Comment: Four insider-risk trends engineering must watch in 2026 - The Engineer

Findlay Whitelaw 16 Feb 2026 More in Artificial Intelligence Network Security Comment: Four insider-risk trends engineering must watch in 2026 Opinion UK engineering faces rising insider risk from AI, shadow tools and data manipulation, says Findlay Whitelaw, security researcher and strategist at Exabeam. Insider threats pose a rising risk to the UK engineering industry, fuelled by a powerful combination of workforce challenges and digital attack surfaces. With engineering sitting in the intersection of both IT and OT security, the industry is positioned as a natural target for insider threats with silos creating visibility gaps for insiders to manipulate. Insider threats, whether malicious, negligent, or compromised, all hold the potential to drive devastating consequences for engineering firms. In an industry that depends heavily on third-party suppliers and manages complex, critical infrastructure, insider threats can spell long-lasting damage with the potential to disrupt operations, expose critical data, and even trigger knock-on effects across the wider economy. Increasingly, the definition of “insider” extends beyond humans to include the AI systems embedded within engineering workflows. As AI takes a more active role in automating design, monitoring systems, and managing operations, it effectively becomes a new insider. Preparing for future threats and identifying opportunities to safely harness AI’s potential will be critical to stay ahead of insider risk and defend against a rapidly widening attack surface. Here are the key cybersecurity trends the UK engineering industry should keep tabs on in 2026: ·     Prediction No.1: Engineering Constraints Shape the Next Phase of Insider Risk Ongoing economic pressure and geopolitical issues may increase strain on engineering operations, expanding the risk surface for insider incidents. Smaller teams and accelerated release cycles could lead to greater reliance on senior engineers and automated systems. As organisations push engineering teams to maintain uptime and velocity with fewer resources and increasing redundancies, technical debt builds across identity and access layers, expanding insider risk and leaving operations insecure. Malicious attackers could exploit this by targeting overburdened staff that hold privileged access credentials to expose company information, driving the “insider-as-a-service” model. Mitigating this risk will depend on the engineering sector’s ability to proactively deploy user and entity behaviour analytics (UEBA) for monitoring access and rapidly alerting to unusual activity.  ·     Prediction No. 2: Insider Risks Shift from Data Theft to Data Manipulation In 2026, malicious insiders could shift their tactics to more subtle manipulation, moving away from outright data theft. Altering and poisoning datasets diminishes stakeholder trust, distorts business strategy and sabotages C-suite decision-making without triggering major alerts. In the engineering landscape, rising AI adoption and automation expand the number of digital touchpoints, meaning that data manipulation and poisoning may be more likely to slip under the radar. With this, regularly validating data integrity will become a fundamental part of risk management for the engineering sector. ·     Prediction No. 3: Shadow AI Emerges as a Major Blind Spot in Engineering The ungoverned integration of AI tools, known as Shadow AI, is set to become a leading source of sensitive data exposure in 2026. In engineering environments, USB drives once represented a major security blind spot by bypassing perimeter controls. Today, Shadow AI plays a similar role, with unauthorised AI tools operating beyond traditional IT and OT security controls. As teams focus on workplace efficiency, engineers could increasingly incorporate external AI chatbots to automate workflows and support reduced engineering teams. With this, Shadow AI may become a high-risk security challenge for the industry, with individuals unintentionally exposing sensitive data within unauthorised AI chatbots. The emergence of this type of AI risk calls for safer AI usage frameworks that align governance, visibility and control with real-world adoption patterns. ·     Prediction No. 4: Insider Threats Will be Considered Resilience Indicators Insider threats are increasingly recognised as a business risk. For engineering, mitigating this risk requires moving beyond static controls toward measurable, continuously validated safeguards. This includes new KPIs, benchmarks, and risk models capable of contextualising actions from both human and entity behaviour across operations. This shift signals the emergence of machine identity UEBA to encompass AI agents and their behaviours across workloads, which is fundamental for rapidly detecting and containing insider risk. Ensuring every action from a user and entity is bound to a verifiable identity will be critical to prevent insider risk from cascading across wider engineering operations. What’s Next for Cybersecurity in Engineering As the engineering sector increasingly adopts AI, insider threats may transform from human errors to identity and system risks. The distinction between users and AI is blurring, expanding risk surfaces where credentials may be frequently exploited and data manipulation becomes more common. Mitigating these risks demands unified governance and AI-aware monitoring. By embedding these practices, engineering firms will be strategically positioned to gain the edge over insider risk and manage them as predictable and controllable parts of their operations. This evolution mirrors the wider regulatory direction in the UK and EU, where resilience frameworks are moving away from static control assessments towards evidence of continuous risk management and operational impact tolerance. Findlay Whitelaw, security researcher and strategist at Exabeam Insider risk trends