Publication: CXO Today (online) / Link: https://reurl.cc/eV7rxQ
Security experts warn that the use of generative AI (GenAI) to launch faster and stealthier cyberattacks will become the norm in 2026. As a result, cyberattacks that previously took weeks to coordinate will now be executed in a matter of hours. Also, the growing integration of GenAI and agentic AI with enterprise applications will trigger more prompt injection attacks, while application programming interface (API) attacks will surpass web-based attacks.
Last year, security researchers found several new malware prototypes crafted with the help of GenAI. The most worrying of them was PromptLock, which used hardcoded prompts to exploit the stochasticity (inherent randomness) of an open-source large language model (LLM) and generate unique payloads that signature-based tools could not detect. Simultaneously, threat actors such as FunkSec were found to be using dark GenAI models such as GhostGPT and HackerGPT to automate code obfuscation and create more sophisticated versions of existing malware.
“AI is fundamentally changing the economics of cyberattacks. Adversaries are no longer scaling through manpower, but rather through automation,” said Reuben Koh, Director of Security Technology and Strategy at Akamai.
Attila Torok, Chief Information Security Officer at GoTo, points out that in 2026 enterprises will face a security landscape that is “at once familiar and entirely new.” He adds that ransomware and operational downtime will remain persistent threats, but the emergence of fake AI platforms and autonomous malicious agents adds a new layer of social engineering.
According to Gartner, by 2027 more than 40% of AI-related data breaches worldwide will involve malicious use of GenAI.
Rise in API attacks
API-based attacks will surpass web-based attacks as adoption of API based ecosystems is expected to grow across critical sectors such as banking, retail and public services, warned Akamai. In 2025, more than 80% of organizations in the APAC region faced at least one API security incident and nearly 66% of the firms lack visibility into their API inventory, claims Akamai. This API blind spot, caused by shadow or deprecated APIs, combined with AI-powered automation makes it easier for attackers to exploit vulnerable APIs at scale.
In API attacks, threat actors look for vulnerabilities to manipulate the intended function of APIs and gain unauthorized access to data passing through them.
According to Akamai’s State of Apps and API Security 2025 report, API security incidents triggered by authentication and authorization flaws increased by 32%. The API landscape has expanded significantly in the last few years due to growing use of cloud, AI, and microservices. Cloudflare claims that more than 50% of all Internet traffic on their network is API-related.
Gartner forecasts that in 2026 more than 30% of the growing demand for APIs will come from AI and applications using LLMs. Any oversight on part of AI companies to secure APIs and API keys can put their customers at risk. For instance, in 2025, Chinese AI startup DeepSeek left two ClickHouse databases exposed due to a misconfiguration that made storage endpoints accessible to anyone on the Internet. This left millions of chat logs, API keys and metadata exposed.
Proliferation of ransomware, attacks on critical infra
According to Akamai, attacks on critical sectors such as finance, healthcare, and retail will intensify further as ransomware will become fully commoditized in 2026. Ransomware-as-a-service (RaaS) and AI-powered vibe hacking will lead to a surge in ransomware attacks.
Researchers at Check Point Software have found that ransomware groups like FunkSec are offering RaaS to small-time attackers who usually do not have the resources or skills to launch a sophisticated ransomware attack.
Typically, ransomware attacks are aimed at large organizations with the objective of encrypting and exfiltrating data, followed by a demand for a multi-million-dollar ransom. RaaS is making it more widespread, and the target now includes small businesses as well as individuals with ransom demand of a few thousand dollars.
Further, experts warn that double extortion (encryption and theft) is now expected to expand into multi-stage extortion involving threats to CXOs, supply chain partners and alerting regulators.
“Ransomware will also get more personal. It will not just lock systems but try to damage reputation and trust. This will force organisations to secure data at every point, from devices to cloud apps. We will also see more risks from trusted partners and insiders, which means protection can’t stop at the network. Security must follow the data wherever it goes,” said Srinivas Shekar, CEO and Co-Founder of Pantherun Technologies.
Security researchers at Kaspersky have warned that cyberattacks on critical infrastructure providers in India will increase in 2026 along with state-sponsored espionage campaigns. “Geopolitics will remain the key driver for advanced persistent threats (APT), more destructive attacks like defacement, data leak, ransomware with politicized messaging, DDoS, and possibly more cyber operations tied to diplomatic incidents,” said Saurabh Sharma, Lead Security Researcher for GReAT at Kaspersky.
Prompt injection and risks from AI agents
According to a Gartner report, 62% of organizations have faced a deepfake attack using social engineering, while 32% have noticed prompt-injection attacks on GenAI applications in the last 12 months. Most LLms are vulnerable to prompt injection attacks, in which attackers manipulate them to bypass safeguards and share sensitive information with cyber attackers. Gartner found that 29% have faced at least one attack on AI applications in 2025.
Google’s Threat Intelligence team has warned that enterprise AI systems will see an increase in targeted prompt infection attacks. They added that use of GenAI for social engineering attacks will also accelerate this year. Use of AI-driven voice cloning will lead to more hyper realistic impersonations of CXOs.
Security experts also warned that the growing adoption of AI agents will widen the attack surface further and require firms to effectively map their AI ecosystem. They can also be manipulated using prompt injection to leak company data. Unlike GenAI applications, AI agents have autonomy to act on their own. However, risk from them can be minimized by treating AI agents like any other worker and restricting their access to sensitive information using identify and access management (IAM) solutions.
Shadow AI is another concern that firms will have to increasingly contend with as new tools with new features will continue to entice workers. According to the IBM Cost of Data Breach report, security incidents involving shadow AI accounted for 20% of breaches in 2025.
How enterprises should pivot in 2026
Security experts are in agreement that firms using AI and automation are better positioned to wade in the AI-powered threat landscape. IBM’s Cost of Data Breach report also shows that security teams using AI and automation managed to reduce their breach times by 80 days while also lowering their average breach costs by $1.9 million in comparison to organizations that didn’t use them. They also found that the average time taken by firms to detect and contain a breach fell to 241 days from 287-day peak in 2021.
“In 2026, security teams need to operate at the same velocity as the attackers by detecting, analyzing, and containing threats in real time. This starts with modernizing API governance, investing in automated threat containment, and strengthening resilience across supply chains,” said Koh, adding that organizations that make this shift early will be able to protect customers and avoid business disruptions.
Experts emphasize that true cyber resilience will come from strategy and culture rather than just tools.
Rohit Aradhya, VP and MD, App Security Engineering at Barracuda Networks, argues that when AI becomes part of how you detect, respond and learn, it transforms operations and ceases to be just an add-on. “It becomes a force multiplier and helps to address sophisticated AI driven ransomware attacks.” However, the ultimate defense lies in a “security-aware culture of learning, agility, adaptability and purpose driven talent.”
Sunil Sharma, MD and VP of Sales (India & SAARC) at Sophos, noted that recent cyber incidents serve as a critical reminder for enterprises to move from reactive to proactive stance. Lasting resilience can be achieved through “layered threat detection, continuous monitoring, and robust incident response, supported by risk-aware governance, regular audits, and a culture that elevates cybersecurity to a boardroom priority,” added Sharma.
About Pantherun:
Pantherun is a cyber security innovator with a patent pending approach to data protection, that transforms security by making encryption possible in real-time, while making breach of security 10X harder compared to existing global solutions, at better performance and price.
