Every year, I take stock of where security stands and look ahead at what’s coming. It’s a way of answering a question I hear constantly at the start of each year: what should I actually be paying attention to right now?

Looking back at 2025, the acceleration was hard to miss. AI-enabled attacks became more convincing, deepfakes moved from novelty to operational tool, and software development sped up faster than most security programs could reasonably absorb. Remote work continued to stretch access boundaries, geopolitical pressures introduced new threat actors and motivations, and long-standing security assumptions began to fracture under the weight of it all.

What made 2025 different wasn’t any single trend — it was how these dynamics compounded each other. AI agents complicated identity management. Identity sprawl undermined Zero Trust enforcement. Supply chain dependencies amplified the blast radius of every incident. As we move into 2026, those same forces persist, but with greater sophistication and far less room for complacency.

This article is written for multiple audiences. For security leaders, it’s a perspective on strategic priorities. For practitioners, it highlights where day-to-day effort is increasingly required. And for those adjacent to security — engineering, product, risk, or leadership — it’s meant to explain why security teams are making the decisions they are as these trends converge.

The six trends below reflect what I believe will define the year ahead. They’re not independent — they interact, and understanding those connections matters as much as understanding each one individually.

1. AI as the Attacker and the Defender

What’s changing

AI has moved from “nice to have” to the execution layer for both attackers and defenders. On the offensive side, it’s reducing the cost and skill required to run effective campaigns while enabling attackers to operate continuously at machine speed. We’re seeing more convincing phishing, vishing, and social engineering at scale; faster reconnaissance and vulnerability discovery; greater volume in credential attacks and API abuse; and more adaptive malware that adjusts its behavior to evade detection.

A realistic pattern already emerging is attackers using AI to generate large volumes of slightly varied activity — messages, requests, or probes — specifically designed to bypass static signatures and rate-based controls.

On the defensive side, the volume of telemetry has simply outgrown what human teams can analyze manually. Even strong security organizations struggle to keep pace with alert volume, let alone correlate weak signals across identity, endpoints, networks, and applications in real time.

Why this matters

The core constraint is increasingly human speed — not tool availability. The strategic question is no longer “should we use AI?” but “where do we trust automation, and where do humans need to stay in the loop?” Security teams are being pushed toward an operating model where systems act as first responders and humans supervise higher-stakes decisions.

This shift has second-order effects. When AI systems make or influence security decisions, failures tend to be faster and broader. Mistakes don’t stay local — they propagate at machine speed. That raises the bar for governance, validation, and oversight.

It’s also worth noting that AI complicates the identity and governance problems discussed later in this article. AI agents act on behalf of users, generate access events, and touch sensitive data — often without the visibility or lifecycle controls that human workflows have. That creates compounding risk that doesn’t fit neatly into existing frameworks.

What to focus on

  • Behavior-first detections rather than static indicators or brittle rules
  • Automated correlation across identity, network, endpoint, and application signals
  • Explicit response boundaries: which actions can execute automatically and which require human approval
  • Ongoing tuning, validation, and rollback mechanisms so automation remains reliable over time

2. Identity Remains the Perimeter

What’s changing

The trusted internal network has effectively disappeared. Applications live across multiple clouds and SaaS platforms, users work from anywhere, and services are exposed directly to the internet via APIs. In this environment, identity has become the primary enforcement point — for users, for services, and increasingly for autonomous systems acting without a human in the loop.

Passwords remain one of the most fragile links in the chain: easily phished, frequently reused, and continuously tested by bots cycling through leaked credential databases. MFA, while essential, can be bypassed through fatigue attacks, session hijacking, and token replay. Once credentials are valid, most traditional network-based controls offer little resistance.

But the problem has grown well beyond user accounts. Non-human identities — service accounts, automation tools, APIs, and AI agents — now represent a substantial share of access events in most environments. They often carry broad or standing privileges, are poorly monitored, and don’t go through the same creation, rotation, and decommissioning lifecycle as human identities.

A common failure pattern is that these identities are created to solve a short-term operational need and then quietly persist, accumulating access over time with no clear owner. This is one of the most underappreciated identity risks heading into 2026.

Why this matters

Once identity is compromised, most downstream controls become less relevant. Valid credentials let attackers blend in, move laterally, and persist in ways that are difficult to distinguish from normal activity.

The challenge isn’t just securing login events — it’s treating identity as a continuously evaluated signal across the entire environment. That includes how identities behave over time, what they access, and whether that behavior still makes sense given their role and purpose.

This shift is especially important as AI agents and automated systems generate access activity at scale. Identity systems designed primarily for humans are increasingly misaligned with how access actually happens.

What to focus on

  • Phishing-resistant authentication (FIDO2 / WebAuthn) wherever feasible, especially for privileged access
  • Reducing or eliminating password reliance as a long-term architectural goal, not a tactical fix
  • Treating identity as a continuously evaluated signal rather than a one-time gate
  • Enforcing least privilege and time-bound access for both human and non-human identities
  • Behavioral monitoring for identity anomalies — unusual access paths, timing, or resource usage — not just login failures

3. Zero Trust Needs to Be Universal

What’s changing

Zero Trust started, for many organizations, as a response to remote access. But modern environments require consistent access decisions far beyond user-to-application traffic — including service-to-service communication, cloud workloads, development pipelines, and AI tools that interact directly with enterprise data. Applying Zero Trust selectively creates exactly the kinds of gaps attackers look for.

The operational reality is that exceptions accumulate over time. Temporary access becomes permanent. Visibility degrades. Security teams lose confidence in who can access what — and why. When access controls are slow, brittle, or confusing, people route around them, turning usability friction into a security problem rather than a control.

A common pattern is that Zero Trust is rigorously enforced for users, while internal services, automation, and development tooling operate on implicit trust. Those “internal” paths increasingly represent the highest-value attack surface.

Why this matters

Zero Trust isn’t a product — it’s an architectural principle that depends on consistent enforcement across the entire environment. Partial adoption often creates a false sense of security: controls look strong at the perimeter while internal trust assumptions quietly expand.

The AI agents and non-human identities introduced earlier make this harder. They generate access events at scale, often with broad permissions and minimal human oversight. A Zero Trust model that doesn’t explicitly account for these actors is already incomplete — and increasingly misaligned with how modern systems actually operate.

What to focus on

  • Identity-based access decisions for all resources, not just user-facing applications
  • Device posture and runtime context as part of authorization decisions
  • Continuous verification rather than static allow lists or network location assumptions
  • Explicit, secure access models for APIs, workloads, pipelines, and automated systems
  • Consistent policy enforcement regardless of where a user, workload, or service is running

4. Resilience Over Prevention

What’s changing

Organizations now operate within complex, interconnected ecosystems — cloud providers, SaaS platforms, third-party scripts, external APIs, managed service providers, and open source dependencies. In that reality, even strong preventive controls can’t eliminate all failure modes. Disruption and inherited risk are part of normal operations, not edge cases.

The implicit standard used to be “no incidents.” That’s no longer a realistic or useful benchmark in environments where availability depends on dozens or hundreds of external systems outside direct control.

Why this matters

Stakeholders increasingly judge security programs by operational outcomes rather than theoretical control strength. Availability, time to detect, time to contain, time to recover, and how transparently incidents are handled now matter as much as — and often more than — how many incidents are prevented.

The organizations that weather disruptions well aren’t necessarily the ones with the most preventive controls. They’re the ones that have designed for failure, practiced response under pressure, and reduced the cost of mistakes when they inevitably occur.

This is where security and reliability begin to converge. Resilience is no longer just a security concern — it’s a business performance characteristic.

What to focus on

  • Designing systems to degrade gracefully under stress rather than fail catastrophically
  • Capacity planning that explicitly accounts for attack scenarios, dependency failures, and demand spikes
  • Redundancy and geographic distribution where operationally and economically appropriate
  • Incident response and recovery playbooks that are regularly exercised, not just documented
  • Automation that meaningfully reduces time to containment and service restoration

5. AI and Security Governance Must Converge

What’s changing

AI adoption is moving faster than governance frameworks can keep up. Tools are adopted organically across business units, data flows across systems without consistent visibility, and security teams often discover usage only after issues surface. This creates subtle, persistent risk that doesn’t always look like a traditional breach — but can carry significant operational, legal, and reputational consequences.

The failure modes are increasingly familiar: sensitive data exposure through AI interactions, prompt injection and unintended data leakage, autonomous systems acting outside their intended scope, and regulatory exposure driven by ungoverned use of tools that touch controlled data.

In many organizations, the root problem isn’t lack of intent — it’s unclear ownership. Security, legal, data, and engineering teams each assume someone else is responsible for enforcement. That gap is where risk quietly accumulates.

Why this matters

Organizations will increasingly be expected to demonstrate technical enforcement of governance, not just the existence of policies. That means being able to show where data lives, who and what can access it, how AI systems interact with that data, and how activity is logged, reviewed, and constrained.

“We have a policy” is no longer a sufficient answer to regulators, customers, or partners. As AI systems become more autonomous, governance that exists only on paper becomes increasingly disconnected from how systems actually behave.

What to focus on

  • Data classification and access control as the foundation for AI governance
  • Visibility into AI usage across the enterprise, including how tools and agents interact with sensitive data
  • Guardrails around model inputs and outputs in production environments, not just during experimentation
  • Monitoring for anomalous access patterns and silent data leakage across AI-driven workflows
  • Governance implemented through systems and controls, not documentation alone

6. Supply Chain Risk Is Structural

What’s changing

Software supply chain attacks have moved from notable incidents to a persistent and reliable attack vector. Adversaries have recognized that compromising a single widely used dependency, build tool, or managed service provider is often more efficient than attacking individual end targets directly.

The exposure isn’t limited to open source packages. It extends to SaaS integrations, CI/CD pipelines, cloud service dependencies, and any third party with privileged access into your environment. As organizations rely more heavily on external services to move faster, the number of implicit trust relationships continues to grow.

What makes this trend particularly difficult is that the risk is largely inherited. Organizations can maintain strong internal security practices and still be significantly exposed through the tools and services they depend on. In many cases, the most critical risks originate outside direct organizational control.

Why this matters

Most organizations lack complete visibility into their software and service dependencies, let alone the real security posture of the vendors behind them. As environments become more interconnected, the blast radius of a single upstream compromise expands — often in ways that aren’t immediately obvious.

This is also where the resilience mindset from Trend 4 becomes directly relevant. Supply chain incidents frequently can’t be fully prevented, especially when they originate upstream. The organizations that limit damage are those that can detect anomalous behavior quickly, contain access, and recover without prolonged disruption.

What to focus on

  • Maintaining an accurate and continuously updated software bill of materials (SBOM) for critical systems
  • Vetting third-party access and enforcing least privilege for all vendor and service integrations
  • Monitoring for anomalous behavior from trusted third-party tools and services, not just untrusted sources
  • Incorporating realistic supply chain compromise scenarios into incident response and recovery planning
  • Treating vendor security posture as an ongoing evaluation rather than a one-time assessment

Closing

These six trends point to a common conclusion: modern security is less about individual tools and more about intentional architecture and operational discipline. No single control stops a determined attacker — but organizations with strong foundations are meaningfully harder to compromise and meaningfully faster to recover when something goes wrong.

As we enter 2026, the best-positioned organizations tend to share a common set of characteristics:

  • Identity-first environments where access is continuously evaluated, not assumed
  • AI and automation operating within clear boundaries, with human oversight on high-stakes decisions
  • Zero Trust applied consistently — not selectively — across users, services, and workloads
  • Resilience treated as a primary outcome alongside prevention
  • Governance of AI and data enforced through systems and controls, not just policy
  • Supply chain dependencies understood, monitored, and explicitly accounted for in risk decisions

The goal isn’t to predict every threat. It’s to build foundations that can adapt as threats, technologies, and expectations evolve. In 2026, security advantage will come less from reacting quickly and more from having architectures that assume change, automation, and failure from the start.