The Cybersecurity Forecast 2026 report by Google Cloud provides a clear view of the present: cybersecurity is entering a more complex stage, where artificial intelligence, organized cybercrime, and geopolitical factors are increasingly interconnected. Unlike other analyses, the report is based on real trends observed over the past year, offering a more grounded understanding of where the digital landscape is heading.
Artificial intelligence is also powering attacks
One of the most significant shifts is the role of artificial intelligence. AI is no longer just a tool for improving efficiency—it is also being used by attackers to automate operations, create more convincing deception, and scale attacks with less effort. In addition, new types of risks are emerging, such as attacks designed to manipulate AI systems into acting improperly or disclosing sensitive information.
The human factor becomes the primary target
At the same time, a growing trend continues to consolidate: attacks are increasingly focused on people. Instead of exploiting technical vulnerabilities, attackers are choosing to deceive users directly. This includes highly personalized emails as well as phone calls using AI-generated voices that mimic executives or internal staff. The logic is simple: in many cases, it is easier to manipulate a human decision than to breach a well-protected system.
New actors inside systems: AI agents
Another important development is the emergence of new “actors” within systems: AI agents. These are programs capable of performing tasks autonomously, analyzing information, and making basic decisions without human intervention. This shift requires rethinking how access and permissions are managed, as these agents begin to behave like users within an organization. In this context, the concept of “just-in-time access” becomes increasingly relevant—granting permissions only when needed and for a limited period of time, reducing the risk of misuse.
Shadow AI: an invisible risk
At the same time, a growing and often difficult-to-detect issue is emerging: the uncontrolled use of artificial intelligence within organizations. This phenomenon, known as “Shadow AI,” occurs when employees use AI tools without formal approval. Its evolution leads to “Shadow Agents,” meaning AI agents created or used without oversight. Both scenarios can result in data leaks, compliance risks, and loss of control over information.
Cybercrime remains the main economic threat
Regarding cybercrime, the report confirms an already established trend: ransomware and digital extortion remain the most significant economic threat globally. What is changing is not the type of attack, but its scale and impact. Today, a single incident can affect not only the targeted organization but also its entire value chain, including suppliers, customers, and operations.
Crypto and Web3: new attack surfaces
The growth of the crypto ecosystem is also introducing new attack surfaces. Concepts such as the “on-chain” economy—where transactions are recorded on blockchain—along with DeFi platforms (decentralized finance) and exchanges (cryptocurrency trading platforms), are becoming increasingly relevant. These environments concentrate value while also presenting unique security challenges, making them attractive targets for attackers.
Infrastructure becomes a key target
At the same time, attackers are shifting their focus toward deeper layers of technological infrastructure. Rather than targeting only end-user devices, they are increasingly aiming at virtualization systems and core components, which often have lower security visibility. An attack at this level can have a significantly greater impact, as it can compromise multiple systems simultaneously.
OT: when the impact becomes physical
The report also highlights industrial systems, known as OT (Operational Technology). These systems control physical processes such as manufacturing or energy distribution. When affected by cyberattacks, the impact is not only digital but also operational. This reinforces the idea that cybersecurity is no longer just about protecting information but also about ensuring business continuity.
Nation-State threats: a persistent presence
Finally, the report notes that threats linked to nation-state actors remain relevant. These operations typically pursue long-term objectives, combining espionage, disruption, and strategic intelligence gathering, often targeting critical sectors and infrastructure.
In summary
Overall, the report outlines a landscape where threats are more sophisticated, more scalable, and harder to detect. Artificial intelligence is expanding both defensive and offensive capabilities, the human factor is becoming increasingly central, and the attack surface continues to grow across new environments. Understanding these dynamics is key to interpreting how cybersecurity is evolving in an increasingly complex context.
Source: Google Cloud, Cybersecurity Forecast 2026. Available at: https://services.google.com/fh/files/misc/cybersecurity-forecast-2026-en.pdf