Today, a typical enterprise security team comprises over a dozen specialized functions, such as alert investigation, incident response, threat hunting, vulnerability management, and penetration testing. Even within the application security team, the people doing threat modeling and security assurance are very different from the people doing static application security testing (SAST) and dynamic application security testing (DAST), for example.
As AI agents and assistants increasingly take on the nuts and bolts of many security functions, the role of the security professional transforms into guiding the AI, feeding it the right data and business context, and making more strategic decisions for the business.
In this new world, the most important skill is understanding the shared business context and priorities across the organization, not knowledge of a specific tool or specific alert details. The enterprising employees who do this effectively are the ones who will excel in 2026. They will be positioned to take on any role in the security team, and perhaps all roles at the same time—part-time SOC analyst, part-time AppSec engineer, part-time threat hunter and more. This is because they can simply delegate the domain-specific details to specialized AI agents and assistants.
This is great for CISOs, as they get a highly fungible team of security generalists who can take care of whatever is the top security issue of the day in any domain. Having a single person take care of issues across all domains creates fewer gaps. And it's also great for security team members as it gives them mobility in their careers. It's a win for security across the board. If you're a security generalist, 2026 is your year.
Deepfakes have been a common problem on the Internet pre-2025. In 2025, they entered the workplace, with many incidents of fraud involving adversaries posing as interview candidates or a business partner in a video call.
An orthogonal problem in workplaces has been rogue insiders, employees who hurt their organizations from inside. Sometimes they do this on behalf of an external adversary in return for money, whereas others are lone wolves.
In 2026, these two will converge, with rogue insiders leveraging AI and deepfakes. Employees who have the proclivity to cheat but were previously afraid will be encouraged to cheat, with AI making it easy and deepfakes providing plausible deniability. Any insider has all the business context to customize deepfake attacks to seem much more real than anything we've seen in 2025.
The research on how to detect and defend against deepfakes, as well as techniques to detect and defend against rogue insiders, needs to catch up and tackle this threat effectively. Until it does, there will be a period in 2026 when trust within organizations will be broken. You no longer trust that the email, or the voice call, or even the video call from your teammate is truly from your colleague. During this phase, regular employee training combined with fast adoption of better deployment tools will become critical.
Additionally, the offensive security landscape will change more in the next 24 months than it has in the last 10 years. Traditional pen-testing has remained largely manual and very expensive, while DAST tooling is great at surface-level scanning, weak at context and logic.
In 2026, we'll see new automated approaches to offensive security that understand context, state, and business logic, not just endpoints. Think tools that behave like a creative attacker—chaining vulnerabilities, exploiting misconfigurations, and validating impact the way a human red-teamer would.
That evolution will turn what used to be a quarterly or annual pentest into something continuous and integrated into engineering workflows. Security shifts left to match attacks that are doing the same, into CI/CD, pre-prod validation, and runtime guardrails. Once offensive testing becomes autonomous and contextual, organizations will stop treating pentests as compliance artifacts and start treating them as live safety nets for every software change. 2026 will be the year offensive security becomes just another part of the delivery pipeline.
As AI transforms both security attacks and security tools, this fragmentation hurts agility, restricts scalability, and most importantly creates silos where adversaries hide. We predict this will change in 2026.
