As we do every year, we would like to make a forecast for the coming year 2026 at the end of 2025. Below are the topics that we believe will manifest themselves or even develop further. Regardless of this, stay healthy!

AI in the field of cybercrime increases professionalization

The influence of artificial intelligence in the field of cybercrime can be divided into three phases. In the first phase, AI tools lowered the barrier to entry by enabling novices with little prior knowledge and effort to carry out certain attacks. We are now moving into the second phase, in which cybercrime attacks can be highly professionalized thanks to AI. For example, voice cloning and deepfakes will become possible in real time, taking social engineering to a new level. In the long term, a third phase is expected with attack scenarios orchestrated by LLMs, in which entire teams and processes are simulated.

Ransomware attacks are changing

For several years now, companies have been plagued by ransomware attacks. However, these are increasingly changing. Data extortion and double extortion remain relevant. However, precisely because backup strategies often provide solid solutions, the amount of payments tends to decrease. In order to keep the criminals’ revenue figures high, the number and scope of attacks will increase. The issue therefore remains highly relevant in the future and should not be underestimated.

Continued increase in published vulnerabilities

The number of vulnerabilities published in 2025 will end up at a very high level of approximately 47,600. This corresponds to an increase of 20% over the previous year. Based on the average growth rate of the past two years, a total of over 60,000 vulnerabilities can be expected in the coming year 2026. This sheer volume of data makes it imperative to establish professional vulnerability management. This is the only way to identify, assess, prioritize, and coordinate the handling of vulnerabilities at an early stage.

Professions with a high degree of systematics under pressure from AI

Industrialization and digitization have traditionally been able to streamline simpler tasks. However, current developments in the field of artificial intelligence are suddenly putting jobs that require good training and a high degree of systematic thinking under pressure. For example, diagnostic skills in the healthcare sector are being revolutionized by these developments. In our evaluations of the analysis of security advisories, ChatGPT had a low success rate of 50% in January of this year. In May, however, it had already reached 80%. Certain jobs, affecting a wide range of industries, will therefore require a rapid rethink.

Shadow AI poses challenges for companies

Modern LLMs are a helpful solution for simplifying certain tasks or automating them to a large extent. Many employees therefore tend to rely on products such as Gemini, Claude, or Perplexity. The problem with this is that these tools can be used to process sensitive data more or less unintentionally. However, employees often fail to recognize or neglect this risk. This leads to the establishment of a Shadow AI within a company that cannot be controlled. Companies would be well advised to consider an AI strategy and establish their own solutions to manage the risks associated with this.

Government and legal regulation is increasing

The expansion of government and legal regulation is having a major impact on the areas of cybersecurity and artificial intelligence. One example is the introduction of the EU Artificial Intelligence Act in August 2026, which will have a significant impact on the use of AI. Or the EU Cyber Resilience Act (CRA), which will require manufacturers of products with digital elements to report actively exploited vulnerabilities and security incidents starting in September 2026. Western countries would be well advised to avoid overregulation in order to avoid being left behind technologically and thus geopolitically.

About the Author

Marc Ruef has been working in information security since the late 1990s. He is well-known for his many publications and books. The last one called The Art of Penetration Testing is discussing security testing in detail. He is a lecturer at several faculties, like ETH, HWZ, HSLU and IKF. (ORCID 0000-0002-1328-6357)

Links

• https://artificialintelligenceact.eu/
• https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
• https://vuldb.com/de/?recent.2025
• https://vuldb.com/de/?recent.2026
• https://www.scip.ch/?labs.20210923
• https://www.scip.ch/?labs.20251113