• 07 3184 7575
  • July 13, 2026
  • 0 Comments

As artificial intelligence becomes embedded in everyday business operations, cybersecurity is entering a new phase. The challenges ahead are no longer just about stronger malware or faster attacks — they are about identity, trust, and how people interact with AI-powered systems.

Cybersecurity leaders are warning that many organisations are unprepared for how quickly AI is changing the risk landscape. In 2026, some of the most serious incidents may not stem from technical failure, but from over-trusting automation, under-governing access, and overwhelming already stretched teams.

Insights from cybersecurity experts at OpenText Cybersecurity highlight several themes that organisations should be paying close attention to now.

Agentic AI and the Next Identity Crisis

According to Rayson Milbourne, the rapid adoption of agentic AI will trigger a new kind of identity crisis.

Experts predict that AI agents — autonomous systems that make decisions and perform tasks on behalf of humans — will soon outnumber human identities by as much as 100 to 1. Each of these agents may require access to data, applications, and systems in order to function efficiently.

The problem is that most identity and access management (IAM) strategies were designed for people, not autonomous digital entities. In the rush to deploy AI agents, many organisations are likely to grant overly broad permissions or bypass proper governance to keep projects moving. This creates fertile ground for abuse.

When AI agents are over-permissioned, they can be manipulated into sharing sensitive data, performing unauthorised actions, or opening pathways for attackers. What looks like operational efficiency can quickly turn into systemic risk.

Cybersecurity has always started with identity. In 2026, organisations that fail to modernise IAM strategies for agentic AI will face growing security exposure and operational complexity.

When Digital Trust Can No Longer Be Assumed

Milbourne also points to a second shift: the erosion of trust in digital communication itself.

Deepfake technology has reached a level where synthetic voices and video are increasingly indistinguishable from the real thing. Attackers can now impersonate executives, colleagues, or trusted partners in real time, using convincing audio and video to pressure victims into making quick decisions.

In response, organisations are beginning to reintroduce traditional trust-building practices that had faded in the digital era. High-stakes decisions are increasingly handled in person. Verification phrases or “safe words” are being reused. Face-to-face interaction is regaining importance — not for convenience, but for assurance.

In a world where what we see and hear online can no longer be trusted by default, physical presence becomes part of the security strategy.

AI’s Hidden Cost for Small and Mid-Sized Businesses

For Tyler Moffitt, the most significant impact of AI on small and mid-sized businesses will not be a single catastrophic breach, but decision overload.

Generative AI allows scammers to produce highly realistic emails, invoices, phone calls, and videos that feel personal, familiar, and urgent. Each interaction demands attention and judgment, placing constant pressure on IT teams that are often already understaffed.

The real danger lies in fatigue. As alert volumes increase and the line between legitimate and malicious activity blurs, teams risk becoming overwhelmed. Over time, this can lead to slower responses, missed warning signs, and rushed decisions.

To cope, SMBs will increasingly need to rely on automation and identity-driven controls — not to replace people, but to reduce noise and help teams focus on what truly matters. Used properly, AI can shift from being an attacker’s advantage to a defender’s equaliser.

Prompts Are Becoming a New Data Leakage Vector

According to Maria Pospelova, human trust in generative AI systems will become one of the leading causes of data leaks.

People increasingly treat AI assistants as trusted collaborators, sharing sensitive information without fully considering the implications. At the same time, shadow AI usage continues to grow, with employees relying on unapproved tools that sit outside organisational security controls.

More concerning is the lack of visibility. Prompts shared with AI systems — and between AI agents — are rarely monitored, even though they often contain proprietary or confidential data. In practice, these prompts function as untracked data transfers.

In 2026, organisations will need to rethink this assumption. Prompts are not harmless inputs — they are data flows that require governance, visibility, and policy controls to prevent an accelerating wave of AI-driven data leakage.

AI as a Force Multiplier for Defenders

Despite these risks, AI is not only empowering attackers.

Pospelova also highlights a more positive shift: AI is enabling new levels of collaboration among cyber defenders. In 2026, insights — not raw data — will become the most valuable currency.

Agentic AI can help replicate expert knowledge across teams, organisations, and even industries. This matters because adversaries already collaborate freely, sharing tools and tactics at speed. AI offers defenders a way to match that pace, accelerating intelligence sharing and strengthening collective defence.

When Security Tools Outpace the People Using Them

For Mike DePalma, another growing risk lies in the gap between deploying AI-powered security tools and actually using them effectively.

In 2026, AI-driven security products will be marketed heavily as simple, plug-and-play solutions. The reality for many SMBs will be different. Without the staff, experience, or time to configure and monitor these tools properly, misconfigurations and blind spots will grow.

Attackers exploit this gap. Having a security tool in place does not guarantee protection if alerts are missed, systems are misunderstood, or monitoring is inconsistent. The result is avoidable damage — not because protection was unavailable, but because it was not operationalised effectively.

Voice Cloning and the Breakdown of Everyday Trust

One of the most visible impacts of AI will be the breakdown of trust in everyday communication.

Voice cloning attacks no longer require sophisticated infrastructure. With short audio samples, attackers can convincingly mimic bosses, partners, or family members. These calls sound real, arrive from familiar numbers, and create urgency that prompts immediate action.

These scams succeed because people naturally trust what they hear. In 2026, that trust will increasingly fail. While technology can help detect anomalies, awareness and behavioural training remain the most effective defence.

A CSB Perspective

At CSB, we see a clear pattern emerging. The cybersecurity risks of 2026 are not purely technical — they are human, organisational, and identity-driven.

AI will continue to accelerate both attacks and defences. Organisations that succeed will be those that:

  • Govern AI identities as carefully as human ones
  • Verify trust rather than assume it
  • Reduce cognitive overload on security teams
  • Treat AI interactions as part of their security surface

Cybersecurity in the AI era is not about fear — it’s about discipline, visibility, and informed decision-making.

Source & Expert Commentary
Insights attributed to cybersecurity experts from OpenText Cybersecurity.

Previous Post
Cyber Attacks Are Accelerating — How Automation and AI Are Changing the Threat Landscape