The digital landscape is evolving, and so are the security challenges that organizations face. As we step into 2026, a recent readership poll reveals a consensus that agentic AI risks will dominate security teams' priorities.

The poll was informed by a discussion among cybersecurity experts who analyzed insights shared with them in December regarding security operations predictions for 2026. The results indicate that agentic AI is widely viewed as the next significant target for cybercrime, with many expressing skepticism about the effectiveness of current password management practices.

Agentic AI & Autonomous Systems: A Primary Target

Nearly half of the respondents (48%) believe that agentic AI will become the primary attack vector for cybercriminals and nation-state threats by the end of 2026. This prediction aligns with the growing adoption of agentic AI across various industries as organizations leverage it to enhance operations and maintain competitive advantages. However, this rush to adopt agentic AI raises concerns about the potential neglect of security practices.

Rik Turner, a cybersecurity analyst, emphasizes the importance of addressing the expanded attack surface that comes with agentic AI's access and autonomy. He warns that a hasty deployment of these technologies could lead to insecure code and vulnerabilities, as developers may prioritize meeting deadlines over security.

Moreover, the emergence of open-source AI agents and "shadow AI" poses additional risks, with employees potentially introducing unregulated AI tools into their workplaces.

The survey results echo findings from Omdia's internal Decision Maker Survey, which indicates that AI adoption is a top concern for corporate security teams. Melinda Marks, a cybersecurity practice director, notes that the scale and automation enabled by AI can lead to wider attacks, highlighting the need for organizations to secure their AI initiatives.

Deepfakes: A Growing Threat

In another finding, 29% of respondents believe that deepfake technology is becoming a favored tactic among cybercriminals targeting high-profile individuals and organizations. Although deepfakes have been discussed for years, their mainstream use surged in 2025, as evidenced by high-profile incidents, including a significant fraud case involving a fake CFO.

Marks points out that organizations are more focused on rapid response than on prevention when it comes to deepfakes. While practicing security fundamentals remains essential, the understanding is growing that attacks can happen, necessitating swift detection and response strategies.

Cyber-Risk as a Tier 1 Operational Priority

Only 13% of respondents perceive the elevation of cyber-risk to a Tier 1 operational priority for boards as likely, but this figure exceeds some experts' expectations. Turner expresses some skepticism about whether cyber-risk insurance will effectively compel boards to prioritize cybersecurity.

Amy Worley, a leader in privacy and information compliance, believes that the growth of agentic AI should heighten awareness of cybersecurity risks within organizations. She warns that the autonomous decision-making capabilities of AI agents could lead to significant security events if not properly monitored.

Password Elimination & Passkey Adoption

In the realm of password management, only 10% of respondents think that password elimination and passkey adoption will become standard practice in 2026. While security teams are still focused on password protections, stronger authentication methods are not receiving the necessary attention, according to cybersecurity leaders.

Adam Etherington highlights that major software vendors are integrating agentic capabilities, which complicates the security landscape. He notes that many chief information security officers (CISOs) are currently less concerned about email security and employee training, both critical aspects of password management and security hygiene.

Despite the challenges, there is positive momentum for passkeys, driven by endorsements from major tech companies. However, the consensus remains that complete password elimination is unlikely in the near future.

In conclusion, as we move further into 2026, the landscape of cybersecurity will be shaped significantly by the challenges and risks associated with agentic AI. Organizations must prioritize security measures to address these evolving threats as they navigate this complex environment.

Source: Dark Reading News