Blog

10 AI Predictions For 2026: Top Experts Share New Trends

The EU Commission, aiming to ensure smooth and predictable implementation of the AI Act, is preparing a comprehensive set of guidelines for 2026. These will offer practical directions on high-risk classifications, transparency, reporting obligations, quality requirements, responsibilities, and more. Special focus will be on simplifying research exemptions and clarifying legal overlaps, particularly for product development in medicines and medical devices. The Commission will also provide templates and direct support channels for stakeholders.

https://www.forbes.com/sites/bryanrobinson/2025/12/04/10-ai-predictions-for-2026-top-experts-share-new-trends/

Phishing, Privileges and Passwords: Why Identity Is Critical to Improving Cybersecurity Posture

TLDR: Identity is crucial in cybersecurity; breaches at M&S and Co-op highlight vulnerabilities. Modern attacks exploit cloud and remote work. Protect identity through least privilege access, strong passwords, MFA, and active account management. Embrace Zero Trust and managed detection response for security.

https://www.welivesecurity.com/en/business-security/phishing-privileges-passwords-identity-cybersecurity-posture/

Death to One-time Text Codes: Passkeys Are the New Hotness

Passkeys revolutionize MFA, phasing out vulnerable one-time passwords. Passkeys replace passwords with cryptographic key pairs for stronger authentication, preventing phishing attacks. Major platforms like Apple and Google support them, demonstrating high adoption rates among organizations. Passkeys improve sign-in success rates and reduce helpdesk incidents, yet usability challenges persist, especially across different operating systems. Ultimately, they represent a significant advancement in secure online identity verification.

https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/

CISOs Should Be Asking These Quantum Questions Today

Quantum-inspired software is already being used in critical enterprise settings, often without security teams’ full awareness, because it integrates so smoothly with existing tools and workflows. Current cybersecurity frameworks and compliance processes fall short when dealing with quantum and post-quantum solutions, particularly as the risk of “harvest now, decrypt later” attacks grows—where encrypted data stolen today could be decrypted in the future using quantum computers. Organizations face three encryption approaches: maintaining current standards (with risk), adopting quantum-based encryption (still ultimately vulnerable), or implementing post-quantum cryptography (most robust). Industries such as defense and aerospace are early adopters, but mature quantum-specific security guidelines are lacking, leaving organizations with gaps until new playbooks are developed.

https://www.darkreading.com/cybersecurity-operations/cisos-should-be-asking-these-quantum-questions-today

CISA Publishes Security Guidance for Using AI in OT

Global cybersecurity agencies released new guidance on safely deploying AI in operational technology systems, citing the high risks involved. OT is essential for critical infrastructure, and integrating AI can introduce risks such as model drift, safety bypasses, and process instability. Agencies urge thorough education on AI risks, a careful assessment of when to use AI, strong data controls, and transparent governance. Recommendations also emphasize the importance of monitoring and fail-safe processes, including human oversight. Experts note that while AI may enhance efficiency, its use in OT should be limited and highly disciplined, especially with high-risk models like large language models.

https://www.darkreading.com/cybersecurity-operations/cisa-publishes-security-guidance-ai-ot

Threat Landscape Grows Increasingly Dangerous for Manufacturers

Manufacturers remain the top target for cybercriminals in 2025, primarily due to security gaps, lack of expertise, and slow adoption of protective measures. Over half paid ransoms and faced high recovery costs, with ransomware attacks causing notable shutdowns and billions in losses. This year, exploited software vulnerabilities became the leading cause of breaches. The rise of AI and automation is boosting manufacturing efficiency but also increasing cybersecurity risks and creating new attack surfaces. Experts warn that the threat landscape will continue to worsen, especially as IT and OT environments merge and geopolitical issues persist.

https://www.darkreading.com/cyberattacks-data-breaches/threat-landscape-increasingly-dangerous-manufacturers

Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks

Summary: Russian threat actors are targeting organizations via phishing attacks that impersonate legitimate European security events, using Microsoft 365 OAuth and Device Code workflows to steal credentials. Techniques include rapport-building conversations, fake professional websites, and communication through messaging apps. Notable campaigns include the Belgrade Security Conference and Brussels Indo-Pacific Dialogue, with attackers expanding their target lists through responses. Indicators and investigative assistance are offered for potential victims.

https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/

An Interview With Atlassian CEO Mike Cannon-Brookes About Atlassian and AI

Stratechery Interview: Atlassian CEO Mike Cannon-Brookes

Ben Thompson interviews Mike Cannon-Brookes, CEO of Atlassian, discussing the company's origins, growth, and innovation in software. Founded in 2002 with Jira as its first product, Atlassian emphasized cloud service and AI integration. Cannon-Brookes notes that their low-cost model and open-source approach facilitated rapid growth. The interview covers the company's journey, market strategies, and the influence of the dot-com era, highlighting their success in self-serve distribution and long-term customer relationships.

https://stratechery.com/2025/an-interview-with-atlassian-ceo-mike-cannon-brookes-about-atlassian-and-ai/

5 Threats That Reshaped Web Security This Year [2025]

5 Major Web Security Threats in 2025: Security professionals face significant challenges from AI-driven attacks, code vulnerabilities, and evolving injection techniques. Key threats include:

  1. Vibe Coding: Natural language coding created exploitable flaws in AI-generated code, leading to data losses and security breaches.
  2. JavaScript Injection: A coordinated campaign compromised 150,000 sites, highlighting the risks of client-side code.
  3. Magecart/E-skimming 2.0: Attacks profit by manipulating supply chains to steal payment information without detection.
  4. AI Supply Chain Attacks: A rise in malicious packages using AI techniques, complicating traditional threat detection methods.
  5. Web Privacy Validation: Many websites disregard user privacy settings, leading to hefty fines and compliance issues.

Conclusion: Organizations must adopt continuous monitoring and validation practices to combat these evolving threats effectively.

https://thehackernews.com/2025/12/5-threats-that-reshaped-web-security.html

5 Cybersecurity Predictions for 2026

TLDR: 2026 cybersecurity predictions include: 1) Shadow AI posing significant risks; 2) Convergence of compliance and security due to new regulations; 3) Prioritization of disinformation defense against advanced social engineering threats; 4) Quantum computing and AI enhancing security measures; 5) Increased use of biometrics for access control.

https://www.securitymagazine.com/articles/102030-5-cybersecurity-predictions-for-2026

Scroll to Top