SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ai cyber attack scada control room red alert shadowy hacker
#
Malware
#
Ransomware
#
IoT Security

AI reshapes cyber threats as experts warn on automation

Fri, 12th Dec 2025
Author image
By Shannon Williams, News Editor

Cyber security experts at Immersive expect artificial intelligence to reshape threat hunting, extortion tactics, and human-focused attacks by 2026, while warning that full automation and overconfidence in technology will increase risk for critical infrastructure operators.

The company's specialists set out a series of predictions on how AI, legacy systems, and human behaviour will change the security landscape over the next two years. They warned that organisations will need stronger proof of resilience across both technology and people.

Dave Spencer, Director of Technical Product Management at Immersive, said security leaders are placing growing emphasis on automating threat hunting. He argued that automation will not remove the need for human oversight.

"As conversations about automating threat hunting intensify, it's clear that technology alone won't define resilience. Signature-based detection still has its place, but attack methodologies evolve too quickly for static indicators to keep up. The best teams hunt for behavior and intent, not alerts. While AI may excel at spotting patterns, human judgment will remain the deciding factor.

Spencer said this tension is most pronounced in operational environments.

This is especially true when securing critical infrastructure, where uptime equals safety. Full automation isn't resilience. It's a risk. Automatically isolating a laptop is one thing; disconnecting a mission-critical system is another.
Recent attacks on zero trust architectures have underscored this tension. Even the most "secure" designs can be subverted when adversaries log in rather than break in. This shift will demand AI-driven pattern detection to spot subtle, credential-based threats that humans alone can't process fast enough. But it also demands proof that automation will act safely and effectively when it matters most.
True resilience will come from neither technology nor people alone, but from proving that both can respond together under pressure, with confidence earned through evidence, not assumption," said Spencer.

IT and OT merge

Immersive expects industrial networks to undergo significant change as information technology and operational technology continue to converge. It also expects this change to leave legacy systems in place for years.

Sam Maesschalck, Lead OT Cyber Security Engineer at Immersive, said operators will increase investment in "smarter" control systems and AI-driven tools while managing older infrastructure.

"In 2026, networks will be built with IT/OT convergence and security in mind. Yet many legacy systems will remain, creating new risks as organisations pursue smarter, AI-enabled industrial control systems. Success in securing these environments will depend on disciplined change management, exhaustive testing, and efficient use of maintenance windows.
Escalating attacks on critical infrastructure will also drive stronger OT- and CNI-specific regulations designed to reflect IT-OT interdependence. Frameworks such as ISA/IEC 62443 and NIST 800-82 will shape more resilient, tailored standards for operational environments.
At the same time, organisations will increasingly apply IT security models such as AI-driven monitoring, zero trust, and secure remote access to ICS, while doubling down on fundamentals like asset visibility and segmentation to avoid introducing new vulnerabilities.
The OT security workforce will face mounting pressure to expand and upskill. Those advancing fastest will invest in continuous education, hands-on labs, and cross-discipline collaboration. This proves that readiness in OT, like everywhere else, can't be assumed. It has to be demonstrated," said Maesschalck.

Extortion tactics evolve

Immersive analysts also expect cyber extortion models to change as AI training data grows in commercial value. They anticipate a shift in how criminals monetise stolen data.

Ben McCarthy, Lead Cyber Security Engineer at Immersive, said criminals may look beyond traditional "name and shame" leak threats.

"In 2026, the way cybercriminals conduct extortion is expected to change. Instead of simply threatening to release data, they may threaten to sell it to AI companies desperate for new training material.
The base level of script kiddies will become slightly more effective as AI improves. New AI security-researcher agents can uncover vulnerabilities in open-source software, potentially giving novice script kiddies usable exploits they do not fully understand.
However, the sophistication of threat actors also relies on stealth, which cannot be replicated by AI. Operational security and protecting themselves from detection after attacks are often the most challenging aspects for attackers, and AI will not assist with this.
We are also likely to see a rise in LLM-assisted malware capable of calling AI APIs for new code and adapting in real time to its environment. While mass "spray and pray" attacks will persist, targeted attacks will remain profitable, with threat actors potentially selling stolen data to AI companies eager for training material," said McCarthy.

AI-driven deception

The company's cyber psychology team expects human targets to face a wave of AI-enhanced social engineering. They forecast more sophisticated deception attacks.

John Blythe, Director of Cyber Psychology at Immersive, said attackers will industrialise manipulation techniques using generative tools.

"By 2026, AI-weaponized deception will define the threat landscape. Attackers will use AI to scale hyper-realistic social engineering, deepfakes, and phishing. Organisations that rely solely on technology, processes, and policies as their primary solution will fail.
People will remain a key part of an organization's defence. Currently, a dangerous gap exists: 71% of organizations label their readiness programs "extremely mature," yet resilience scores remain flat. This reveals a critical error in approach. We are informing our people about threats, but we are not regularly exercising their ability to withstand them.
Successful organizations will be those that balance their people, process, and technology approach. They will win by transforming their workforce from a primary target into a hardened layer of defense capable of defeating sophisticated, AI-driven attacks," said Blythe.
Related stories
Check Point unveils AI-ready continuous exposure management
GlobalLogic, Elektrobit deepen software-defined car push
AI agents race ahead of governance, security & trust
Fears UK under-16 social media ban will hurt creators
NCC Group, Delinea partner on managed PAM for AI era

Top stories

UK bill accelerates shift to offensive cyber security
Cyderes names Lana Knop Chief Product Officer for AI push
CrowdStrike gains ISO AI governance boost for Falcon
MOTHER AI unveils UK-built sovereign language model
Integrated Quantum unveils quantum-resilient AI data layer