Agentic AI, quantum risks & evolving threats to define 2026

KnowBe4's cybersecurity predictions for 2026 outline what its CISO advisors believe are the most significant changes set to impact businesses globally.

The company expects developments in agentic AI, quantum computing, workforce structure, and cybercrime tactics to drive major transformation in threat response and organisational security practices.

AI-driven operations

Agentic AI systems are forecast to become central to security operations, enabling faster and more automated responses to incidents.

KnowBe4's security advisors expect these systems to deliver efficiencies, with mean time to respond (MTTR) potentially reduced by 30% to 50% in established security teams. Automated triage, containment, and incident reporting will be handled by AI agents, which could help relieve compliance burdens and generate audit-ready summaries.

Conversely, attackers are anticipated to adopt advanced AI-enabled tools to augment the realism and complexity of cyberattacks. Vulnerabilities linked to Model Context Protocol servers and prompt injection attacks are predicted to grow, with cybercriminals shifting focus from large-scale volume attacks to more refined, high-quality campaigns that utilise generative AI features.

Workforce transformation

Security team structures are expected to change, as AI agents take on more active, autonomous roles akin to team members rather than passive tools. Organisations deploying agentic AI are likely to adopt new governance and training frameworks for both human and AI participants. This shift may necessitate updated policies, defined behavioural expectations, and comprehensive guardrails for the integration of AI within operational teams.

Quantum threat readiness

With the advent of quantum computers predicted in 2026, current encryption standards face significant risk. KnowBe4's advisors believe that quantum-safe security practices and stronger authentication requirements for both human and non-human identities will be essential. The emergence of regional digital identity schemes, such as the EU Digital Identity Wallet, is expected to make identity verification more prevalent, although not mandatory, and organisations will also need to extend governance to service accounts, API keys, and AI agent credentials.

Criminal collaboration

The company's experts expect a convergence of organised crime and cybercrime, with so-called shadow syndicates using a blend of cyber and physical tactics to target critical infrastructure and geopolitical hotspots. This trend is seen as a growing risk against the backdrop of international tensions and reliance on digital systems.

"The 2026 midterm elections in the U.S. are going to face serious challenges as bad actors leverage social media and AI to increase the realism and volume of misinformation and disinformation campaigns. This will be a practice for the 2028 presidential elections and will pave the way for future types of attacks and the defences needed against the misinformation and disinformation campaigns," said Erich Kron, CISO advisor, KnowBe4.

James McQuiggan, CISO advisor, KnowBe4, expects some U.S. states will create their own AI legislation, creating regulatory confusion.