Netcraft Identifies Five Trends Poised to Redefine Cybersecurity in 2026

Insights equip security leaders with forward-looking intelligence to prepare for rising threats and evolving digital risks

Netcraft, the global leader in brand protection tools and services, website takedowns and threat disruption, announced a quintet of predictions for the coming year from some of its expert team of threat researchers.

New AI vulnerabilities will continue to emerge 
As AI systems evolve from chatbots to autonomous agents and agentic browsers, new security and data integrity risks are continuing to emerge. The growing complexity of these systems will likely result in data leakage, workflow manipulation, and unintended access to sensitive information. Threat actors may leverage AI agents for reconnaissance, data exfiltration, and even automation of some ransomware operations. At the same time, the possibility of manipulating AI agents themselves presents a lucrative opportunity for fraudsters if developers fail to bake in robust protections.

Phishing-as-a-Service will gain more traction, further complicating fraud detection
Phishing-as-a-Service emerged as a defining shift in 2025, dramatically lowering the technical barrier for cybercriminals and enabling widespread, coordinated phishing campaigns across industries. The trend of “OAuth phishing” also gained traction, where attackers manipulate users into granting malicious third-party app access instead of stealing credentials outright. This represents a new layer of deception and signals a likely expansion to more online platforms in 2026.

Proactive attack surface management will mitigate the impact of persistent vulnerabilities in 2026 
Pervasive, high-severity vulnerabilities across web-facing services will continue to affect the software supply chain. 2025 has seen React2Shell and several vulnerabilities across network devices including FortiWeb and F5 BIG-IP. While some issues can be partially mitigated by web application firewalls, proactive attack surface management (ASM) tools both at nation and enterprise level will increasingly become the buffer that mitigates, contains, or delays large-scale exploitation.

Also Read: CIO Influence Interview with Duncan Greatwood, CEO at Xage Security

Seasonal events to drive more crime, 2025 attack hot-spots will grow hotter 
Seasonal and event-driven attack patterns, including phishing waves aligned with tax deadlines, the 2026 Winter Olympics, and the U.S. midterm elections, are all likely to be exploited for social engineering lures. Additionally, holiday travel and hospitality brands are expected to be impersonated in large-scale scams. The continued rise of scam call operations, fake investment platforms, and cross-group collaboration among threat actors is another area of the threat landscape to see expansion. Growing partnerships between ransomware and hacktivist groups, such as DragonForce and Scattered Spider, highlight the ongoing convergence of ideological and profit-driven cybercrime, a trend that will likely intensify through 2026.

Industries with downstream impact will remain most attractive targets for bad actors 
In 2026, industries with broad downstream impact, such as managed service providers (MSPs), insurance, and consulting, will remain prime targets for threat actors seeking access to other victims. Fintech, especially segments tied to under-regulated assets and crypto markets, will continue to struggle with maturing their security infrastructure. Meanwhile, logistics, shipping, and retail sectors may see phishing lures tied to tariffs or shipping-related themes.

Robert Duncan, vice president of product strategy, Netcraft, said: “In 2026, we’ll see continued growth in Chinese Phishing-as-a-Service operations, more convincing video deepfakes, and increasingly coordinated multi-channel scams. AI will introduce new risks, such as prompt injection, while enhancing the quality and scale of existing fraud. Defenders will need to adapt just as quickly, relying on earlier insight and faster disruption to stay ahead. At Netcraft, we’re concentrating on shortening that gap and surfacing threats earlier and minimizing the window in which they can cause harm.”