our security team predicts that some attackers will exploit those gaps by manipulating meaning and context rather than simply trying to trick models with incorrect information. LLMs are trained on human expression, not human cognition. AI can reproduce what people say but can’t infer intent, motive, or appropriateness, which makes them vulnerable to subtle manipulation and intent failures.
How to prepare?
To minimize such risks, our team advises integrating agentic AI systems into updated risk and governance frameworks that account for the new failure modes introduced when autonomous systems act without human judgment. Embedding structured human review and oversight alongside autonomous capabilities gives teams a better chance to catch intent, context, or reasoning failures before subtle manipulation escalates into a real security issue.
It remains to be seen how common autonomous AI agents will be in enterprises, or whether multi-agent scenarios, where teams of agents collaborate, will be technically feasible in 2026. But if the technology develops as quickly as it did in 2025, many experts envision changes in IT security organizational charts. AI adoption will transform security analysts’ roles, shifting them from drowning in alerts to directing AI agents in an agentic SOC. This will allow analysts to focus on strategic validation and high-level analysis, as AI handles data correlation, incident summaries, and threat intelligence drafting.
How to prepare?
Organizations need to create discrete boundary definitions for authorizing, authenticating, and monitoring each agent, our security team advises.
