As we enter another year defined by the adoption of AI, Chief Information Security Officers (CISOs) face an evolving landscape marked by increased cyberthreats and growing demands to defend their organizations effectively. InformationWeek spoke with five CISOs to understand their expectations for AI in 2026: its use by threat actors, its capabilities as a defensive tool, and what security leaders want and need from AI as it becomes increasingly embedded in their technology stacks.
### The Threat Landscape
In 2025, threat actors leveraged AI to refine their campaigns and expand the scale of attacks. Phishing attacks became much harder to detect; AI eliminates classic red flags such as poor grammar and enables the creation of hyper-personalized lures targeting more victims.
“Right now, we’re seeing about 90% of social engineering phishing kits have AI deepfake technology available in them,” said Roger Grimes, CISO advisor at KnowBe4, a security awareness training company.
So far, AI has sharpened traditional attack tactics, and this trend is set to accelerate. Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, described most AI-powered attacks as “evolutionary and not revolutionary”—but warned this could quickly change as threat actors climb their own learning curves.
A recent cyberattack attributed to suspected Chinese state actors, which involved manipulation of Anthropic’s systems, foreshadows the future of cybercrime: large-scale, largely autonomous attacks.
“The future of cybercrime is bad guys’ AI bots against good guys’ AI bots, and the best algorithms will win,” said Grimes. “That’s the future of all cybersecurity from here on out.”
As this future approaches, hackers will seek ways to exploit AI systems themselves—targeting vulnerabilities in the AI tools and platforms enterprises rely on. Jill Knesek, CISO at BlackLine, a cloud-based financial operations management platform, expressed concern that large language models (LLMs) will become prime targets.
“The thing that is most concerning to a CISO is that the LLMs are going to be the honeypots. That’s going to be the place that any hacker’s going to want to attack because that’s where all the data’s at,” Knesek said.
Grimes also anticipates an increase in attacks on the Model Context Protocol (MCP), Anthropic’s open-source standard that enables AI systems to communicate with external systems. Threat actors could exploit MCP servers through methods such as prompt injection.
With more widespread AI-driven attacks on the horizon, CISOs will grapple with complex questions around identity and accountability. Whitmore noted, “I don’t think that the industry collectively has a good understanding yet of who’s responsible when it’s actually a synthetic identity that has created a massive, widespread attack.”
Responsibility could fall on the business unit that deployed the AI, the CISO who approved its use, or the team actively leveraging the technology.
### AI as a Cyberdefense Tool
As cybercriminals enhance their AI capabilities, defenders must do the same. Throughout 2025, CISOs gained valuable insight into what AI can bring to cybersecurity strategies.
One of AI’s most significant benefits is its ability to sift through vast amounts of data, discerning patterns that previously required extensive manual analysis.
“Internally for my team, that has been a game changer because now my threat analysts can take 10 minutes to research something instead of an hour going to separate tools,” said Don Pecha, CISO at FNTS, a managed cloud and mainframe services company serving regulated industries.
AI can locate the proverbial needle in the haystack—distinguishing between real threats and false positives—enabling analysts to make faster, more accurate decisions. It automates much of the tedious digging and review that formerly demanded significant analyst time and effort.
Despite these advantages, AI-powered cybersecurity tools still have room for growth. “We’re not seeing really purpose-built AI security for the most part. What you’re seeing is legacy security with some AI capability and functionality,” said Knesek.
Looking ahead to 2026, experts expect more AI-driven security solutions to emerge, especially in the realm of agentic AI—AI agents granted autonomy to take actions without constant human intervention. Grimes anticipates the rise of autonomous patching bots.
“You’re not going to be able to fight AI that’s trying to compromise you with traditional software. You’re going to need a patching bot,” he explained.
The concept of keeping a “human in the loop” remains the gold standard for responsible AI use. However, as agentic AI develops, CISOs and their teams will face tough questions about how much autonomy to grant these AI agents.
“What happens when there is less and less human involvement?” Grimes asked. “Some people are going to say, ‘Oh, this is great. I’m going to believe everything the vendor said. I’m going to give it full autonomy.’” This mindset could lead to operational interruptions.
Moreover, with increased autonomy, AI agents themselves will become frequent targets of malicious actors. “In order to protect the human, you’re going to have to protect the AI agents that the human is using,” Grimes emphasized.
### The CISO’s AI Wish List
Amid all the predictions surrounding AI, uncertainties about the future remain. CISOs must keep pace with rapidly evolving technology.
As they press forward, what do security leaders need and want from AI? Amid ongoing debates about AI’s impact on jobs, many CISOs seem to agree that AI will serve as a tool to **augment** the capabilities of human cybersecurity teams rather than replace them entirely.
“I think they need extensions of their teams rather than replacements of their teams,” said Henderson. “If you look at AI as something that can enable your team to continue to scale without adding additional bodies, as opposed to replacing bodies, it’s going to be the path to success.”
—
AI is set to redefine the cybersecurity landscape in 2026. While threat actors continue to enhance their offensive use of AI, defenders are harnessing its power to protect organizations more efficiently. For CISOs, balancing innovation, autonomy, and responsibility will be critical as AI becomes an integral part of security operations moving forward.
https://www.informationweek.com/cybersecurity/what-cisos-need-from-ai-in-a-new-year-of-cyberthreats