Cyber Security Report 2026

Keypoints

• AI has become a force multiplier across the attack lifecycle, increasing speed, scale, and the effectiveness of familiar techniques like social engineering and reconnaissance.
• Risk from AI systems is measurable: risky prompts rose 97% in 2025, 40% of analyzed Model Context Protocols (MCPs) were vulnerable, and prompt injection/workflow abuse amplified impact.
• Ransomware operations shifted toward smaller, decentralized operators with more data-only extortion, personalized victim profiling, and shorter, automated negotiation timelines.
• Unmonitored edge and perimeter devices (routers, gateways, VPN appliances) emerged as high-value initial access points used for persistence and lateral movement.
• Cyber operations increasingly aligned with geopolitical conflicts, coordinating espionage, disruption, and influence activities and leveraging compromised IoT and surveillance systems.
• Common attacker patterns in 2025 included faster execution cycles, broader targeting with fewer resources, reduced reliance on custom tooling, and expanded attack paths across cloud, edge, SaaS, and on-prem environments.