AI, quantum & non-human IDs to reshape 2026 cyber security

Cybersecurity specialists expect 2026 to bring a sharper focus on fundamental defences, renewed attention to non-human identities and quantum-era encryption, and a growing risk profile for manufacturers as AI becomes more embedded in operations. Commentators from vendors, including Keysight Technologies, ThreatAware, Arctic Wolf, F5, and Keeper Security, point to a mix of old weaknesses and new technical exposures that will shape security budgets and board agendas over the next two years.

Manufacturing Exposure

Scott Register, VP of Security Solutions at Keysight Technologies, expects the manufacturing sector to see greater scrutiny of operational technology and AI-centric risks. He warned that digital control systems centralising previously separate components could concentrate risk in single interfaces, increasing the potential blast radius of an intrusion.

Register predicts, "Threat actors will become more creative in their pursuits. With heightened awareness of a complex supply chain's susceptibility to even minor disruptions, smaller, less-protected manufacturers will increasingly be targeted - if their compromise would disrupt a large supply chain and disable a downstream manufacturer with deeper pockets."

Foundations First

Jon Abbott, Co-founder and CEO of ThreatAware, highlighted the ongoing importance of basic controls in the face of AI-driven risks: "OpenAI's warning that new models pose 'high' cybersecurity risks is precisely why getting the security foundations right is absolutely critical. AI might be accelerating the pace of attacks, but our best defence will continue to be nailing the fundamentals first. User awareness, MFA, visibility of devices, and enforcing security controls for those assets are the cybersecurity scaffolding that holds everything else up, and the increasing risk posed by AI models only reinforces this."

He added, "Old-school threats, when combined with the scale and precision enabled by AI, make for a particularly toxic combination. With models that can develop working zero-day remote exploits or assist with complex, stealthy intrusions, the barrier to entry for criminals has been dramatically lowered. Failing to address the basics should be a far greater concern, and there's little point trying to implement advanced solutions if they're not in place."

Human Factor

Adam Marrè, CISO at Arctic Wolf, expects organisations to overhaul security awareness approaches in light of AI-amplified social engineering: "Humans have always represented a significant risk in cybersecurity because of the complexity of the modern technology environment, and recent research shows that nearly 80% of breaches involve a human factor. Attackers know it's easier to trick a person through social engineering than defeat a complex security system and AI is making this process simpler."

He added, "In 2026, organisations will put an end to outdated security practices. Tick-box training is out of step with modern threats; its ineffectiveness highlighted by the fact even security leaders are fooled by certain social engineering tactics. Instead, new engaging training methods will be combined with a fundamental shift in mindset. Building a culture of shared ownership, where all employees feel able to speak out about mistakes, will be essential as the first line of defence in combating social engineering attempts."

Quantum Readiness

Jason Baden, Regional VP, A/NZ at F5, said security teams will increasingly plan for a future in which quantum computers threaten current encryption schemes: "In 2025, Quantum computing feels less and less like science fiction than it did in 2024. In 2026, we'll see it viewed as a 'here and now' security concern. Organisations across finance, defence, government, and more will begin to take post-quantum cryptography seriously, quietly introducing it into long-term data protection plans in a way that combines today's standard with quantum-safe algorithms, ensuring that sensitive information stays secure even as computing power evolves."

He continued, "By the end of 2026, business and IT leaders will be expected to understand what 'quantum readiness' means for their organisations, much as they once had to learn the language of zero trust or cloud migration. The companies that prepare early will find themselves in a stronger position to manage risk, protect data, and reassure customers they are ready for what comes next."

Baden also said, "Cybersecurity will continue to evolve from a defensive perimeter into a living, adapting system. By 2026, organisations will expect their defences to anticipate and respond to threats in real time, guided by machine learning models that study behaviour rather than static signatures. The focus will move from preventing every possible attack to detecting anomalies quicky and isolating them before they cause harm. Security controls will also become more tightly woven into the fabric of computing. Instead of existing as separate layers or tools, they will be baked in from the ground up. And transparency will be critical. Boards and regulators will demand proof that security decisions are explainable and traceable, not just effective."

He concluded, "2026 will see resilience become the new innovation. Technology investment will be judged less by its ambition and more by its reliability. Companies will divert greater effort and resources into strengthening their infrastructure, reducing energy use, and ensuring business continuity through any disruption. The language of growth will shift from 'scale at any cost' to 'operate with total confidence'. 2026 will see progress measured not only in speed, but in steadiness and the ability to deliver value without interruption."

Non-Human Identities

Darren Guccione, CEO and Co-founder of Keeper Security, expects the rapid growth of non-human identities (NHIs) such as bots, service accounts, and machine agents to demand closer governance: "As organisations continue to adopt Artificial Intelligence (AI) and automation, the number of Non‑Human Identities (NHIs), such as bots, service accounts and machine agents, has grown far beyond the size of the human workforce. These digital entities now interact with sensitive systems, make autonomous decisions, and often have access to critical data. The result is a greatly expanded and often overlooked attack surface that few organisations are prepared to defend."

He said, "In 2026, security teams will recognise that visibility is the foundation of effective governance, particularly secrets governance for NHIs. You can't protect what you can't see. Without centralised, real‑time insight into who or what holds access to systems, neither policy enforcement nor automation can be trusted."

Guccione added, "Leading organisations will focus on unifying identity controls across humans and machines, applying least privilege to every credential and automating credential rotation at scale. Continuous auditing and behavioural monitoring will become standard practice to identify misuse before it leads to compromise."

Finally, "Zero trust and modern privileged access management solutions with robust secrets management capabilities will shift from an organisational best practice to an operational mandate. Security leaders who manage NHIs with the same rigour as employee accounts will avoid the mistakes that have historically fueled supply‑chain and insider-related breaches. Identity is a deciding factor. When it is managed with precision, an organisation's entire security program becomes stronger, faster and far more predictable."