Nine cybersecurity threats in 2026

AI, the double-edged sword

AI is now a permanent fixture in this annual round-up. It opens up new opportunities for attackers to operate faster, more precisely, and on a larger scale, while at the same time offering ways to more effectively detect and combat threats. Our expert panel discusses the latest developments and key concerns.

1. Language as a target (mathematics as a weapon)

Cybersecurity is no longer just about securing systems, but increasingly about protecting meaning and interpretation. Lieven Van Rentergem at Check PointOpens a new window explains: "Language and context are a new attack technique. Large language models (LLMs) are capable of understanding and generating large amounts of text, but how they arrive at their answers is highly complex. Using language creatively or misleadingly can distort meaning, causing LLMs to produce undesirable or unintended answers. In general, the more complex LLMs become, the easier it is to circumvent their own built-in security rules."

---

Lieven Van Rentergem, Security Engineer at Check Point

---

According to Van Rentergem, organizations cannot simply use LLMs as a security solution. "Many existing cybersecurity techniques are based on specific rules or models that can be systematically tested and validated. That is precisely what is often lacking in LLMs."

2. Reciprocal information exchange through AI

---

---

"The rapid rise of generative AI calls for extra awareness," says Andy Quaeyhaegens from NetskopeOpens a new window . "When implementing AI applications, it is essential to know who is using them and what data can be accessed by the algorithms. It is also important to carefully control privileges, because AI systems access sensitive information on behalf of the user. AI-specific threats, such as prompt injection attacks, also constitute a new risk class. These attacks allow an attacker to manipulate an AI assistant to steal internal, sensitive data without the user being actively involved."

3. Infinite trust in AI

Attacks are shifting from social engineering of people to social engineering of data and systems. Whereas traditional social engineering exploits human trust, this new form abuses the implicit trust that digital systems and AI applications have in the data and signals they receive.

---

---

Jesper Olsen at Palo Alto NetworksOpens a new window clarifies: "Cybercriminals know that many people no longer question decisions made by AI applications. They gradually and subtly manipulate the output, without the user noticing. This leads to disinformation and misplaced trust in AI applications." The expert sees another important element of trust.

"In the event of a disaster, every organization relies on its backups. However, due to the use of AI applications, there is a high probability that a lot of data has been altered without detection since the last backup. Organizations assume that everything will function as before when they restore a backup, but that may not be the case. A comprehensive overview of all AI applications and clear rules is indispensable."

4. No API security strategy

Many companies are rolling out AI pilot projects that are built on top of APIs. "That makes it possible to scale up experiments quickly and easily," says Joshua Goldfarb at F5Opens a new window .

---

---

"Unfortunately, security teams are not always involved, which creates additional risks. Attackers use AI agents to automatically test and analyze API infrastructure also introduces risk. For these reasons, I consider a robust API security strategy to be essential. This includes best practices such as an inventory of the entire API landscape, proper API management, preventive controls, continuous monitoring, and response and remediation capabilities."

Quantum computing

Estimates vary regarding the exact timeline, but there is no doubt that quantum computing is coming. With their much higher computing power, quantum computers offer solutions to problems that traditional computers cannot solve. At the same time, they pose significant cybersecurity challenges.

5. Collect now, decode later

"Quantum computing poses a strategic threat that companies need to prepare for today," says Microsoft'sOpens a new window Lien Deleenheer. "The security of many applications relies on encryption standards that quantum computers can decrypt. Information that seems secure today may not be secure in the future. Hackers are already collecting data to exploit in the future. That's why it's important to prepare now. One way to do this is by using post-quantum cryptography: algorithms that are resistant to attacks by quantum computers. The first step always consists of a review of the current protective measures."

---

---

Therefore it is crucial that organizations treat data security as a strategic priority today. All too often, there is a lack of urgency, which is worrying: companies who don't start now will suffer irreparable damage when quantum threats become a reality

More threats and trends

6. MFA fatigue

User accounts are a favorite entrance point for hackers. "Closed identity management is crucial to contain that threat," emphasizes Fortinet'sOpens a new window Yves Lemage. "Multi-Factor Authentication (MFA) is—or should be—well-established within every organization.

---

---

Unfortunately, a form of MFA fatigue often creeps in among employees. And hackers take advantage of that. They repeatedly send MFA requests to the various devices of potential victims. They eventually give in and grant access. As an organization, you must therefore continue to stress vigilance and the importance of MFA, and encourage employees to report suspicious activity."

7. Failure to embrace NIS2 and DORA as a license to operate

In 2026, the NIS2 and DORA regulations will make the shift from implementation to actual compliance and oversight. Tom Horré at Proximus NXT notes that perceptions around those guidelines are changing. "Identity management is even more relevant within a context of AI agents and AI bots: what data is circulating and can I trust it? NIS2 and DORA emphasize strict control, authentication, and access to systems. They also include measures that companies expect from their supply-chain partners.

---

Tom Horré, Strategy Lead Security at Proximus NXT

---

While many companies initially viewed regulations as an additional cost, they now increasingly see them as a license to operate."

8. When Belgium is targeted, it also affects our businesses

Hacker groups are increasingly targeting our country. "At first glance, this seems to be a concern for government agencies rather than SMEs. Nevertheless, they often end up being involved," according to Tom Horré. "It works both ways. As a supplier of utilities or logistics services, an attack on your company could disrupt the entire supply chain.

---

---

That's why major customers expect their partners to have their security in order as well. At the same time, as a supplier, you don't want to be the victim of an attack on a customer who is of great strategic value to hackers. Agility and understanding interdependencies are crucial."

9. Attacks on infrastructure and edge devices

Hackers are increasingly targeting infrastructure and edge devices, such as routers, firewalls, IoT devices, and cloud gateways. "This gives them persistent and difficult-to-detect access to networks and data flows," says Ronald den Braven at Cisco TalosOpens a new window . "I see this as a shared responsibility.

---

---

Our job as suppliers is to provide the best solutions. For businesses, there is a need for a holistic view across all switches, devices, and applications. Without a clear overview, you cannot adequately assess your protection against threats and take appropriate action. There are often no concrete plans in place to counterattacks: do you switch off a device or patch it immediately? Rules and best practices are usually readily available but are not always applied consistently. In 2026, there is a great deal of work to be done in this area."