SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

European night skyline ai network cyber traffic attacks defense cloud
#
Firewalls
#
Network Security
#
MFA

Radware warns 2026 will mark rise of ‘Internet of Agents’

Mon, 15th Dec 2025
Author image
By Sean Mitchell, Publisher

Cybersecurity specialists at Radware expect 2026 to mark a structural shift in internet traffic, threat patterns and regulation, with machines, automated agents and artificial intelligence taking a central role in both attacks and defence.

The company's threat intelligence leaders forecast that machine-to-machine activity will overtake human-driven traffic, application programming interfaces (APIs) will become the main digital attack surface, and AI-enhanced social engineering and denial-of-service attacks will intensify.

They also point to tighter regulatory demands in regions such as the European Union and a growing focus on zero-day vulnerabilities, runtime security and machine identities.

Internet of machines

Pascal Geenens, Vice President, Threat Intelligence at Radware, said internet traffic patterns will move away from human requests and towards automated systems and agents.

He expects machine-to-machine traffic to exceed human-initiated requests by 2026 and to dominate by 2030. He links that shift to rapid adoption of personal and enterprise AI assistants inside browsers, operating systems and workplace tools.

Geenens said these agents will communicate through emerging protocols and through API calls rather than through traditional browsing. He said this will create an "Internet of Agents" in which most requests result from autonomous reasoning loops between software agents instead of direct human intent.

Radware expects this traffic to be more dynamic than current internet-of-things telemetry. AI agents will repeatedly query APIs, pull context from external systems and exchange structured data using specialised agent-to-agent protocols.

APIs as battleground

Geenens said APIs will sit at the centre of this machine-driven economy and will therefore draw increased attention from attackers.

He expects malicious bots and human adversaries to exploit weaknesses in authentication, input validation and context handling in API-based systems. The firm anticipates more use of AI-driven bots that can reason about responses, re-prompt and mimic legitimate agent behaviour.

According to Geenens, this will narrow the distinction between genuine and abusive traffic. He said traditional bot detection methods that rely on signatures and simple behavioural patterns will lose effectiveness as business logic attacks rise.

He also expects an "agentic supply chain" problem. He draws a parallel with past attacks on open-source package repositories. He said registries and marketplaces for AI agents, plug-ins and service connectors will attract attackers seeking to insert malicious components, poisoned context providers or tampered service manifests.

Geenens said these methods could alter autonomous decision flows, extract data or skew business outcomes while remaining embedded in normal operations. He expects the growth of new protocols for agent communication and value exchange to fragment the ecosystem and stretch existing security governance models.

"2026 will be remembered as the year machines began talking more to each other than to us," said Geenens.

Regulation and compliance

Howard Taylor, Chief Information Security Officer at Radware, said new European rules will add fresh compliance pressures.

"Regulations, including the Digital Operational Resilience Act (DORA), the Network and Security Directive (NIS2), and the EU AI First Regulation, require a myriad of controls and processes. To meet the challenge, businesses must expand their Cybersecurity and Compliance resources. On the positive side, these investments will open business opportunities in the security-savvy market," said Taylor, CISO, Radware.

Service provider strain

Travis Volk, Vice President Global Technology Solutions and GTM, Carrier at Radware, warned that telecoms and cloud providers will face more zero-day events as attackers target core software layers.

"With the growing number of exploited vulnerabilities and faster weaponization, Service Providers will face a significant increase in the number of zero-day events they will need to remediate. As target focus moves towards operating systems, security/networking software and applications, Service Providers will face the need for in-line protection to maintain predictable engineering for their most expense resources (encrypted workloads)," said Volk.

Radware expects DevSecOps practices to shift from a build-time focus to continuous runtime enforcement. The company anticipates security controls that sit in deployment pipelines and network paths and that act at the same speed as software releases.

DDoS and autonomy

Eva Abergel, Senior Product Marketing Manager at Radware, forecasts a change in how organisations view distributed denial-of-service (DDoS) attacks.

"In 2026, DDoS attacks will shift from being a known nuisance to a strategic blind spot. As AI becomes embedded in both attack orchestration and defense, we will see the rise of autonomous botnets capable of learning and adapting in real time. These tools will not just mimic user behavior but will predict and preempt mitigation tactics. The attacks will go beyond infrastructure, targeting business logic, third-party integrations, and application-level flows. Layer 7 DDoS will become the preferred method for attackers aiming to disrupt digital services while evading traditional detection. The real threat will not only be about volume anymore. It will also be about invisibility. Security teams will need to rethink DDoS as a business risk, not just a network problem," said Abergel.

AI arms race

Principal Security Evangelist Chip Witt said AI will act on both sides of the security divide.

He said threat actors already use generative and autonomous AI for prompt injection attacks, synthetic identity abuse and automated reconnaissance. He expects defenders to introduce more AI for automated triage, decision-making and mitigation as attack volume and variety increase.

Witt also expects "agentic" security models in which autonomous AI agents monitor and remediate vulnerabilities in code, APIs and runtime environments. He links this with an expansion of Zero Trust security to machine identities and APIs rather than only human users.

The predictions:

  • "AI will be both the weapon and the shield in 2026. Threat actors are operationalizing generative and autonomous AI to launch adaptive attacks such as prompt injection, synthetic identity abuse, and automated reconnaissance. In response, defenders must deploy AI not just for detection, but for autonomous triage, decision-making, and mitigation. The arms race between adversarial and defensive AI will define the next era of application security," said Witt.
  • "Security will evolve into a dynamic, agentic system. Autonomous AI agents will continuously monitor, review, and remediate vulnerabilities across code, APIs, and runtime environments. This self-healing security architecture will scale with developer velocity and API sprawl, reducing human bottlenecks and enabling proactive defense," said Witt.
  • "Zero Trust principles will extend beyond human users to encompass machine identities, APIs, and autonomous agents. Organisations will implement identity-aware API gateways, continuous authentication for non-human actors, and telemetry-driven access controls. The new perimeter is no longer a user; it is an API call, a service account, or an AI agent," said Witt.

AI-driven social engineering

Arik Atar, Senior Researcher, Cyber Threat Intelligence at Radware, expects further development of subscription-based social engineering tools that target accounts with two-factor authentication.

He said so-called OTP bots already automate calls and messages that prompt users to disclose authentication codes. He expects operators of these services to introduce AI voice systems that imitate realistic speech and possibly the voices of contacts or relatives.

Atar said the same groups already use AI for advertising and content generation. He expects them to embed those techniques into their tools.

The prediction:

  • "The new AI-based social engineer-as-a-service economy will emerge. In 2025, we observed a significant rise in OTP-BOTs, subscription-based underground platforms designed to trick victims into inadvertently sharing their two-factor authentication codes -so users (Account crackers) can complete account takeovers," said Atar.

Radware expects the combination of high two-factor adoption and AI-based spoofing to expand the underground market for automated account-takeover tools in 2026.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity names Adnan Chaudhry Chief Revenue Officer
Exabeam launches AI agent behaviour analytics tools
Security now central to business decisions, says report
Kyowon, Instagram cases expose APAC identity flaws
Automation vital as TLS certificate lifespans shrink

Top stories

Black Hat to debut cyber war room documentary in Vegas
2026: Resilience, the new foundation of cybersecurity
AI’s 2026 security fallout: identity chaos & deepfake fear
ADLINK gains IEC 62443-4-1 nod for secure edge R&D
Agentic AI double agents expose dangerous security gaps