Navigating the era of agentic AI and identity management in 2026 - Cybersecurity Insiders

SECURITY PRACTICES & DOMAINSAI Security Looking back at 2025, the digital battlefield evolved exactly as expected. Malicious AI, hyper-realistic deepfakes, and a large amount of sophisticated malware defined a year where regulatory frameworks struggled to keep pace with criminal innovation. As we navigate the start of 2026, we’re entering a high-stakes “AI arms race.” The divide between attackers and defenders is narrowing, driven by the rise of agentic AI, autonomous systems capable of orchestrating complex strikes with minimal human oversight. To stay ahead, organizations must master three critical domains: the weaponization of automation, the fragility of modern identity, and the blurring of the traditional security perimeter. The weaponization of AI and automation The speed of AI adoption is currently outstripping the development of security guardrails. This “innovation gap” has handed adversaries a powerful toolkit for low-effort, high-impact disruption. Shadow AI and data leakage: Rapid, unmonitored AI integration is creating massive visibility gaps, exposing firms to prompt injection attacks and accidental data exposure. The rise of autonomous threats: These systems can theoretically script and execute entire multi-stage campaigns autonomously, effectively “democratizing” high-level cybercrime. Ransomware 3.0: Ransomware has moved beyond locking files. Future LLM-driven attacks will focus on data integrity manipulation, subtly altering information to erode trust and create long-term operational chaos rather than immediate ransoms. The anxiety among leadership is valid. According to Hornetsecurity’s 2026 Cybersecurity Report, 77% of CISOs now rank AI-generated attacks as their primary emerging concern. The collapse of traditional identity management Identity is the new perimeter, yet it is currently the most exploited vulnerability. Even standard security measures are failing against modern bypass techniques. Multi-factor authentication (MFA) fatigue and bypasses: Adversaries are increasingly using “Attacker-in-the-Middle” kits to hijack session tokens, rendering standard MFA insufficient. The shift to phishing-resistant standards like FIDO2 and passkeys is no longer optional, it is a necessity. The help desk “backdoor”: Security is only as strong as its weakest recovery link. Outsourced help desks and flawed account enrollment processes remain easy targets for social engineering. User experience barriers: While passkeys offer superior security, fragmented user experiences and the difficulty of managing corporate-specific credentials continue to stall widespread adoption. The cost of an attack is devastating. Take the September 2025 attack on Jaguar Land Rover for example. A ransomware strike halted production across four countries, crippled 5,000 supply chain partners, and left the company facing massive losses without adequate cyber insurance. Remember, recovery is always more expensive than resilience. The migration to new attack surfaces As data moves to the cloud and the edge, the traditional network “fortress” is becoming obsolete. Attackers are now following users directly into their browsers and SaaS ecosystems. SaaS and the browser as a target: Traditional endpoint detection is often blind to browser-based compromises. Attackers are increasingly targeting cloud identities directly through the web interface. Malicious extensions: Browser add-ons have become a “silent” infection vector, requiring organizations to implement much stricter tracking and blocking protocols. In July last year, a “ToolShell” zero-day exploit compromised over 400 on-premises SharePoint servers, driven by Chinese state-sponsored groups and ransomware actors. These attacks allowed unauthorized network access, prompting urgent warnings from Microsoft and CISA to patch systems immediately. The danger of leaving on-premises software publicly accessible is VERY real and most organizations would do well to avoid it when possible; and if software must be publicly accessible, then security teams must tightly control access via some other method such as a web application firewall and strong identity controls. Building resiliency for long-term challenges While the threat of a Cryptographically Relevant Quantum Computer remains on the horizon for now, the “Harvest Now, Decrypt Later” strategy is a present-day risk. To protect data with a long shelf life, organizations must begin transitioning to NIST-standard, quantum-resistant algorithms (FIPS 203, 204, 205) immediately. 2026 demands an accelerated shift from reactive patching to proactive cyber resilience. By hardening identity controls, securing the browser, and preparing for the quantum future, organizations can turn these looming threats into a blueprint for a more secure digital estate. ____ Andy Syrewicze, Security Evangelist at Hornetsecurity Andy is a 20+ year IT Pro specializing in M365, cloud technologies, security, and infrastructure. By day, he’s a Security Evangelist for Hornetsecurity, leading technical content. By night, he shares his IT knowledge online or over a cold beer. He holds the Microsoft MVP award in Security. Join our LinkedIn group Information Security Community!