SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ps attachment 1
#
MFA
#
IoT
#
Risk & Compliance

Top cybersecurity shifts FIRST experts say will define 2026

Sat, 22nd Nov 2025
By Chris Gibson, CEO, FIRST

The past year made one thing unmistakably clear: cybersecurity risk is accelerating faster than most organizations can adapt. At FIRST, we're fortunate to collaborate with a global community of practitioners who see these challenges firsthand, from national CERTs and standards bodies to incident responders and resilience experts.

Below is a roundup of insights from FIRST community leaders on the critical trends, risks, and structural shifts they expect to shape 2026. 

AI in Cybersecurity: What's Coming in 2026

Trey Darley, Special Interest Group Chair, Standards and Time Security, FIRST: 

"AI in security has a fundamental thermodynamic problem: every tool we add increases system complexity faster than it increases our ability to coordinate that complexity. As foundation models scale past trillions of parameters, we're hitting Gödelian limits - verifying alignment across all possible states becomes formally undecidable, not merely NP-hard. In 2026, organizations will realize they've crossed a Rubicon of complexity. We need to start discussing the mathematical constraints that define the limits of AI alignment, not just celebrating new AI capabilities."

Ella Hamwaka, Cybersecurity Specialist, Malawi CERT (FIRST MEMBER): 

"We have witnessed the growth of AI in so many ways this year. Not only giving us recommendations to protect our networks, but also the biggest asset, 'data'. It unfortunately came with a dark side that gave the black hat hackers a platform to easily exploit vulnerabilities as well; which is every cybersecurity specialists nightmare. These AI platforms were very helpful to pentesters but because of the little to no restrictions set on these LLMs, even the script kiddies and malicious users had just as much access.

A lot is expected from AI in 2026. I strongly believe we will have new policies and more countries joining the AI conventions to fight against the malicious use of AI. I do hope they especially address issues related to regulating AI developers to at least follow the set standards for their AI developments and encourage them to work with security teams to continuously assess the security of these LLMs."

Vulnerability Trends: Will 2026 Break Another Record?

Trey Darley: "Yes, 2026 will set another record for CVE issuance - but we're still measuring the wrong thing. The critical metric isn't the number of vulnerabilities discovered; it's the timing gap between discovery and remediation across our vast installed base. That coordination gap keeps widening because we're building systems whose complexity already exceeds our capacity to manage them well."

Ella Hamwaka: "Yes, from the yearly vulnerability forecast by FIRST we can see that for the past 5 years all the threat landscape has done is go up. I would not say it's surprising considering that we have entirely new technologies every 6 months. This makes room for the hackers to find more loopholes. We obviously cannot stop innovation and production if we truly want to evolve, so vulnerabilities will keep coming up. But this should be taken as a wake-up call to all our individual states to invest in building capacity in cybersecurity, and building, supporting and joining strong communities such as FIRST."

Internet Infrastructure Resilience in 2026

Trey Darley: "In 2026, organizations should focus less on 'cloud resilience' and more on federation: distributed architectures that can operate independently when connectivity fragments. We're approaching fundamental scale limits that software engineering alone can't solve. Time synchronization, routing consensus, distributed state management - all assume coordination at scales that system thermodynamics no longer supports. With 35 to 50 billion devices projected by 2035 under the 6G/IoT rollout, we're building infrastructure that exceeds our coordination capacity as a species."

Ella Hamwaka: "One thing we all know for sure is that no infrastructure (especially the critical ones) is completely secure and these incidents have taught us that it's important to continuously secure our assets. The biggest and first step we can take in all of this is by having the appropriate team and investing into security. We have to altogether monitor even the smallest of systems that we have in our organizations and homes.

The question of reducing dependency may be a tricky one, but is possible. The average person globally has so much data that may be hard and expensive for them alone to store; because of this we tend to rely on affordable cloud services. I would say in 2026 it's better to utilize backups (both local and cloud based), as well as encourage organizations having storage infrastructure on-ground."

Human-Centric Security: What Needs to Change

Trey Darley: "Stop blaming humans for being human. In 2026, organizations must accept that social engineering succeeds because we've built systems too complex for people to comprehend. The answer is simpler systems that fail safely. Reduce complexity, reduce attack surface, and reduce cognitive load on the human. Security that depends on human perfection is security destined to fail."

Ella Hamwaka: "From what I have seen, most organizations are afraid to invest into their cybersecurity team because of fear of the employees using the investments from one organization to find opportunities at the next. But, it's high time we realize that cybersecurity professionals just like any other employee, if well paid, trained and given a conducive environment to work will most likely thrive.

This goes for everyone working in an organization, training and capacity building even on the basics of cybersecurity can save an organization millions. In 2026 let's prioritize setting incident response procedures such as policies and incident response plans in place with frequent drills will build a strong workforce and hence in return secure the Organisation."

Building a Robust Incident Response Plan

The question is no longer if technology will fail, but when and whether your organization can withstand it.

Mitigation requires both proactive prevention and resilience planning. CIOs and CTOs can reduce risk by:

  • Post-incident remediation: Fully cleansing systems after each breach, validating what was stolen, and ensuring attackers cannot maintain persistence.

  • Stronger cyber hygiene: Implementing measures such as network segmentation, multi-factor authentication (MFA) for remote and third-party access, and prompt decommissioning of outdated credentials.

  • Governance and oversight: Treating cybersecurity as a business-critical function, not only an IT issue.

Future-proofed organizations will treat digital infrastructure with the same rigor as physical safety, designing operations under the assumption that compromise is inevitable while ensuring they can recover quickly and effectively.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Oxylabs experts forecast AI bubble risks & browser wars
AI reshapes cyber threats as experts warn on automation
Tenable hack of Copilot AI agent exposes fraud risks
Agentic AI surge in 2026 sparks fresh cyber security risks
AI-driven cyber threats spur surge in intel spending

Top stories

Enterprises pivot to risk-aware, human-centric AI in 2026
Cyber leaders warn resilience gap as boards eye 2026
AI bubble cools as HR shifts to outcomes & new roles
Keeper links identity security alerts into ServiceNow
Safe AI coaches staff to cut cyber attack errors